token

package
v0.0.0-...-2714d10 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 20, 2024 License: Apache-2.0 Imports: 25 Imported by: 4

Documentation

Overview

Package encrypter is suitable for encrypting messages you would like to securely share between two points. Useful for providing end to end encryption (E2EE). It uses Box (NaCl) for encrypting the messages. tldr is it uses Elliptic Curves (Curve25519) for the keys, XSalsa20 and Poly1305 for encryption. You can read more here https://godoc.org/golang.org/x/crypto/nacl/box. 

msg := []byte("super safe message.")
alice, err := NewEncrypter("alice_priv_key.pem", "alice_pub_key.pem")
if err != nil {
	log.Fatal(err)
}

bob, err := NewEncrypter("bob_priv_key.pem", "bob_pub_key.pem")
if err != nil {
	log.Fatal(err)
}
encrypted, err := alice.Encrypt(msg, bob.PublicKey())
if err != nil {
	log.Fatal(err)
}

data, err := bob.Decrypt(encrypted, alice.PublicKey())
if err != nil {
	log.Fatal(err)
}
fmt.Println(string(data))

Index

Constants

View Source 
const (
	AccessLoginWorkerPath      = "/cdn-cgi/access/login"
	AccessAuthorizedWorkerPath = "/cdn-cgi/access/authorized"
)

Variables

This section is empty.

Functions

func FetchToken 

func FetchToken(appURL *url.URL, appInfo *AppInfo, log *zerolog.Logger) (string, error)

FetchToken will either load a stored token or generate a new one it appends the host of the appURL as the redirect URL to the access cli request if opening the browser

func FetchTokenWithRedirect 

func FetchTokenWithRedirect(appURL *url.URL, appInfo *AppInfo, log *zerolog.Logger) (string, error)

FetchTokenWithRedirect will either load a stored token or generate a new one it appends the full url as the redirect URL to the access cli request if opening the browser

func GenerateAppTokenFilePathFromURL 

func GenerateAppTokenFilePathFromURL(appDomain, aud string, suffix string) (string, error)

GenerateAppTokenFilePathFromURL will return a filepath for given Access org token

func GenerateSSHCertFilePathFromURL 

func GenerateSSHCertFilePathFromURL(url *url.URL, suffix string) (string, error)

GenerateSSHCertFilePathFromURL will return a file path for creating short lived certificates

func GetAppTokenIfExists 

func GetAppTokenIfExists(appInfo *AppInfo) (string, error)

func GetOrgTokenIfExists 

func GetOrgTokenIfExists(authDomain string) (string, error)

func Init 

func Init(version string)

func OpenBrowser 

func OpenBrowser(url string) error

OpenBrowser opens the specified URL in the default browser of the user

func RemoveTokenIfExists 

func RemoveTokenIfExists(appInfo *AppInfo) error

RemoveTokenIfExists removes the a token from local storage if it exists

func RunTransfer 

func RunTransfer(transferURL *url.URL, appAUD, resourceName, key, value string, shouldEncrypt bool, useHostOnly bool, log *zerolog.Logger) ([]byte, error)

RunTransfer does the transfer "dance" with the end result downloading the supported resource. The expanded description is run is encapsulation of shared business logic needed to request a resource (token/cert/etc) from the transfer service (loginhelper). The "dance" we refer to is building a HTTP request, opening that in a browser waiting for the user to complete an action, while it long polls in the background waiting for an action to be completed to download the resource.

Types

type AppInfo 

type AppInfo struct {
	AuthDomain string
	AppAUD     string
	AppDomain  string
}

func GetAppInfo 

func GetAppInfo(reqURL *url.URL) (*AppInfo, error)

GetAppInfo makes a request to the appURL and stops at the first redirect. The 302 location header will contain the auth domain

type Encrypter 

type Encrypter struct {
	// contains filtered or unexported fields
}

Encrypter represents a keypair value with auxiliary functions to make doing encryption and decryption easier

func NewEncrypter 

func NewEncrypter(privateKey, publicKey string) (*Encrypter, error)

NewEncrypter returns a new encrypter with initialized keypair

func (*Encrypter) Decrypt 

func (e *Encrypter) Decrypt(data []byte, senderPublicKey string) ([]byte, error)

Decrypt data that was encrypted using our publicKey. It will use our privateKey and the sender's publicKey to decrypt data is an encrypted buffer of data, mostly like from the Encrypt function. Messages contain the nonce data on the front of the message. senderPublicKey is a base64 encoded version of the sender's public key (most likely from the PublicKey function). The return value is the decrypted buffer or an error.

func (*Encrypter) Encrypt 

func (e *Encrypter) Encrypt(data []byte, recipientPublicKey string) ([]byte, error)

Encrypt data using our privateKey and the recipient publicKey data is a buffer of data that we would like to encrypt. Messages will have the nonce added to front as they have to unique for each message shared. recipientPublicKey is a base64 encoded version of the sender's public key (most likely from the PublicKey function). The return value is the encrypted buffer or an error.

func (*Encrypter) PublicKey 

func (e *Encrypter) PublicKey() string

PublicKey returns a base64 encoded public key. Useful for transport (like in HTTP requests)

func (*Encrypter) WriteKeys 

func (e *Encrypter) WriteKeys(privateKey, publicKey string) error

WriteKeys keys will take the currently initialized keypair and write them to provided filenames

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.