Documentation
¶
Index ¶
- type CSRImportInput
- type CSRImportOutput
- type CSRStatusInput
- type CSRStatusOutput
- type Context
- type DecryptInput
- type DecryptOutput
- type EncryptInput
- type EncryptOutput
- type Endpoints
- type GetKeyIdInput
- type GetKeyIdOutput
- type GetSignatureCAInput
- type GetSignatureCAOutput
- type ImportInput
- type ImportOutput
- type KMS
- func (k *KMS) CSRImport(input *CSRImportInput) (*CSRImportOutput, error)
- func (k *KMS) CSRImportWithContext(ctx context.Context, input *CSRImportInput) (*CSRImportOutput, error)
- func (k *KMS) CSRStatus(input *CSRStatusInput) (*CSRStatusOutput, error)
- func (k *KMS) CSRStatusWithContext(ctx context.Context, input *CSRStatusInput) (*CSRStatusOutput, error)
- func (k *KMS) Decrypt(input *DecryptInput) (*DecryptOutput, error)
- func (k *KMS) DecryptWithContext(ctx context.Context, input *DecryptInput) (*DecryptOutput, error)
- func (k *KMS) Encrypt(input *EncryptInput) (*EncryptOutput, error)
- func (k *KMS) EncryptWithContext(ctx context.Context, input *EncryptInput) (*EncryptOutput, error)
- func (k *KMS) GetKeyId(input *GetKeyIdInput) (*GetKeyIdOutput, error)
- func (k *KMS) GetKeyIdWithContext(ctx context.Context, input *GetKeyIdInput) (*GetKeyIdOutput, error)
- func (k *KMS) GetSignatureCA(input *GetSignatureCAInput) (*GetSignatureCAOutput, error)
- func (k *KMS) GetSignatureCAWithContext(ctx context.Context, input *GetSignatureCAInput) (*GetSignatureCAOutput, error)
- func (k *KMS) Import(input *ImportInput) (*ImportOutput, error)
- func (k *KMS) ImportWithContext(ctx context.Context, input *ImportInput) (*ImportOutput, error)
- type KeyData
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type CSRImportInput ¶ added in v0.1.5
type CSRImportOutput ¶ added in v0.1.5
type CSRImportOutput struct {
Success bool `json:"success"`
}
type CSRStatusInput ¶ added in v0.1.5
type CSRStatusInput struct {
CommonName string `schema:"commonName" url:"commonName"`
TransactionID string `schema:"transactionId" url:"transactionId"` // `schema:"requestId" url:"requestId"`
}
See CSRImportInput struct for some details Those values are not passed as json, but as query params
type CSRStatusOutput ¶ added in v0.1.5
type DecryptInput ¶
type DecryptInput struct {
ID uint32 `json:"id"`
KeyID string `json:"keyid" validate:"nonzero"`
VaultID string `json:"vaultid" validate:"nonzero"`
Algorithm string `json:"algorithm,omitempty"`
Context map[string]string `json:"context,omitempty"`
Payload string `json:"payload"`
Iv string `json:"iv"`
}
DecryptInput contains a payload to be decrypted by DuoKey. An Iv can be passed if needed Validation is done by calling request.New.
type DecryptOutput ¶
type DecryptOutput struct {
Success bool `json:"success"`
Result struct {
KeyID string `json:"keyid" validate:"nonzero"`
Algorithm string `json:"algorithm"`
Payload []byte `json:"payload" validate:"nonzero"`
ID uint32 `json:"id"`
} `json:"result" validate:"nonzero"`
TargetURL *string `json:"targetUrl"`
Error *string `json:"error"`
ABP bool `json:"__abp"`
}
DecryptOutput contains the deserialized payload returned by the DuoKey server. Validation is done by calling request.Send.
type EncryptInput ¶
type EncryptInput struct {
ID uint32 `json:"id"`
KeyID string `json:"keyid" validate:"nonzero"`
VaultID string `json:"vaultid" validate:"nonzero"`
Algorithm string `json:"algorithm,omitempty"`
Context map[string]string `json:"context,omitempty"`
Payload []byte `json:"payload"`
}
EncryptInput contains a payload to be encrypted by DuoKey. DuoKey determines the encryption algorithm from the VaultID and KeyId. The optional field Algorithm allows you to specify a chaining mode or a padding scheme. An initial vector or a tag can be supplied using the Context field. Validation is done by calling request.New.
type EncryptOutput ¶
type EncryptOutput struct {
Success bool `json:"success"`
Result struct {
KeyID string `json:"keyid" validate:"nonzero"`
Algorithm string `json:"algorithm"`
EncryptedPayload string `json:"encryptedPayload" validate:"nonzero"`
ID uint32 `json:"id"`
Iv string `json:"initializationVector"`
} `json:"result" validate:"nonzero"`
TargetURL *string `json:"targetUrl"`
Error *string `json:"error"`
ABP bool `json:"__abp"`
}
EncryptOutput contains the deserialized payload returned by the DuoKey server. Validation is done by calling request.Send. For AES-GCM operation, the Iv is also found in the payload and needed for the decrypt operation
type Endpoints ¶
type Endpoints struct {
BaseURL string `mapstructure:"base-url"`
EncryptRoute string `mapstructure:"encrypt-route"`
DecryptRoute string `mapstructure:"decrypt-route"`
ImportRoute string `mapstructure:"import-route"`
GetKeyIdRoute string `mapstructure:"getkeyid-route"`
CSRImportRoute string `mapstructure:"getkeyid-route"`
CSRStatusRoute string `mapstructure:"getkeyid-route"`
GetSignatureCA string `mapstructure:"getsignatureca-route"`
}
Endpoints of the crypto services (all routes of the DuoKey REST API are customizable)
type GetKeyIdInput ¶ added in v0.1.4
type GetKeyIdInput struct {
ExternalID string `schema:"externalId" url:"externalId"`
}
GetKeyIdInput retrives key information.
type GetKeyIdOutput ¶ added in v0.1.4
type GetKeyIdOutput struct {
Success bool `json:"success"`
Result struct {
Key KeyData `json:"key" validate:"nonzero"`
VaultName string `json:"vaultName"`
VaultType uint32 `json:"vaultType"`
} `json:"result" validate:"nonzero"`
TargetURL *string `json:"targetUrl"`
Error *string `json:"error"`
ABP bool `json:"__abp"`
}
GetKeyIdOutput contains key information. Validation is done by calling request.Send.
type GetSignatureCAInput ¶ added in v0.1.5
type GetSignatureCAInput struct {
ScepExternalId string `schema:"scepExternalId" url:"scepExternalId"`
}
type GetSignatureCAOutput ¶ added in v0.1.5
type ImportInput ¶ added in v0.1.1
type ImportOutput ¶ added in v0.1.1
type KMS ¶
KMS implements the KMSAPI interface
func NewClient ¶ added in v0.0.7
func NewClient(credentials credentials.Config, endpoints Endpoints) (*KMS, error)
New checks the credentials and returns a KMS client with the default logger.
func NewClientWithLogger ¶ added in v0.0.7
func NewClientWithLogger(credentials credentials.Config, endpoints Endpoints, logger duokey.Logger) (*KMS, error)
New checks the credentials and returns a KMS client with a custom logger.
func (*KMS) CSRImport ¶ added in v0.1.5
func (k *KMS) CSRImport(input *CSRImportInput) (*CSRImportOutput, error)
func (*KMS) CSRImportWithContext ¶ added in v0.1.5
func (k *KMS) CSRImportWithContext(ctx context.Context, input *CSRImportInput) (*CSRImportOutput, error)
func (*KMS) CSRStatus ¶ added in v0.1.5
func (k *KMS) CSRStatus(input *CSRStatusInput) (*CSRStatusOutput, error)
func (*KMS) CSRStatusWithContext ¶ added in v0.1.5
func (k *KMS) CSRStatusWithContext(ctx context.Context, input *CSRStatusInput) (*CSRStatusOutput, error)
func (*KMS) Decrypt ¶
func (k *KMS) Decrypt(input *DecryptInput) (*DecryptOutput, error)
Decrypt API operation for DuoKey
func (*KMS) DecryptWithContext ¶
func (k *KMS) DecryptWithContext(ctx context.Context, input *DecryptInput) (*DecryptOutput, error)
DecryptWithContext is the same operation as Decrypt. It is however possible to pass a non-nil context.
func (*KMS) Encrypt ¶
func (k *KMS) Encrypt(input *EncryptInput) (*EncryptOutput, error)
Encrypt API operation for DuoKey
func (*KMS) EncryptWithContext ¶
func (k *KMS) EncryptWithContext(ctx context.Context, input *EncryptInput) (*EncryptOutput, error)
EncryptWithContext is the same operation as Encrypt. It is however possible to pass a non-nil context.
func (*KMS) GetKeyId ¶ added in v0.1.4
func (k *KMS) GetKeyId(input *GetKeyIdInput) (*GetKeyIdOutput, error)
Get Key By Id
func (*KMS) GetKeyIdWithContext ¶ added in v0.1.4
func (k *KMS) GetKeyIdWithContext(ctx context.Context, input *GetKeyIdInput) (*GetKeyIdOutput, error)
GetKeyIdWithContext is the same operation as GetKeyId. It is however possible to pass a non-nil context.
func (*KMS) GetSignatureCA ¶ added in v0.1.5
func (k *KMS) GetSignatureCA(input *GetSignatureCAInput) (*GetSignatureCAOutput, error)
func (*KMS) GetSignatureCAWithContext ¶ added in v0.1.5
func (k *KMS) GetSignatureCAWithContext(ctx context.Context, input *GetSignatureCAInput) (*GetSignatureCAOutput, error)
func (*KMS) Import ¶ added in v0.1.1
func (k *KMS) Import(input *ImportInput) (*ImportOutput, error)
func (*KMS) ImportWithContext ¶ added in v0.1.1
func (k *KMS) ImportWithContext(ctx context.Context, input *ImportInput) (*ImportOutput, error)
type KeyData ¶ added in v0.1.4
type KeyData struct {
Name string `json:"name"`
Size int `json:"size"`
PublicKey string `json:"publicKey"`
IsEnabled bool `json:"isEnabled"`
State int `json:"state"`
ExternalId string `json:"externalId"`
ActivationTime string `json:"activationTime"`
IsDecrypt bool `json:"isDecrypt"`
IsEncrypt bool `json:"isEncrypt"`
IsWrap bool `json:"isWrap"`
IsUnwrap bool `json:"isUnwrap"`
IsDeriveKey bool `json:"isDeriveKey"`
IsMacGenerate bool `json:"isMacGenerate"`
IsMacVerify bool `json:"isMacVerify"`
IsAppManageable bool `json:"isAppManageable"`
IsSign bool `json:"isSign"`
IsVerify bool `json:"isVerify"`
IsAgreeKey bool `json:"isAgreeKey"`
IsExport bool `json:"isExport"`
IsAuditLogEnable bool `json:"isAuditLogEnable"`
Type string `json:"type"`
DeactivationTime string `json:"deactivationTime"`
Reason int `json:"reason"`
CompromiseTime string `json:"compromiseTime"`
Comment string `json:"comment"`
PublishPublicKey bool `json:"publishPublicKey"`
VaultId string `json:"vaultId"`
Id string `json:"id"`
}
Source Files
Directories
Click to show internal directories.
Click to hide internal directories.