signatory

package
v1.0.0-beta1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Oct 31, 2022 License: MIT Imports: 25 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var (
	// ErrVaultNotFound error return when a vault is not found
	ErrVaultNotFound = errors.Wrap(stderr.New("this key not found in any vault"), http.StatusNotFound)
	// ErrNotSafeToSign error returned when an operation is a potential duplicate
	ErrNotSafeToSign = errors.Wrap(stderr.New("not safe to sign"), http.StatusForbidden)
)

Functions

func PreparePolicy 

func PreparePolicy(src config.TezosConfig) (map[string]*Policy, error)

PreparePolicy prepares policy data by hashing keys etc

func SignRequestAuthenticatedBytes 

func SignRequestAuthenticatedBytes(req *SignRequest) ([]byte, error)

Types

type Config 

type Config struct {
	Policy       map[string]*Policy
	Vaults       map[string]*config.VaultConfig
	Interceptor  SignInterceptor
	Watermark    Watermark
	Logger       log.FieldLogger
	VaultFactory vault.Factory
	PolicyHook   *PolicyHook
}

Config represents Signatory configuration

type FileWatermark 

type FileWatermark struct {
	BaseDir string
	// contains filtered or unexported fields
}

func (*FileWatermark) IsSafeToSign 

func (f *FileWatermark) IsSafeToSign(pkh string, hash []byte, msg tezos.UnsignedMessage) error

type IgnoreWatermark 

type IgnoreWatermark struct{}

IgnoreWatermark watermark that do not validation and return true

func (IgnoreWatermark) IsSafeToSign 

func (w IgnoreWatermark) IsSafeToSign(pkh string, hash []byte, msg tezos.UnsignedMessage) error

IsSafeToSign always return true

type InMemoryWatermark 

type InMemoryWatermark struct {
	// contains filtered or unexported fields
}

InMemoryWatermark keep previous operation in memory

func (*InMemoryWatermark) IsSafeToSign 

func (w *InMemoryWatermark) IsSafeToSign(pkh string, hash []byte, msg tezos.UnsignedMessage) error

IsSafeToSign return true if this msgID is safe to sign

type Policy 

type Policy struct {
	AllowedRequests     []string
	AllowedOps          []string
	LogPayloads         bool
	AuthorizedKeyHashes []string
}

Policy contains policy data related to the key

type PolicyHook 

type PolicyHook struct {
	Address string
	Auth    auth.AuthorizedKeysStorage
}

type PolicyHookReply 

type PolicyHookReply struct {
	Payload   json.RawMessage `json:"payload"`
	Signature string          `json:"signature"`
}

type PolicyHookReplyPayload 

type PolicyHookReplyPayload struct {
	Status        int    `json:"status"` // reflects the HTTP status
	Error         string `json:"error"`
	PublicKeyHash string `json:"public_key_hash"` // the key used to sign the reply
	Nonce         []byte `json:"nonce"`
}

type PolicyHookRequest 

type PolicyHookRequest struct {
	Request       []byte `json:"request"`
	Source        net.IP `json:"source"`
	ClientKeyHash string `json:"client_key_hash,omitempty"`
	PublicKeyHash string `json:"public_key_hash"`
	Nonce         []byte `json:"nonce"`
}

type PublicKey 

type PublicKey struct {
	PublicKey     string
	PublicKeyHash string
	VaultName     string
	ID            string
	Policy        *Policy
	Active        bool
}

PublicKey contains base58 encoded public key with its hash

type SignInterceptor 

type SignInterceptor func(opt *SignInterceptorOptions, sing func() error) error

SignInterceptor is an observer function for signing request

type SignInterceptorOptions 

type SignInterceptorOptions struct {
	Address string
	Vault   string
	Req     string
	Stat    tezos.OperationsStat
}

SignInterceptorOptions contains SignInterceptor arguments to avoid confusion

type SignRequest 

type SignRequest struct {
	ClientPublicKeyHash string // optional, see policy
	PublicKeyHash       string
	Source              net.IP // optional caller address
	Message             []byte
}

SignRequest represents a sign request which may be authenticated with the client key

type Signatory 

type Signatory struct {
	// contains filtered or unexported fields
}

Signatory is a struct coordinate signatory action and select vault according to the key being used

func New 

func New(ctx context.Context, c *Config) (*Signatory, error)

New returns Signatory instance

func (*Signatory) GetPublicKey 

func (s *Signatory) GetPublicKey(ctx context.Context, keyHash string) (*PublicKey, error)

GetPublicKey retrieve the public key from a vault

func (*Signatory) Import 

func (s *Signatory) Import(ctx context.Context, importerName string, secretKey string, passCB tezos.PassphraseFunc, opt utils.Options) (*PublicKey, error)

Import a keyPair inside the vault

func (*Signatory) ListPublicKeys 

func (s *Signatory) ListPublicKeys(ctx context.Context) ([]*PublicKey, error)

ListPublicKeys retrieve the list of all public keys supported by the current configuration

func (*Signatory) Ready 

func (s *Signatory) Ready(ctx context.Context) (bool, error)

Ready returns true if all backends are ready

func (*Signatory) Sign 

func (s *Signatory) Sign(ctx context.Context, req *SignRequest) (string, error)

Sign ask the vault to sign a message with the private key associated to keyHash

func (*Signatory) Unlock 

func (s *Signatory) Unlock(ctx context.Context) error

Unlock unlock all the vaults

type Watermark 

type Watermark interface {
	IsSafeToSign(pkh string, hash []byte, msg tezos.UnsignedMessage) error
}

Watermark tests level against stored high watermark

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.