revision

package

v0.18.3 Latest Latest Go to latest Published: Jan 9, 2021 License: Apache-2.0 Imports: 16 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/google/exposure-notifications-server

Links

Open Source Insights

Documentation ¶

Overview ¶

Package revision defines the internal structure of the revision token and utilities for marshal/unmarshal which also encrypts/decrypts the payload.

Index ¶

type Base64Bytes
- func (b *Base64Bytes) EnvDecode(val string) error
type Config
type TokenManager
- func New(ctx context.Context, db *database.RevisionDB, cacheDuration time.Duration, ...) (*TokenManager, error)
- func (tm *TokenManager) MakeRevisionToken(ctx context.Context, previous *pb.RevisionTokenData, eKeys []*model.Exposure, ...) ([]byte, error)
- func (tm *TokenManager) UnmarshalRevisionToken(ctx context.Context, tokenBytes []byte, aad []byte) (*pb.RevisionTokenData, error)

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type Base64Bytes ¶

type Base64Bytes []byte

Base64Bytes is a type that parses a base64-encoded string into a []byte.

func (*Base64Bytes) EnvDecode ¶

func (b *Base64Bytes) EnvDecode(val string) error

EnvDecode implements envconfig.Decoder to decode a base64 value into a []byte. If an error occurs, it is returned.

type Config ¶

type Config struct {
	// Crypto key to use for wrapping/unwrapping the revision token cipher blocks.
	KeyID     string      `env:"REVISION_TOKEN_KEY_ID"`
	AAD       Base64Bytes `env:"REVISION_TOKEN_AAD"` // must be base64 encoded, may come from secret://
	MinLength uint        `env:"REVISION_TOKEN_MIN_LENGTH, default=28"`
}

Config represents the configuration and associated environment variables for handling revision tokens.

type TokenManager ¶

type TokenManager struct {
	// contains filtered or unexported fields
}

TokenManager is responsible for creating and unlocking revision tokens.

func New ¶

func New(ctx context.Context, db *database.RevisionDB, cacheDuration time.Duration, minTokenSize uint) (*TokenManager, error)

New creates a new TokenManager that uses a database handle to manage a cache of allowed revision keys.

func (*TokenManager) MakeRevisionToken ¶

func (tm *TokenManager) MakeRevisionToken(ctx context.Context, previous *pb.RevisionTokenData, eKeys []*model.Exposure, aad []byte) ([]byte, error)

MakeRevisionToken turns the TEK data from a given publish request into an encrypted protocol buffer revision token. This is using envelope encryption, based on the currently active revision key.

func (*TokenManager) UnmarshalRevisionToken ¶

func (tm *TokenManager) UnmarshalRevisionToken(ctx context.Context, tokenBytes []byte, aad []byte) (*pb.RevisionTokenData, error)

UnmarshalRevisionToken unmarshals a revision token, decrypts the payload, and returns the TEK data that was contained in the token if valid.

The incoming key ID is used to determine if this token can still be unlocked.

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
database Package database contains the management of interactions with the database for createion and storage of the wrapped keys that encrypet revision certificates.	Package database contains the management of interactions with the database for createion and storage of the wrapped keys that encrypet revision certificates.

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL