internal

package
v0.0.0-...-31984ad Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 14, 2024 License: Apache-2.0 Imports: 24 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func BindTokenToCertThumbprint 

func BindTokenToCertThumbprint(token jwt.Token, certThumbprint string) (jwt.Token, error)

func CalculateCertThumbprint 

func CalculateCertThumbprint(cert *x509.Certificate) string

func CreateJwks 

func CreateJwks(publicOnly bool, keys ...jwk.Key) (jwk.Set, error)

func LoadJwksFromFile 

func LoadJwksFromFile(path string) (jwk.Set, error)

func ParseKeyFromPemBytes 

func ParseKeyFromPemBytes(pemBytes []byte) (jwk.Key, error)

func ParseURLEncodedPEM 

func ParseURLEncodedPEM(urlEncodedPEM string) (*x509.Certificate, error)

Takes the URL-encoded PEM string and returns the parsed certificate

func VerifyTokenBindingX5T 

func VerifyTokenBindingX5T(token jwt.Token, cert *x509.Certificate) error

Types

type Config 

type Config struct {
	Address              string             `mapstructure:"address" validate:"required"`
	DeviceVerifyJwksPath string             `mapstructure:"device_verify_jwks_path" validate:"required"`
	EmbeddedOpa          *EmbeddedOpaConfig `mapstructure:"embedded_opa"`
	Session              *SessionConfig     `mapstructure:"session"`
	Profiles             []*ProfileConfig   `mapstructure:"profiles" validate:"required,dive"`
}

func ReadConfig 

func ReadConfig(path string) (*Config, error)

type CredentialsConfig 

type CredentialsConfig struct {
}

type DeviceTokenVerifier 

type DeviceTokenVerifier struct {
	// contains filtered or unexported fields
}

func NewDeviceTokenVerifier 

func NewDeviceTokenVerifier(
	verifyJwks jwk.Set,
	bindingMethod TokenBindingMethod,
) (*DeviceTokenVerifier, error)

func (*DeviceTokenVerifier) Verify 

func (v *DeviceTokenVerifier) Verify(tokenStr string) (jwt.Token, error)

type EmbeddedOpaConfig 

type EmbeddedOpaConfig struct {
	ConfigPath           string `mapstructure:"config_path" validate:"required"`
	SimulationConfigPath string `mapstructure:"simulation_config_path"`
}

type OPAInstance 

type OPAInstance interface {
	Decision(request sdk.DecisionOptions) (*sdk.DecisionResult, error)
	Stop()
}

func NewEmbeddedOPA 

func NewEmbeddedOPA(id string, configPath string) (OPAInstance, error)

type PEPServer 

type PEPServer struct {
	SessionTokenManager SessionTokenManager
	// contains filtered or unexported fields
}

func NewPEPServer 

func NewPEPServer(
	cfg Config,
	basePath string,
) (*PEPServer, error)

func (*PEPServer) Start 

func (s *PEPServer) Start() error

func (*PEPServer) Stop 

func (s *PEPServer) Stop()

type PepResultError 

type PepResultError struct {
	ErrorCode   string                 `json:"errorCode,omitempty"`
	Description string                 `json:"description,omitempty"`
	Decision    map[string]interface{} `json:"decision,omitempty"`
}

type ProfileConfig 

type ProfileConfig struct {
	Name                      string             `mapstructure:"name" validate:"required"`
	DeviceTokenBindingMethod  TokenBindingMethod `mapstructure:"device_token_binding_method" validate:"required"`
	RequireDeviceToken        bool               `mapstructure:"require_device_token"`
	SessionTokenBindingMethod TokenBindingMethod `mapstructure:"session_token_binding_method" validate:"required"`
}

type RemoteOpaConfig 

type RemoteOpaConfig struct {
	Url         string             `mapstructure:"url" validate:"required"`
	Credentials *CredentialsConfig `mapstructure:"credentials"`
}

type SessionConfig 

type SessionConfig struct {
	SignPrivateKeyPath string `mapstructure:"sign_private_key_path" validate:"required"`
	VerifyJwksPath     string `mapstructure:"verify_jwks_path" validate:"required"`
}

type SessionTokenManager 

type SessionTokenManager struct {
	Issuer   string
	Audience []string
	// contains filtered or unexported fields
}

func NewSessionTokenManager 

func NewSessionTokenManager(
	verifyJwks jwk.Set,
	signKey jwk.Key,
	issuer string,
	audience []string,
) (*SessionTokenManager, error)

func (*SessionTokenManager) Issue 

func (manager *SessionTokenManager) Issue(
	subject string,
	duration time.Duration,
	certThumbprint string,
) (string, string, error)

func (*SessionTokenManager) Verify 

func (manager *SessionTokenManager) Verify(
	sessionToken string,
) (string, jwt.Token, error)

type TokenBindingMethod 

type TokenBindingMethod string
const (
	//  is the x5t token binding method, RFC8705
	TokenBindingX5T TokenBindingMethod = "x5t"
	// JKT is the jkt token binding method, RFC9449
	TokenBindingJKT TokenBindingMethod = "jkt"
	// NONE is the none token binding method
	TokenBindingNONE TokenBindingMethod = "none"
)

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.