revision

package
v1.10.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jun 2, 2022 License: Apache-2.0 Imports: 16 Imported by: 0

Documentation

Overview

Package revision defines the internal structure of the revision token and utilities for marshal/unmarshal which also encrypts/decrypts the payload.

Package revision defines the internal structure of the revision token and utilities for marshal/unmarshal which also encrypts/decrypts the payload.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type Base64Bytes

type Base64Bytes []byte

Base64Bytes is a type that parses a base64-encoded string into a []byte.

func (*Base64Bytes) EnvDecode

func (b *Base64Bytes) EnvDecode(val string) error

EnvDecode implements envconfig.Decoder to decode a base64 value into a []byte. If an error occurs, it is returned.

type Config

type Config struct {
	// Crypto key to use for wrapping/unwrapping the revision token cipher blocks.
	KeyID     string      `env:"REVISION_TOKEN_KEY_ID"`
	AAD       Base64Bytes `env:"REVISION_TOKEN_AAD"` // must be base64 encoded, may come from secret://
	MinLength uint        `env:"REVISION_TOKEN_MIN_LENGTH, default=28"`
}

Config represents the configuration and associated environment variables for handling revision tokens.

type TokenManager

type TokenManager struct {
	// contains filtered or unexported fields
}

TokenManager is responsible for creating and unlocking revision tokens.

func New

func New(ctx context.Context, db *database.RevisionDB, cacheDuration time.Duration, minTokenSize uint) (*TokenManager, error)

New creates a new TokenManager that uses a database handle to manage a cache of allowed revision keys.

func (*TokenManager) MakeRevisionToken

func (tm *TokenManager) MakeRevisionToken(ctx context.Context, previous *pb.RevisionTokenData, eKeys []*model.Exposure, aad []byte) ([]byte, error)

MakeRevisionToken turns the TEK data from a given publish request into an encrypted protocol buffer revision token. This is using envelope encryption, based on the currently active revision key.

func (*TokenManager) UnmarshalRevisionToken

func (tm *TokenManager) UnmarshalRevisionToken(ctx context.Context, tokenBytes []byte, aad []byte) (*pb.RevisionTokenData, error)

UnmarshalRevisionToken unmarshals a revision token, decrypts the payload, and returns the TEK data that was contained in the token if valid.

The incoming key ID is used to determine if this token can still be unlocked.

Directories

Path Synopsis
Package database contains the management of interactions with the database for createion and storage of the wrapped keys that encrypet revision certificates.
Package database contains the management of interactions with the database for createion and storage of the wrapped keys that encrypet revision certificates.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL