jvscrypto

package

v0.0.1-test5 Latest Latest Go to latest Published: Jul 19, 2022 License: Apache-2.0 Imports: 31 Imported by: 1

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/abcxyz/jvs

Documentation ¶

Index ¶

func FormatJWKString(wks []*ECDSAKey) (string, error)
func GetLatestKeyVersion(ctx context.Context, kms *kms.KeyManagementClient, keyName string) (*kmspb.CryptoKeyVersion, error)
func PublicKey(ctx context.Context, kms *kms.KeyManagementClient, keyName string) ([]byte, error)
func SetPrimary(ctx context.Context, kms *kms.KeyManagementClient, key, versionName string) error
func SignToken(token *jwt.Token, signer crypto.Signer) (string, error)
func ValidateJWT(keySet jwk.Set, jwtStr string) (*jwt2.Token, error)
func VerifyJWTString(ctx context.Context, kms *kms.KeyManagementClient, keyName string, ...) error
type Action
type CertificateActionService
- func (p *CertificateActionService) CertificateAction(ctx context.Context, request *jvspb.CertificateActionRequest) (*jvspb.CertificateActionResponse, error)
type ECDSAKey
- func JWKList(ctx context.Context, kms *kms.KeyManagementClient, keyName string) ([]*ECDSAKey, error)
type JWKS
type KeyServer
- func (k *KeyServer) ServeHTTP(w http.ResponseWriter, r *http.Request)
type RotationHandler
- func (h *RotationHandler) RotateKey(ctx context.Context, key string) error

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func FormatJWKString ¶

func FormatJWKString(wks []*ECDSAKey) (string, error)

FormatJWKString creates a JWK Set converted to string. https://datatracker.ietf.org/doc/html/rfc7517#section-5 .

func GetLatestKeyVersion ¶

func GetLatestKeyVersion(ctx context.Context, kms *kms.KeyManagementClient, keyName string) (*kmspb.CryptoKeyVersion, error)

GetLatestKeyVersion looks up the newest enabled key version. If there is no enabled version, this returns nil.

func PublicKey ¶

func PublicKey(ctx context.Context, kms *kms.KeyManagementClient, keyName string) ([]byte, error)

PublicKey returns the public key for the newest enabled key version.

func SetPrimary ¶

func SetPrimary(ctx context.Context, kms *kms.KeyManagementClient, key, versionName string) error

SetPrimary sets the key version name as primary in the key labels.

func SignToken ¶

func SignToken(token *jwt.Token, signer crypto.Signer) (string, error)

SignToken signs a jwt token. Much of this is taken from here: https://github.com/google/exposure-notifications-verification-server/blob/main/pkg/jwthelper/jwthelper.go

func ValidateJWT ¶

func ValidateJWT(keySet jwk.Set, jwtStr string) (*jwt2.Token, error)

ValidateJWT takes a jwt string, converts it to a JWT, and validates the signature.

func VerifyJWTString ¶

func VerifyJWTString(ctx context.Context, kms *kms.KeyManagementClient, keyName string, jwtStr string) error

VerifyJWTString verifies that a JWT string is signed correctly and is valid.

Types ¶

type Action ¶

type Action int8

const (
	ActionCreateNew           Action = iota // New version should be created. Will be marked as new in StateStore (SS).
	ActionCreateNewAndPromote               // New version should be created. Will be marked as primary in SS.
	ActionPromote                           // Mark version as primary in SS.
	ActionDisable                           // Disable version. Will be removed from SS.
	ActionDestroy                           // Destroy version.
)

type CertificateActionService ¶

type CertificateActionService struct {
	jvspb.CertificateActionServiceServer
	Handler   *RotationHandler
	KMSClient *kms.KeyManagementClient
}

CertificateActionService allows for performing manual actions on certificate versions.

func (*CertificateActionService) CertificateAction ¶

func (p *CertificateActionService) CertificateAction(ctx context.Context, request *jvspb.CertificateActionRequest) (*jvspb.CertificateActionResponse, error)

CertificateAction implements the certificate action API which performs manual actions on cert versions. this wraps certificateAction and adds a blank response.

type ECDSAKey ¶

type ECDSAKey struct {
	Curve string `json:"crv"`
	ID    string `json:"kid"`
	Type  string `json:"kty"`
	X     string `json:"x"`
	Y     string `json:"y"`
}

ECDSAKey is the public key information for a Elliptic Curve Digital Signature Algorithm Key. used to serialize the public key into JWK format. https://datatracker.ietf.org/doc/html/rfc7517#section-4 .

func JWKList ¶

func JWKList(ctx context.Context, kms *kms.KeyManagementClient, keyName string) ([]*ECDSAKey, error)

JWKList creates a list of public keys in JWK format. https://datatracker.ietf.org/doc/html/rfc7517#section-4 .

type JWKS ¶

type JWKS struct {
	Keys []*ECDSAKey `json:"keys"`
}

JWKS represents a JWK Set, used to convert to json representation. https://datatracker.ietf.org/doc/html/rfc7517#section-5 .

type KeyServer ¶

type KeyServer struct {
	KMSClient       *kms.KeyManagementClient
	PublicKeyConfig *config.PublicKeyConfig
	Cache           *cache.Cache[string]
}

KeyServer provides all valid and active public keys in a JWKS format.

func (*KeyServer) ServeHTTP ¶

func (k *KeyServer) ServeHTTP(w http.ResponseWriter, r *http.Request)

ServeHTTP returns the public keys in JWK format.

type RotationHandler ¶

type RotationHandler struct {
	KMSClient    *kms.KeyManagementClient
	CryptoConfig *config.CryptoConfig
}

RotationHandler handles all necessary rotation actions for asymmetric keys based off a provided configuration.

func (*RotationHandler) RotateKey ¶

func (h *RotationHandler) RotateKey(ctx context.Context, key string) error

RotateKey is called to determine and perform rotation actions on versions for a key. key is the full resource name: `projects/*/locations/*/keyRings/*/cryptoKeys/*` https://pkg.go.dev/google.golang.org/genproto/googleapis/cloud/kms/v1#CryptoKey

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL