Documentation ¶
Index ¶
- type CompactPKI
- func (p *CompactPKI) AckSize() uint32
- func (p *CompactPKI) AuthPEM() []byte
- func (p *CompactPKI) DecodingKey(server string, ackKey interface{}, prevKey interface{}) (interface{}, error)
- func (p *CompactPKI) EncodingKey() interface{}
- func (p *CompactPKI) EncodingPEM() []byte
- func (p *CompactPKI) PublicKey() interface{}
- func (p *CompactPKI) TokenPEMs() [][]byte
- func (p *CompactPKI) TransmittedKey() []byte
- func (p *CompactPKI) TransmittedPEM() []byte
- func (p *CompactPKI) Type() PrivateSecretsType
- func (p *CompactPKI) VerifyPublicKey(pkey []byte) (interface{}, error)
- type NullPKI
- func (p *NullPKI) AckSize() uint32
- func (p *NullPKI) AuthPEM() []byte
- func (p *NullPKI) DecodingKey(server string, ackKey interface{}, prevKey interface{}) (interface{}, error)
- func (p *NullPKI) EncodingKey() interface{}
- func (p *NullPKI) EncodingPEM() []byte
- func (p *NullPKI) PublicKey() interface{}
- func (p *NullPKI) TransmittedKey() []byte
- func (p *NullPKI) TransmittedPEM() []byte
- func (p *NullPKI) Type() PrivateSecretsType
- func (p *NullPKI) VerifyPublicKey(pkey []byte) (interface{}, error)
- type PKISecrets
- func (p *PKISecrets) AckSize() uint32
- func (p *PKISecrets) AuthPEM() []byte
- func (p *PKISecrets) DecodingKey(server string, ackCert interface{}, prevCert interface{}) (interface{}, error)
- func (p *PKISecrets) EncodingKey() interface{}
- func (p *PKISecrets) EncodingPEM() []byte
- func (p *PKISecrets) PublicKey() interface{}
- func (p *PKISecrets) PublicKeyAdd(host string, newCert []byte) error
- func (p *PKISecrets) TransmittedKey() []byte
- func (p *PKISecrets) TransmittedPEM() []byte
- func (p *PKISecrets) Type() PrivateSecretsType
- func (p *PKISecrets) VerifyPublicKey(pkey []byte) (interface{}, error)
- type PSKSecrets
- func (p *PSKSecrets) AckSize() uint32
- func (p *PSKSecrets) AuthPEM() []byte
- func (p *PSKSecrets) DecodingKey(server string, ackCert, prevCert interface{}) (interface{}, error)
- func (p *PSKSecrets) EncodingKey() interface{}
- func (p *PSKSecrets) EncodingPEM() []byte
- func (p *PSKSecrets) PublicKey() interface{}
- func (p *PSKSecrets) TransmittedKey() []byte
- func (p *PSKSecrets) TransmittedPEM() []byte
- func (p *PSKSecrets) Type() PrivateSecretsType
- func (p *PSKSecrets) VerifyPublicKey(pkey []byte) (interface{}, error)
- type PrivateSecretsType
- type PublicKeyAdder
- type Secrets
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type CompactPKI ¶
type CompactPKI struct { PrivateKeyPEM []byte PublicKeyPEM []byte AuthorityPEM []byte TokenKeyPEMs [][]byte // contains filtered or unexported fields }
CompactPKI holds all PKI information
func NewCompactPKI ¶
NewCompactPKI creates new secrets for PKI implementation based on compact encoding
func NewCompactPKIWithTokenCA ¶
func NewCompactPKIWithTokenCA(keyPEM []byte, certPEM []byte, caPEM []byte, tokenKeyPEMs [][]byte, txKey []byte) (*CompactPKI, error)
NewCompactPKIWithTokenCA creates new secrets for PKI implementation based on compact encoding
func (*CompactPKI) AckSize ¶
func (p *CompactPKI) AckSize() uint32
AckSize returns the default size of an ACK packet
func (*CompactPKI) AuthPEM ¶
func (p *CompactPKI) AuthPEM() []byte
AuthPEM returns the Certificate Authority PEM
func (*CompactPKI) DecodingKey ¶
func (p *CompactPKI) DecodingKey(server string, ackKey interface{}, prevKey interface{}) (interface{}, error)
DecodingKey returns the public key
func (*CompactPKI) EncodingKey ¶
func (p *CompactPKI) EncodingKey() interface{}
