secrets

package
v6.22.0+incompatible Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Dec 26, 2017 License: GPL-2.0 Imports: 8 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type CompactPKI

type CompactPKI struct {
	PrivateKeyPEM []byte
	PublicKeyPEM  []byte
	AuthorityPEM  []byte
	TokenKeyPEMs  [][]byte
	// contains filtered or unexported fields
}

CompactPKI holds all PKI information

func NewCompactPKI

func NewCompactPKI(keyPEM []byte, certPEM []byte, caPEM []byte, txKey []byte) (*CompactPKI, error)

NewCompactPKI creates new secrets for PKI implementation based on compact encoding

func NewCompactPKIWithTokenCA

func NewCompactPKIWithTokenCA(keyPEM []byte, certPEM []byte, caPEM []byte, tokenKeyPEMs [][]byte, txKey []byte) (*CompactPKI, error)

NewCompactPKIWithTokenCA creates new secrets for PKI implementation based on compact encoding

func (*CompactPKI) AckSize

func (p *CompactPKI) AckSize() uint32

AckSize returns the default size of an ACK packet

func (*CompactPKI) AuthPEM

func (p *CompactPKI) AuthPEM() []byte

AuthPEM returns the Certificate Authority PEM

func (*CompactPKI) DecodingKey

func (p *CompactPKI) DecodingKey(server string, ackKey interface{}, prevKey interface{}) (interface{}, error)

DecodingKey returns the public key

func (*CompactPKI) EncodingKey

func (p *CompactPKI) EncodingKey() interface{}

EncodingKey returns the private key

func (*CompactPKI) EncodingPEM

func (p *CompactPKI) EncodingPEM() []byte

EncodingPEM returns the certificate PEM that is used for encoding

func (*CompactPKI) PublicKey

func (p *CompactPKI) PublicKey() interface{}

PublicKey returns the public key

func (*CompactPKI) TokenPEMs

func (p *CompactPKI) TokenPEMs() [][]byte

TokenPEMs returns the Token Certificate Authorities

func (*CompactPKI) TransmittedKey

func (p *CompactPKI) TransmittedKey() []byte

TransmittedKey returns the PEM of the public key in the case of PKI if there is no certificate cache configured

func (*CompactPKI) TransmittedPEM

func (p *CompactPKI) TransmittedPEM() []byte

TransmittedPEM returns the PEM certificate that is transmitted

func (*CompactPKI) Type

func (p *CompactPKI) Type() PrivateSecretsType

Type implements the interface Secrets

func (*CompactPKI) VerifyPublicKey

func (p *CompactPKI) VerifyPublicKey(pkey []byte) (interface{}, error)

VerifyPublicKey verifies if the inband public key is correct.

type NullPKI

type NullPKI struct {
	PrivateKeyPEM []byte
	PublicKeyPEM  []byte
	AuthorityPEM  []byte
}

NullPKI holds all PKI information

func NewNullPKI

func NewNullPKI(keyPEM, certPEM, caPEM []byte) (*NullPKI, error)

NewNullPKI creates new secrets for PKI implementation based on compact encoding

func (*NullPKI) AckSize

func (p *NullPKI) AckSize() uint32

AckSize returns the default size of an ACK packet

func (*NullPKI) AuthPEM

func (p *NullPKI) AuthPEM() []byte

AuthPEM returns the Certificate Authority PEM

func (*NullPKI) DecodingKey

func (p *NullPKI) DecodingKey(server string, ackKey interface{}, prevKey interface{}) (interface{}, error)

DecodingKey returns the public key

func (*NullPKI) EncodingKey

func (p *NullPKI) EncodingKey() interface{}

EncodingKey returns the private key

func (*NullPKI) EncodingPEM

func (p *NullPKI) EncodingPEM() []byte

EncodingPEM returns the certificate PEM that is used for encoding

func (*NullPKI) PublicKey

func (p *NullPKI) PublicKey() interface{}

PublicKey returns nil in this case

func (*NullPKI) TransmittedKey

func (p *NullPKI) TransmittedKey() []byte

TransmittedKey returns the PEM of the public key in the case of PKI if there is no certificate cache configured

func (*NullPKI) TransmittedPEM

func (p *NullPKI) TransmittedPEM() []byte

TransmittedPEM returns the PEM certificate that is transmitted

func (*NullPKI) Type

func (p *NullPKI) Type() PrivateSecretsType

Type implements the interface Secrets

func (*NullPKI) VerifyPublicKey

func (p *NullPKI) VerifyPublicKey(pkey []byte) (interface{}, error)

VerifyPublicKey verifies if the inband public key is correct.

type PKISecrets

type PKISecrets struct {
	PrivateKeyPEM    []byte
	PublicKeyPEM     []byte
	AuthorityPEM     []byte
	CertificateCache map[string]*ecdsa.PublicKey
	// contains filtered or unexported fields
}

