choria

package
v0.29.4 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Sep 1, 2024 License: Apache-2.0 Imports: 23 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type BuildInfoProvider 

type BuildInfoProvider interface {
	ClientIdentitySuffix() string
}

BuildInfoProvider provides info about the build

type ChoriaSecurity 

type ChoriaSecurity struct {
	// contains filtered or unexported fields
}

func New 

func New(opts ...Option) (*ChoriaSecurity, error)

func (*ChoriaSecurity) BackingTechnology 

func (s *ChoriaSecurity) BackingTechnology() inter.SecurityTechnology

func (*ChoriaSecurity) CallerIdentity 

func (s *ChoriaSecurity) CallerIdentity(caller string) (string, error)

func (*ChoriaSecurity) CallerName 

func (s *ChoriaSecurity) CallerName() string

func (*ChoriaSecurity) ChecksumBytes 

func (s *ChoriaSecurity) ChecksumBytes(data []byte) []byte

func (*ChoriaSecurity) ClientTLSConfig 

func (s *ChoriaSecurity) ClientTLSConfig() (*tls.Config, error)

func (*ChoriaSecurity) Enroll 

func (s *ChoriaSecurity) Enroll(ctx context.Context, wait time.Duration, cb func(digest string, try int)) error

func (*ChoriaSecurity) HTTPClient 

func (s *ChoriaSecurity) HTTPClient(secure bool) (*http.Client, error)

func (*ChoriaSecurity) Identity 

func (s *ChoriaSecurity) Identity() string

func (*ChoriaSecurity) IsRemoteSigning 

func (s *ChoriaSecurity) IsRemoteSigning() bool

func (*ChoriaSecurity) Provider 

func (s *ChoriaSecurity) Provider() string

func (*ChoriaSecurity) PublicCert 

func (s *ChoriaSecurity) PublicCert() (*x509.Certificate, error)

func (*ChoriaSecurity) PublicCertBytes 

func (s *ChoriaSecurity) PublicCertBytes() ([]byte, error)

func (*ChoriaSecurity) RemoteSignRequest 

func (s *ChoriaSecurity) RemoteSignRequest(ctx context.Context, request []byte) (signed []byte, err error)

func (*ChoriaSecurity) RemoteSignerSeedFile added in v0.27.0 

func (s *ChoriaSecurity) RemoteSignerSeedFile() (string, error)

func (*ChoriaSecurity) RemoteSignerToken 

func (s *ChoriaSecurity) RemoteSignerToken() ([]byte, error)

func (*ChoriaSecurity) RemoteSignerURL 

func (s *ChoriaSecurity) RemoteSignerURL() (*url.URL, error)

func (*ChoriaSecurity) SSLContext 

func (s *ChoriaSecurity) SSLContext() (*http.Transport, error)

func (*ChoriaSecurity) ShouldAllowCaller 

func (s *ChoriaSecurity) ShouldAllowCaller(name string, callers ...[]byte) (privileged bool, err error)

func (*ChoriaSecurity) ShouldSignReplies added in v0.27.0 

func (s *ChoriaSecurity) ShouldSignReplies() bool

func (*ChoriaSecurity) SignBytes 

func (s *ChoriaSecurity) SignBytes(b []byte) (signature []byte, err error)

func (*ChoriaSecurity) TLSConfig 

func (s *ChoriaSecurity) TLSConfig() (*tls.Config, error)

func (*ChoriaSecurity) TokenBytes added in v0.27.0 

func (s *ChoriaSecurity) TokenBytes() ([]byte, error)

func (*ChoriaSecurity) Validate 

func (s *ChoriaSecurity) Validate() ([]string, bool)

func (*ChoriaSecurity) VerifySignatureBytes 

func (s *ChoriaSecurity) VerifySignatureBytes(dat []byte, sig []byte, public ...[]byte) (should bool, signer string)

type Config 

type Config struct {
	// Identity when not empty will force the identity to be used for validations etc
	Identity string

	// SeedFile is the file holding the ed25519 seed
	SeedFile string

	// TokenFile is the file holding the signed JWT file
	TokenFile string

	// Issuers are Organization issuers that may issue tokens
	Issuers map[string]ed25519.PublicKey

	// TrustedTokenSigners are keys allowed to sign tokens
	TrustedTokenSigners []ed25519.PublicKey

	// Is a URL where a remote signer is running
	RemoteSignerURL string

	// TLSSetup is the shared TLS configuration state between security providers
	TLSConfig *tlssetup.Config

	// RemoteSigner is the signer used to sign requests using a remote like AAA Service
	RemoteSigner inter.RequestSigner

	// DisableTLSVerify disables TLS verify in HTTP clients etc
	DisableTLSVerify bool

	// Certificate is the path to the public certificate
	Certificate string

	// Key is the path to the private key
	Key string

	// CA is the path to the Certificate Authority
	CA string

	// SignedReplies indicates that servers replying should sign their messages
	SignedReplies bool

	// InitiatedByServer indicates this is a server, it would require trusted signers
	InitiatedByServer bool
}

type Option 

type Option func(*ChoriaSecurity) error

Option is a function that can configure the Security Provider

func WithChoriaConfig 

func WithChoriaConfig(c *config.Config) Option

WithChoriaConfig optionally configures the Security Provider from settings found in a typical Choria configuration

func WithConfig 

func WithConfig(c *Config) Option

WithConfig optionally configures the Security Provider using its native configuration format

func WithLog 

func WithLog(l *logrus.Entry) Option

WithLog configures a logger for the Security Provider

func WithSeedFile 

func WithSeedFile(f string) Option

WithSeedFile sets the path to the ed25519 seed stored in a file

func WithSigner 

func WithSigner(signer inter.RequestSigner) Option

WithSigner configures a remote request signer

func WithTokenFile 

func WithTokenFile(f string) Option

WithTokenFile sets the path to the JWT token stored in a file

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.