EncodingKey returns the private key
func (*CompactPKI) EncodingPEM ¶
func (p *CompactPKI) EncodingPEM() []byte
EncodingPEM returns the certificate PEM that is used for encoding
func (*CompactPKI) PublicKey ¶
func (p *CompactPKI) PublicKey() interface{}
PublicKey returns the public key
func (*CompactPKI) TokenPEMs ¶
func (p *CompactPKI) TokenPEMs() [][]byte
TokenPEMs returns the Token Certificate Authorities
func (*CompactPKI) TransmittedKey ¶
func (p *CompactPKI) TransmittedKey() []byte
TransmittedKey returns the PEM of the public key in the case of PKI if there is no certificate cache configured
func (*CompactPKI) TransmittedPEM ¶
func (p *CompactPKI) TransmittedPEM() []byte
TransmittedPEM returns the PEM certificate that is transmitted
func (*CompactPKI) Type ¶
func (p *CompactPKI) Type() PrivateSecretsType
Type implements the interface Secrets
func (*CompactPKI) VerifyPublicKey ¶
func (p *CompactPKI) VerifyPublicKey(pkey []byte) (interface{}, error)
VerifyPublicKey verifies if the inband public key is correct.
type NullPKI ¶
NullPKI holds all PKI information
func NewNullPKI ¶
NewNullPKI creates new secrets for PKI implementation based on compact encoding
func (*NullPKI) DecodingKey ¶
func (p *NullPKI) DecodingKey(server string, ackKey interface{}, prevKey interface{}) (interface{}, error)
DecodingKey returns the public key
func (*NullPKI) EncodingKey ¶
func (p *NullPKI) EncodingKey() interface{}
EncodingKey returns the private key
func (*NullPKI) EncodingPEM ¶
EncodingPEM returns the certificate PEM that is used for encoding
func (*NullPKI) PublicKey ¶
func (p *NullPKI) PublicKey() interface{}
PublicKey returns nil in this case
func (*NullPKI) TransmittedKey ¶
TransmittedKey returns the PEM of the public key in the case of PKI if there is no certificate cache configured
func (*NullPKI) TransmittedPEM ¶
TransmittedPEM returns the PEM certificate that is transmitted
func (*NullPKI) Type ¶
func (p *NullPKI) Type() PrivateSecretsType
Type implements the interface Secrets
func (*NullPKI) VerifyPublicKey ¶
VerifyPublicKey verifies if the inband public key is correct.
type PKISecrets ¶
type PKISecrets struct { PrivateKeyPEM []byte PublicKeyPEM []byte AuthorityPEM []byte CertificateCache map[string]*ecdsa.PublicKey // contains filtered or unexported fields }
PKISecrets holds all PKI information
func NewPKISecrets ¶
func NewPKISecrets(keyPEM, certPEM, caPEM []byte, certCache map[string]*ecdsa.PublicKey) (*PKISecrets, error)
NewPKISecrets creates new secrets for PKI implementations
func (*PKISecrets) AckSize ¶
func (p *PKISecrets) AckSize() uint32
AckSize returns the default size of an ACK packet
func (*PKISecrets) AuthPEM ¶
func (p *PKISecrets) AuthPEM() []byte
AuthPEM returns the Certificate Authority PEM
func (*PKISecrets) DecodingKey ¶
func (p *PKISecrets) DecodingKey(server string, ackCert interface{}, prevCert interface{}) (interface{}, error)
DecodingKey returns the public key
func (*PKISecrets) EncodingKey ¶
func (p *PKISecrets) EncodingKey() interface{}
EncodingKey returns the private key
func (*PKISecrets) EncodingPEM ¶
func (p *PKISecrets) EncodingPEM() []byte
EncodingPEM returns the certificate PEM that is used for encoding
func (*PKISecrets) PublicKey ¶
func (p *PKISecrets) PublicKey() interface{}
PublicKey returns the public key
func (*PKISecrets) PublicKeyAdd ¶
func (p *PKISecrets) PublicKeyAdd(host string, newCert []byte) error
PublicKeyAdd validates the parameter certificate. If valid, the corresponding key is added in the PublicKeyCache. If Invalid, an error is returned.