PKISecrets holds all PKI information

func NewPKISecrets

func NewPKISecrets(keyPEM, certPEM, caPEM []byte, certCache map[string]*ecdsa.PublicKey) (*PKISecrets, error)

NewPKISecrets creates new secrets for PKI implementations

func (*PKISecrets) AckSize

func (p *PKISecrets) AckSize() uint32

AckSize returns the default size of an ACK packet

func (*PKISecrets) AuthPEM

func (p *PKISecrets) AuthPEM() []byte

AuthPEM returns the Certificate Authority PEM

func (*PKISecrets) DecodingKey

func (p *PKISecrets) DecodingKey(server string, ackCert interface{}, prevCert interface{}) (interface{}, error)

DecodingKey returns the public key

func (*PKISecrets) EncodingKey

func (p *PKISecrets) EncodingKey() interface{}

EncodingKey returns the private key

func (*PKISecrets) EncodingPEM

func (p *PKISecrets) EncodingPEM() []byte

EncodingPEM returns the certificate PEM that is used for encoding

func (*PKISecrets) PublicKey

func (p *PKISecrets) PublicKey() interface{}

PublicKey returns the public key

func (*PKISecrets) PublicKeyAdd

func (p *PKISecrets) PublicKeyAdd(host string, newCert []byte) error

PublicKeyAdd validates the parameter certificate. If valid, the corresponding key is added in the PublicKeyCache. If Invalid, an error is returned.

func (*PKISecrets) TransmittedKey

func (p *PKISecrets) TransmittedKey() []byte

TransmittedKey returns the PEM of the public key in the case of PKI if there is no certificate cache configured

func (*PKISecrets) TransmittedPEM

func (p *PKISecrets) TransmittedPEM() []byte

TransmittedPEM returns the PEM certificate that is transmitted

func (*PKISecrets) Type

func (p *PKISecrets) Type() PrivateSecretsType

Type implements the interface Secrets

func (*PKISecrets) VerifyPublicKey

func (p *PKISecrets) VerifyPublicKey(pkey []byte) (interface{}, error)

VerifyPublicKey verifies if the inband public key is correct.

type PSKSecrets

type PSKSecrets struct {
	SharedKey []byte
}

PSKSecrets holds the shared key.

func NewPSKSecrets

func NewPSKSecrets(psk []byte) *PSKSecrets

NewPSKSecrets creates new PSK Secrets.

func (*PSKSecrets) AckSize

func (p *PSKSecrets) AckSize() uint32

AckSize returns the expected size of ack packets.

func (*PSKSecrets) AuthPEM

func (p *PSKSecrets) AuthPEM() []byte

AuthPEM returns the Certificate Authority PEM.

func (*PSKSecrets) DecodingKey

func (p *PSKSecrets) DecodingKey(server string, ackCert, prevCert interface{}) (interface{}, error)

DecodingKey returns the preshared key.

func (*PSKSecrets) EncodingKey

func (p *PSKSecrets) EncodingKey() interface{}

EncodingKey returns the pre-shared key.

func (*PSKSecrets) EncodingPEM

func (p *PSKSecrets) EncodingPEM() []byte

EncodingPEM returns the certificate PEM that is used for encoding.

func (*PSKSecrets) PublicKey

func (p *PSKSecrets) PublicKey() interface{}

PublicKey returns the public key

func (*PSKSecrets) TransmittedKey

func (p *PSKSecrets) TransmittedKey() []byte

TransmittedKey returns nil in the case of pre-shared key.

func (*PSKSecrets) TransmittedPEM

func (p *PSKSecrets) TransmittedPEM() []byte

TransmittedPEM returns the PEM certificate that is transmitted.

func (*PSKSecrets) Type

func (p *PSKSecrets) Type() PrivateSecretsType

Type implements the Secrets interface.

func (*PSKSecrets) VerifyPublicKey

func (p *PSKSecrets) VerifyPublicKey(pkey []byte) (interface{}, error)

VerifyPublicKey always returns nil for pre-shared secrets.

type PrivateSecretsType

type PrivateSecretsType int

PrivateSecretsType identifies the different secrets that are supported

const (
	// PKIType  for asymmetric signing
	PKIType PrivateSecretsType = iota
	// PSKType  for symetric signing
	PSKType
	// PKICompactType is for asymetric signing using compact JWTs on the wire
	PKICompactType
	// PKINull is for debugging
	PKINull
)

type PublicKeyAdder

type PublicKeyAdder interface {

	// PublicKeyAdd adds the given cert for the given host.
	PublicKeyAdd(host string, cert []byte) error
}

PublicKeyAdder register a publicKey for a Node.

type Secrets

type Secrets interface {
	Type() PrivateSecretsType
	EncodingKey() interface{}
	PublicKey() interface{}
	DecodingKey(server string, ackCert, prevCert interface{}) (interface{}, error)
	TransmittedKey() []byte
	VerifyPublicKey(pkey []byte) (interface{}, error)
	AckSize() uint32
}

Secrets is an interface implementing Secrets

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL