signatory

package

v1.1.8-RC0 Latest Latest Go to latest Published: May 28, 2024 License: Apache-2.0 Imports: 32 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/ecadlabs/signatory

Documentation ¶

Index ¶

Variables
func AuthenticatedBytesToSign(req *SignRequest) ([]byte, error)
type Config
type FileWatermark
- func NewFileWatermark(baseDir string) (*FileWatermark, error)
- func (f *FileWatermark) IsSafeToSign(pkh crypt.PublicKeyHash, req protocol.SignRequest, digest *crypt.Digest) error
type IgnoreWatermark
- func (w IgnoreWatermark) IsSafeToSign(crypt.PublicKeyHash, protocol.SignRequest, *crypt.Digest) error
type InMemoryWatermark
- func (w *InMemoryWatermark) IsSafeToSign(pkh crypt.PublicKeyHash, req protocol.SignRequest, digest *crypt.Digest) error
type Policy
- func PreparePolicy(src config.TezosConfig) (out Policy, err error)
type PolicyHook
type PolicyHookReply
type PolicyHookReplyPayload
type PolicyHookRequest
type PublicKey
type PublicKeyPolicy
type SignInterceptor
type SignInterceptorOptions
type SignRequest
type Signatory
- func New(ctx context.Context, c *Config) (*Signatory, error)
- func (s *Signatory) GetPublicKey(ctx context.Context, keyHash crypt.PublicKeyHash) (*PublicKey, error)
- func (s *Signatory) Import(ctx context.Context, importerName string, secretKey string, ...) (*PublicKey, error)
- func (s *Signatory) ListPublicKeys(ctx context.Context) ([]*PublicKey, error)
- func (s *Signatory) Ready(ctx context.Context) (bool, error)
- func (s *Signatory) Sign(ctx context.Context, req *SignRequest) (crypt.Signature, error)
- func (s *Signatory) Unlock(ctx context.Context) error
type Watermark

Constants ¶

This section is empty.

Variables ¶

View Source

var (
	// ErrVaultNotFound error return when a vault is not found
	ErrVaultNotFound = errors.Wrap(stderr.New("this key not found in any vault"), http.StatusNotFound)
	// ErrNotSafeToSign error returned when an operation is a potential duplicate
	ErrNotSafeToSign = errors.Wrap(stderr.New("not safe to sign"), http.StatusForbidden)
)

View Source

var ErrWatermark = errors.New("watermark validation failed")

Functions ¶

func AuthenticatedBytesToSign ¶

func AuthenticatedBytesToSign(req *SignRequest) ([]byte, error)

Types ¶

type Config ¶

type Config struct {
	Policy       Policy
	Vaults       map[string]*config.VaultConfig
	Interceptor  SignInterceptor
	Watermark    Watermark
	Logger       log.FieldLogger
	VaultFactory vault.Factory
	PolicyHook   *PolicyHook
}

Config represents Signatory configuration

type FileWatermark ¶

type FileWatermark struct {
	// contains filtered or unexported fields
}

func NewFileWatermark ¶ added in v1.1.1

func NewFileWatermark(baseDir string) (*FileWatermark, error)

func (*FileWatermark) IsSafeToSign ¶

func (f *FileWatermark) IsSafeToSign(pkh crypt.PublicKeyHash, req protocol.SignRequest, digest *crypt.Digest) error

type IgnoreWatermark ¶

type IgnoreWatermark struct{}

IgnoreWatermark watermark that do not validation and return true

func (IgnoreWatermark) IsSafeToSign ¶

func (w IgnoreWatermark) IsSafeToSign(crypt.PublicKeyHash, protocol.SignRequest, *crypt.Digest) error

IsSafeToSign always return true

type InMemoryWatermark ¶

type InMemoryWatermark struct {
	// contains filtered or unexported fields
}

InMemoryWatermark keep previous operation in memory

func (*InMemoryWatermark) IsSafeToSign ¶

func (w *InMemoryWatermark) IsSafeToSign(pkh crypt.PublicKeyHash, req protocol.SignRequest, digest *crypt.Digest) error