func (*PKISecrets) TransmittedKey ¶
func (p *PKISecrets) TransmittedKey() []byte
TransmittedKey returns the PEM of the public key in the case of PKI if there is no certificate cache configured
func (*PKISecrets) TransmittedPEM ¶
func (p *PKISecrets) TransmittedPEM() []byte
TransmittedPEM returns the PEM certificate that is transmitted
func (*PKISecrets) Type ¶
func (p *PKISecrets) Type() PrivateSecretsType
Type implements the interface Secrets
func (*PKISecrets) VerifyPublicKey ¶
func (p *PKISecrets) VerifyPublicKey(pkey []byte) (interface{}, error)
VerifyPublicKey verifies if the inband public key is correct.
type PSKSecrets ¶
type PSKSecrets struct {
}PSKSecrets holds the shared key.
func NewPSKSecrets ¶
func NewPSKSecrets(psk []byte) *PSKSecrets
NewPSKSecrets creates new PSK Secrets.
func (*PSKSecrets) AckSize ¶
func (p *PSKSecrets) AckSize() uint32
AckSize returns the expected size of ack packets.
func (*PSKSecrets) AuthPEM ¶
func (p *PSKSecrets) AuthPEM() []byte
AuthPEM returns the Certificate Authority PEM.
func (*PSKSecrets) DecodingKey ¶
func (p *PSKSecrets) DecodingKey(server string, ackCert, prevCert interface{}) (interface{}, error)
DecodingKey returns the preshared key.
func (*PSKSecrets) EncodingKey ¶
func (p *PSKSecrets) EncodingKey() interface{}
EncodingKey returns the pre-shared key.
func (*PSKSecrets) EncodingPEM ¶
func (p *PSKSecrets) EncodingPEM() []byte
EncodingPEM returns the certificate PEM that is used for encoding.
func (*PSKSecrets) PublicKey ¶
func (p *PSKSecrets) PublicKey() interface{}
PublicKey returns the public key
func (*PSKSecrets) TransmittedKey ¶
func (p *PSKSecrets) TransmittedKey() []byte
TransmittedKey returns nil in the case of pre-shared key.
func (*PSKSecrets) TransmittedPEM ¶
func (p *PSKSecrets) TransmittedPEM() []byte
TransmittedPEM returns the PEM certificate that is transmitted.
func (*PSKSecrets) Type ¶
func (p *PSKSecrets) Type() PrivateSecretsType
Type implements the Secrets interface.
func (*PSKSecrets) VerifyPublicKey ¶
func (p *PSKSecrets) VerifyPublicKey(pkey []byte) (interface{}, error)
VerifyPublicKey always returns nil for pre-shared secrets.
type PrivateSecretsType ¶
type PrivateSecretsType int
PrivateSecretsType identifies the different secrets that are supported
const ( // PKIType for asymmetric signing PKIType PrivateSecretsType = iota // PSKType for symetric signing PSKType // PKICompactType is for asymetric signing using compact JWTs on the wire PKICompactType // PKINull is for debugging PKINull )
type PublicKeyAdder ¶
type PublicKeyAdder interface { // PublicKeyAdd adds the given cert for the given host. PublicKeyAdd(host string, cert []byte) error }
PublicKeyAdder register a publicKey for a Node.
type Secrets ¶
type Secrets interface { Type() PrivateSecretsType EncodingKey() interface{} PublicKey() interface{} DecodingKey(server string, ackCert, prevCert interface{}) (interface{}, error) TransmittedKey() []byte VerifyPublicKey(pkey []byte) (interface{}, error) AckSize() uint32 }
Secrets is an interface implementing Secrets