Documentation ¶
Overview ¶
Package keyserver provides an executable reference implementation of a server for the CONIKS key management system.
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func MarshalResponse ¶
MarshalResponse returns a JSON encoding of the server's response.
func UnmarshalRequest ¶
UnmarshalRequest parses a JSON-encoded request msg and creates the corresponding protocol.Request, which will be handled by the server.
Types ¶
type Address ¶
type Address struct { // Address is formatted as a url: scheme://address. Address string `toml:"address"` AllowRegistration bool `toml:"allow_registration,omitempty"` // TLSCertPath is a path to the server's TLS Certificate, // which has to be set if the connection is TCP. TLSCertPath string `toml:"cert,omitempty"` // TLSKeyPath is a path to the server's TLS private key, // which has to be set if the connection is TCP. TLSKeyPath string `toml:"key,omitempty"` }
An Address describes a server's connection. It makes the server connections configurable so that a key server implementation can easily be run by a first-party identity provider or a third-party communication service. It supports two types of connections: a TCP connection ("tcp") and a Unix socket connection ("unix").
Allowing registration has to be specified explicitly for each connection. Other types of requests are allowed by default. One can think of a registration as a "write" to a key directory, while the other request types are "reads". So, by default, addresses are "read-only".
Additionally, TCP connections must use TLS for added security, and each is required to specify a TLS certificate and corresponding private key.
type ConiksServer ¶
A ConiksServer represents a CONIKS key server. It wraps a ConiksDirectory with a network layer which handles requests/responses and their encoding/decoding. A ConiksServer also supports concurrent handling of requests and a mechanism to update the underlying ConiksDirectory automatically at regular time intervals.
func NewConiksServer ¶
func NewConiksServer(conf *ServerConfig) *ConiksServer
NewConiksServer creates a new reference implementation of a CONIKS key server.
func (*ConiksServer) Run ¶
func (server *ConiksServer) Run(addrs []*Address)
Run implements the main functionality of the key server. It listens for all declared connections with corresponding permissions. It also supports hot-reloading the configuration by listening for SIGUSR2 signal.
func (*ConiksServer) Shutdown ¶
func (server *ConiksServer) Shutdown() error
Shutdown closes all of the server's connections and shuts down the server.
type ServerConfig ¶
type ServerConfig struct { // LoadedHistoryLength is the maximum number of // snapshots kept in memory. LoadedHistoryLength uint64 `toml:"loaded_history_length"` // Policies contains the server's CONIKS policies configuration. Policies *ServerPolicies `toml:"policies"` // Addresses contains the server's connections configuration. Addresses []*Address `toml:"addresses"` // contains filtered or unexported fields }
A ServerConfig contains configuration values which are read at initialization time from a TOML format configuration file.
func LoadServerConfig ¶
func LoadServerConfig(file string) (*ServerConfig, error)
LoadServerConfig loads the ServerConfig for the server from the corresponding config file. It reads the siging key pair and the VRF key pair into the ServerConfig instance and updates the path of TLS certificate files of each Address to absolute path.
type ServerPolicies ¶
type ServerPolicies struct { EpochDeadline protocol.Timestamp `toml:"epoch_deadline"` VRFKeyPath string `toml:"vrf_key_path"` SignKeyPath string `toml:"sign_key_path"` // it should be a part of policies, see #47 // contains filtered or unexported fields }
ServerPolicies contains a server's CONIKS policies configuration including paths to the VRF private key, the signing private key and the epoch deadline value in seconds.
Directories ¶
Path | Synopsis |
---|---|
Executable CONIKS key server.
|
Executable CONIKS key server. |
internal/cmd
Package cmd implements the CLI commands for a CONIKS key server.
|
Package cmd implements the CLI commands for a CONIKS key server. |
Package testutil provides utility functions for writing server tests and generating a test server configuration.
|
Package testutil provides utility functions for writing server tests and generating a test server configuration. |