security

Documentation

Index

• Variables
• func CheckEmptyValues(key string, values []string) error
• func IsValidCipherSuite(cs string) bool
• func ValidateAttribute(key string, values []string) error
• func ValidateIPs(ips []string) error
• func ValidatePorts(ports []string) error
• type JwksInfo
  • func ParseJwksURI(jwksURI string) (JwksInfo, error)

Variables

var ValidCipherSuites = sets.New(
	"ECDHE-ECDSA-AES128-GCM-SHA256",
	"ECDHE-RSA-AES128-GCM-SHA256",
	"ECDHE-ECDSA-AES256-GCM-SHA384",
	"ECDHE-RSA-AES256-GCM-SHA384",
	"ECDHE-ECDSA-CHACHA20-POLY1305",
	"ECDHE-RSA-CHACHA20-POLY1305",
	"ECDHE-ECDSA-AES128-SHA",
	"ECDHE-RSA-AES128-SHA",
	"ECDHE-ECDSA-AES256-SHA",
	"ECDHE-RSA-AES256-SHA",
	"AES128-GCM-SHA256",
	"AES256-GCM-SHA384",
	"AES128-SHA",
	"AES256-SHA",
	"DES-CBC3-SHA",
)

ValidCipherSuites contains a list of all ciphers supported in Gateway.server.tls.cipherSuites Extracted from: `bssl ciphers -openssl-name ALL | rg -v PSK`

Functions

func CheckEmptyValues

func CheckEmptyValues(key string, values []string) error

func IsValidCipherSuite

func IsValidCipherSuite(cs string) bool

func ValidateAttribute

func ValidateAttribute(key string, values []string) error

func ValidateIPs

func ValidateIPs(ips []string) error

func ValidatePorts

func ValidatePorts(ports []string) error

Types

type JwksInfo

type JwksInfo struct {
	Hostname host.Name
	Scheme   string
	Port     int
	UseSSL   bool
}

JwksInfo provides values resulting from parsing a jwks URI.

func ParseJwksURI

func ParseJwksURI(jwksURI string) (JwksInfo, error)

ParseJwksURI parses the input URI and returns the corresponding hostname, port, and whether SSL is used. URI must start with "http://" or "https://", which corresponding to "http" or "https" scheme. Port number is extracted from URI if available (i.e from postfix :<port>, eg. ":80"), or assigned to a default value based on URI scheme (80 for http and 443 for https). Port name is set to URI scheme value.