IsSafeToSign return true if this msgID is safe to sign

type Policy ¶

type Policy = hashmap.PublicKeyHashMap[*PublicKeyPolicy]

func PreparePolicy ¶

func PreparePolicy(src config.TezosConfig) (out Policy, err error)

PreparePolicy prepares policy data by hashing keys etc

type PolicyHook ¶

type PolicyHook struct {
	Address string
	Auth    auth.AuthorizedKeysStorage
}

type PolicyHookReply ¶

type PolicyHookReply struct {
	Payload   json.RawMessage `json:"payload"`
	Signature string          `json:"signature"`
}

type PolicyHookReplyPayload ¶

type PolicyHookReplyPayload struct {
	Status        int    `json:"status"` // reflects the HTTP status
	Error         string `json:"error"`
	PublicKeyHash string `json:"public_key_hash"` // the key used to sign the reply
	Nonce         []byte `json:"nonce"`
}

type PolicyHookRequest ¶

type PolicyHookRequest struct {
	Request       []byte `json:"request"`
	Source        net.IP `json:"source"`
	ClientKeyHash string `json:"client_key_hash,omitempty"`
	PublicKeyHash string `json:"public_key_hash"`
	Nonce         []byte `json:"nonce"`
}

type PublicKey ¶

type PublicKey struct {
	PublicKey     crypt.PublicKey
	PublicKeyHash crypt.PublicKeyHash
	VaultName     string
	ID            string
	Policy        *PublicKeyPolicy
	Active        bool
}

PublicKey contains public key with its hash

type PublicKeyPolicy ¶

type PublicKeyPolicy struct {
	AllowedRequests     []string
	AllowedOps          []string
	LogPayloads         bool
	AuthorizedKeyHashes []crypt.PublicKeyHash
	AuthorizedJwtUsers  []string
}

PublicKeyPolicy contains policy data related to the key

type SignInterceptor ¶

type SignInterceptor func(opt *SignInterceptorOptions, sing func() error) error

SignInterceptor is an observer function for signing request

type SignInterceptorOptions ¶

type SignInterceptorOptions struct {
	Address crypt.PublicKeyHash
	Vault   string
	Req     string
	Stat    operationsStat
}

SignInterceptorOptions contains SignInterceptor arguments to avoid confusion

type SignRequest ¶

type SignRequest struct {
	ClientPublicKeyHash crypt.PublicKeyHash // optional, see policy
	PublicKeyHash       crypt.PublicKeyHash
	Source              net.IP // optional caller address
	Message             []byte
}

SignRequest represents a sign request which may be authenticated with the client key

type Signatory ¶

type Signatory struct {
	// contains filtered or unexported fields
}

Signatory is a struct coordinate signatory action and select vault according to the key being used

func New ¶

func New(ctx context.Context, c *Config) (*Signatory, error)

New returns Signatory instance

func (*Signatory) GetPublicKey ¶

func (s *Signatory) GetPublicKey(ctx context.Context, keyHash crypt.PublicKeyHash) (*PublicKey, error)

GetPublicKey retrieve the public key from a vault

func (*Signatory) Import ¶

func (s *Signatory) Import(ctx context.Context, importerName string, secretKey string, passCB func() ([]byte, error), opt utils.Options) (*PublicKey, error)

Import a keyPair inside the vault

func (*Signatory) ListPublicKeys ¶

func (s *Signatory) ListPublicKeys(ctx context.Context) ([]*PublicKey, error)

ListPublicKeys retrieve the list of all public keys supported by the current configuration

func (*Signatory) Ready ¶

func (s *Signatory) Ready(ctx context.Context) (bool, error)

Ready returns true if all backends are ready

func (*Signatory) Sign ¶

func (s *Signatory) Sign(ctx context.Context, req *SignRequest) (crypt.Signature, error)

Sign ask the vault to sign a message with the private key associated to keyHash

func (*Signatory) Unlock ¶

func (s *Signatory) Unlock(ctx context.Context) error

Unlock unlock all the vaults

type Watermark ¶

type Watermark interface {
	IsSafeToSign(pkh crypt.PublicKeyHash, req protocol.SignRequest, digest *crypt.Digest) error
}

Watermark tests level against stored high watermark

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
request

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL