Documentation
¶
Index ¶
- Constants
- type DefaultMessageCrypto
- func (d *DefaultMessageCrypto) AddPublicKeyCipher(keyNames []string, keyReader KeyReader) error
- func (d *DefaultMessageCrypto) Decrypt(msgMetadata MessageMetadataSupplier, payload []byte, keyReader KeyReader) ([]byte, error)
- func (d *DefaultMessageCrypto) Encrypt(encKeys []string, keyReader KeyReader, msgMetadata MessageMetadataSupplier, ...) ([]byte, error)
- func (d *DefaultMessageCrypto) RemoveKeyCipher(keyName string) bool
- type EncryptionKeyInfo
- type FileKeyReader
- type KeyReader
- type MessageCrypto
- type MessageMetadata
- type MessageMetadataSupplier
Constants ¶
View Source
const ( // ProducerCryptoFailureActionFail this is the default option to fail send if crypto operation fails. ProducerCryptoFailureActionFail = iota // ProducerCryptoFailureActionSend ingnore crypto failure and proceed with sending unencrypted message. ProducerCryptoFailureActionSend )
View Source
const ( // ConsumerCryptoFailureActionFail this is the default option to fail consume messages until crypto succeeds. ConsumerCryptoFailureActionFail = iota // ConsumerCryptoFailureActionDiscard message is silently acknowledged and not delivered to the application ConsumerCryptoFailureActionDiscard // ConsumerCryptoFailureActionConsume deliver the encrypted message to the application. // It's the application's responsibility to decrypt the message. // if message is also compressed, decompression will fail. // If message contain batch messages, client will not be able to retrieve // individual messages in the batch. // delivered encrypted message contains EncryptionContext which contains encryption // and compression information in it using which application can decrypt the payload. ConsumerCryptoFailureActionConsume )
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type DefaultMessageCrypto ¶
type DefaultMessageCrypto struct {
// contains filtered or unexported fields
}
DefaultMessageCrypto implmentation of the interface MessageCryto
func NewDefaultMessageCrypto ¶
func NewDefaultMessageCrypto(logCtx string, keyGenNeeded bool, logger log.Logger) (*DefaultMessageCrypto, error)
NewDefaultMessageCrypto get the instance of message crypto
func (*DefaultMessageCrypto) AddPublicKeyCipher ¶
func (d *DefaultMessageCrypto) AddPublicKeyCipher(keyNames []string, keyReader KeyReader) error
AddPublicKeyCipher encrypt data key using keyCrypto and cache
func (*DefaultMessageCrypto) Decrypt ¶
func (d *DefaultMessageCrypto) Decrypt(msgMetadata MessageMetadataSupplier, payload []byte, keyReader KeyReader) ([]byte, error)
Decrypt decrypt the payload using decrypted data key. Here data key is read from from the message metadata and decrypted using private key.
func (*DefaultMessageCrypto) Encrypt ¶
func (d *DefaultMessageCrypto) Encrypt(encKeys []string, keyReader KeyReader, msgMetadata MessageMetadataSupplier, payload []byte) ([]byte, error)
Encrypt encrypt payload using encryption keys and add encrypted data key to message metadata. Here data key is encrypted using public key
func (*DefaultMessageCrypto) RemoveKeyCipher ¶
func (d *DefaultMessageCrypto) RemoveKeyCipher(keyName string) bool
RemoveKeyCipher remove encrypted data key from cache
type EncryptionKeyInfo ¶
type EncryptionKeyInfo struct {
// contains filtered or unexported fields
}
EncryptionKeyInfo
func NewEncryptionKeyInfo ¶
func NewEncryptionKeyInfo(name string, key []byte, metadata map[string]string) *EncryptionKeyInfo
NewEncryptionKeyInfo
func (*EncryptionKeyInfo) Metadata ¶
func (eci *EncryptionKeyInfo) Metadata() map[string]string
GetMetadata get key metadata
type FileKeyReader ¶
type FileKeyReader struct {
// contains filtered or unexported fields
}
FileKeyReader default implementation of KeyReader
func NewFileKeyReader ¶
func NewFileKeyReader(publicKeyPath, privateKeyPath string) *FileKeyReader
func (*FileKeyReader) PrivateKey ¶
func (d *FileKeyReader) PrivateKey(keyName string, keyMeta map[string]string) (*EncryptionKeyInfo, error)
PrivateKey read private key from the given path
func (*FileKeyReader) PublicKey ¶
func (d *FileKeyReader) PublicKey(keyName string, keyMeta map[string]string) (*EncryptionKeyInfo, error)
PublicKey read public key from the given path
type KeyReader ¶
type KeyReader interface {
// PublicKey get public key that is be used by the producer to encrypt data key
PublicKey(keyName string, metadata map[string]string) (*EncryptionKeyInfo, error)
// PrivateKey get private key that is used by the consumer to decrypt data key
PrivateKey(keyName string, metadata map[string]string) (*EncryptionKeyInfo, error)
}
KeyReader implement this interface to read and provide public & private keys key pair can be RSA, ECDSA
type MessageCrypto ¶
type MessageCrypto interface {
// AddPublicKeyCipher
AddPublicKeyCipher(keyNames []string, keyReader KeyReader) error
// RemoveKeyCipher remove the key indentified by the keyname from the list
RemoveKeyCipher(keyName string) bool
// Encrypt the payload using the data key and update
// message metadata with the keyname and encrypted data key
Encrypt(encKeys []string, KeyReader KeyReader, msgMetadata MessageMetadataSupplier, payload []byte) ([]byte, error)
// Decrypt the payload using the data key.
// Keys used to ecnrypt the data key can be retrieved from msgMetadata
Decrypt(msgMetadata MessageMetadataSupplier, payload []byte, KeyReader KeyReader) ([]byte, error)
}
MessageCrypto implement this interface to encrypt and decrypt messages
type MessageMetadata ¶
type MessageMetadata struct {
// contains filtered or unexported fields
}
func (*MessageMetadata) EncryptionKeys ¶
func (m *MessageMetadata) EncryptionKeys() []EncryptionKeyInfo
func (*MessageMetadata) EncryptionParam ¶
func (m *MessageMetadata) EncryptionParam() []byte
func (*MessageMetadata) SetEncryptionParam ¶
func (m *MessageMetadata) SetEncryptionParam(param []byte)
func (*MessageMetadata) UpsertEncryptionkey ¶
func (m *MessageMetadata) UpsertEncryptionkey(keyInfo EncryptionKeyInfo)
type MessageMetadataSupplier ¶
type MessageMetadataSupplier interface {
// GetEncryptionKeys read all the encryption keys from the MessageMetadata
EncryptionKeys() []EncryptionKeyInfo
// UpsertEncryptionkey add new or update existing EncryptionKeys in to the MessageMetadata
UpsertEncryptionkey(EncryptionKeyInfo)
// GetEncryptionParam read the ecryption parameter from the MessageMetadata
EncryptionParam() []byte
// SetEncryptionParam set encryption parameter in to the MessageMetadata
SetEncryptionParam([]byte)
}
MessageMetadataSupplier wrapper implementation around message metadata
func NewMessageMetadataSupplier ¶
func NewMessageMetadataSupplier(messageMetadata *pb.MessageMetadata) MessageMetadataSupplier
Source Files
Click to show internal directories.
Click to hide internal directories.