jvscrypto

package
v0.0.1-test5 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jul 19, 2022 License: Apache-2.0 Imports: 31 Imported by: 1

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func FormatJWKString

func FormatJWKString(wks []*ECDSAKey) (string, error)

FormatJWKString creates a JWK Set converted to string. https://datatracker.ietf.org/doc/html/rfc7517#section-5 .

func GetLatestKeyVersion

func GetLatestKeyVersion(ctx context.Context, kms *kms.KeyManagementClient, keyName string) (*kmspb.CryptoKeyVersion, error)

GetLatestKeyVersion looks up the newest enabled key version. If there is no enabled version, this returns nil.

func PublicKey

func PublicKey(ctx context.Context, kms *kms.KeyManagementClient, keyName string) ([]byte, error)

PublicKey returns the public key for the newest enabled key version.

func SetPrimary

func SetPrimary(ctx context.Context, kms *kms.KeyManagementClient, key, versionName string) error

SetPrimary sets the key version name as primary in the key labels.

func SignToken

func SignToken(token *jwt.Token, signer crypto.Signer) (string, error)

SignToken signs a jwt token. Much of this is taken from here: https://github.com/google/exposure-notifications-verification-server/blob/main/pkg/jwthelper/jwthelper.go

func ValidateJWT

func ValidateJWT(keySet jwk.Set, jwtStr string) (*jwt2.Token, error)

ValidateJWT takes a jwt string, converts it to a JWT, and validates the signature.

func VerifyJWTString

func VerifyJWTString(ctx context.Context, kms *kms.KeyManagementClient, keyName string, jwtStr string) error

VerifyJWTString verifies that a JWT string is signed correctly and is valid.

Types

type Action

type Action int8
const (
	ActionCreateNew           Action = iota // New version should be created. Will be marked as new in StateStore (SS).
	ActionCreateNewAndPromote               // New version should be created. Will be marked as primary in SS.
	ActionPromote                           // Mark version as primary in SS.
	ActionDisable                           // Disable version. Will be removed from SS.
	ActionDestroy                           // Destroy version.
)

type CertificateActionService

type CertificateActionService struct {
	jvspb.CertificateActionServiceServer
	Handler   *RotationHandler
	KMSClient *kms.KeyManagementClient
}

CertificateActionService allows for performing manual actions on certificate versions.

func (*CertificateActionService) CertificateAction

CertificateAction implements the certificate action API which performs manual actions on cert versions. this wraps certificateAction and adds a blank response.

type ECDSAKey

type ECDSAKey struct {
	Curve string `json:"crv"`
	ID    string `json:"kid"`
	Type  string `json:"kty"`
	X     string `json:"x"`
	Y     string `json:"y"`
}

ECDSAKey is the public key information for a Elliptic Curve Digital Signature Algorithm Key. used to serialize the public key into JWK format. https://datatracker.ietf.org/doc/html/rfc7517#section-4 .

func JWKList

func JWKList(ctx context.Context, kms *kms.KeyManagementClient, keyName string) ([]*ECDSAKey, error)

JWKList creates a list of public keys in JWK format. https://datatracker.ietf.org/doc/html/rfc7517#section-4 .

type JWKS

type JWKS struct {
	Keys []*ECDSAKey `json:"keys"`
}

JWKS represents a JWK Set, used to convert to json representation. https://datatracker.ietf.org/doc/html/rfc7517#section-5 .

type KeyServer

type KeyServer struct {
	KMSClient       *kms.KeyManagementClient
	PublicKeyConfig *config.PublicKeyConfig
	Cache           *cache.Cache[string]
}

KeyServer provides all valid and active public keys in a JWKS format.

func (*KeyServer) ServeHTTP

func (k *KeyServer) ServeHTTP(w http.ResponseWriter, r *http.Request)

ServeHTTP returns the public keys in JWK format.

type RotationHandler

type RotationHandler struct {
	KMSClient    *kms.KeyManagementClient
	CryptoConfig *config.CryptoConfig
}

RotationHandler handles all necessary rotation actions for asymmetric keys based off a provided configuration.

func (*RotationHandler) RotateKey

func (h *RotationHandler) RotateKey(ctx context.Context, key string) error

RotateKey is called to determine and perform rotation actions on versions for a key. key is the full resource name: `projects/*/locations/*/keyRings/*/cryptoKeys/*` https://pkg.go.dev/google.golang.org/genproto/googleapis/cloud/kms/v1#CryptoKey

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL