kms

package
v1.3.24 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jan 6, 2022 License: Apache-2.0 Imports: 25 Imported by: 4

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func ParseCryptoKeyStoreConfig

func ParseCryptoKeyStoreConfig(cfg string) (map[string]interface{}, error)

ParseCryptoKeyStoreConfig parses crypto key store default configuration, e.g. default token name and configuration.

Types

type CryptoKey

type CryptoKey struct {
	Config *CryptoKeyConfig   `json:"config,omitempty" xml:"config,omitempty" yaml:"config,omitempty"`
	Sign   *CryptoKeyOperator `json:"sign,omitempty" xml:"sign,omitempty" yaml:"sign,omitempty"`
	Verify *CryptoKeyOperator `json:"verify,omitempty" xml:"verify,omitempty" yaml:"verify,omitempty"`
}

CryptoKey contains a crypto graphic key and associated metadata.

func GetKeysFromConfig

func GetKeysFromConfig(cfg *CryptoKeyConfig) ([]*CryptoKey, error)

GetKeysFromConfig loads keys from a single key config.

func GetKeysFromConfigs

func GetKeysFromConfigs(cfgs []*CryptoKeyConfig) ([]*CryptoKey, error)

GetKeysFromConfigs loads keys from one or more key configs.

func (*CryptoKey) ProvideKey

func (k *CryptoKey) ProvideKey(token *jwtlib.Token) (interface{}, error)

ProvideKey returns the appropriate encryption key.

func (*CryptoKey) SignToken

func (k *CryptoKey) SignToken(signMethod interface{}, usr *user.User) error

SignToken signs data using the requested method and returns it as string.

type CryptoKeyConfig

type CryptoKeyConfig struct {
	// Seq is the order in which a key would be processed.
	Seq int `json:"seq,omitempty" xml:"seq,omitempty" yaml:"seq,omitempty"`
	// ID is the key ID, aka kid.
	ID string `json:"id,omitempty" xml:"id,omitempty" yaml:"id,omitempty"`
	// Usage is the intended key usage. The values are: sign, verify, both,
	// or auto.
	Usage string `json:"usage,omitempty" xml:"usage,omitempty" yaml:"usage,omitempty"`
	// TokenName is the token name associated with the key.
	TokenName string `json:"token_name,omitempty" xml:"token_name,omitempty" yaml:"token_name,omitempty"`
	// Source is either config or env.
	Source string `json:"source,omitempty" xml:"source,omitempty" yaml:"source,omitempty"`
	// Algorithm is either hmac, rsa, or ecdsa.
	Algorithm string `json:"algorithm,omitempty" xml:"algorithm,omitempty" yaml:"algorithm,omitempty"`
	// EnvVarName is the name of environment variables holding either the value of
	// a key or the path a directory or file containing a key.
	EnvVarName string `json:"env_var_name,omitempty" xml:"env_var_name,omitempty" yaml:"env_var_name,omitempty"`
	// EnvVarType indicates how to interpret the value found in the EnvVarName. If
	// it is blank, then the assumption is the environment variable value
	// contains either public or private key.
	EnvVarType string `json:"env_var_type,omitempty" xml:"env_var_type,omitempty" yaml:"env_var_type,omitempty"`
	// EnvVarValue is the value associated with the environment variable set by EnvVarName.
	EnvVarValue string `json:"env_var_value,omitempty" xml:"env_var_value,omitempty" yaml:"env_var_value,omitempty"`
	// FilePath is the path of a file containing either private or public key.
	FilePath string `json:"file_path,omitempty" xml:"file_path,omitempty" yaml:"file_path,omitempty"`
	// DirPath is the path to a directory containing crypto keys.
	DirPath string `json:"dir_path,omitempty" xml:"dir_path,omitempty" yaml:"dir_path,omitempty"`
	// TokenLifetime is the expected token grant lifetime in seconds.
	TokenLifetime int `json:"token_lifetime,omitempty" xml:"token_lifetime,omitempty" yaml:"token_lifetime,omitempty"`
	// Secret is the shared key used with HMAC algorithm.
	Secret string `json:"token_secret,omitempty" xml:"token_secret" yaml:"token_secret"`
	// PreferredSignMethod is the preferred method to sign tokens, e.g.
	// all HMAC keys could use HS256, HS384, and HS512 methods. By default,
	// the preferred method is HS512. However, one may prefer using HS256.
	PreferredSignMethod string `json:"token_sign_method,omitempty" xml:"token_sign_method,omitempty" yaml:"token_sign_method,omitempty"`
	// EvalExpr is a list of expressions evaluated whether a specific key
	// should be used for signing and verification.
	EvalExpr []string `json:"token_eval_expr,omitempty" xml:"token_eval_expr" yaml:"token_eval_expr"`
	// contains filtered or unexported fields
}

CryptoKeyConfig is common token-related configuration settings.

func ParseCryptoKeyConfigs

func ParseCryptoKeyConfigs(cfg string) ([]*CryptoKeyConfig, error)

ParseCryptoKeyConfigs parses crypto key configurations.

func (*CryptoKeyConfig) ToString

func (k *CryptoKeyConfig) ToString() string

ToString returns string representation of a crypto key config.

type CryptoKeyOperator

type CryptoKeyOperator struct {
	Token   *CryptoKeyTokenOperator `json:"token,omitempty" xml:"token,omitempty" yaml:"token,omitempty"`
	Secret  interface{}             `json:"secret,omitempty" xml:"secret,omitempty" yaml:"secret,omitempty"`
	Capable bool                    `json:"capable,omitempty" xml:"capable,omitempty" yaml:"capable,omitempty"`
}

CryptoKeyOperator represents CryptoKey operator.

func NewCryptoKeyOperator

func NewCryptoKeyOperator() *CryptoKeyOperator

NewCryptoKeyOperator returns an instance of CryptoKeyOperator.

type CryptoKeyStore

type CryptoKeyStore struct {
	// contains filtered or unexported fields
}

CryptoKeyStore constains keys assembled for a specific purpose, i.e. signing or validation.

func NewCryptoKeyStore

func NewCryptoKeyStore() *CryptoKeyStore

NewCryptoKeyStore returns a new instance of CryptoKeyStore

func (*CryptoKeyStore) AddDefaults

func (ks *CryptoKeyStore) AddDefaults(m map[string]interface{}) error

AddDefaults adds default settings to CryptoKeyStore.

func (*CryptoKeyStore) AddKey

func (ks *CryptoKeyStore) AddKey(k *CryptoKey) error

AddKey adds CryptoKey instance to CryptoKeyStore.

func (*CryptoKeyStore) AddKeys

func (ks *CryptoKeyStore) AddKeys(keys []*CryptoKey) error

AddKeys adds CryptoKey instances to CryptoKeyStore.

func (*CryptoKeyStore) AddKeysWithConfigs

func (ks *CryptoKeyStore) AddKeysWithConfigs(cfgs []*CryptoKeyConfig) error

AddKeysWithConfigs adds CryptoKey instances by providing their configurations to CryptoKeyStore.

func (*CryptoKeyStore) AutoGenerate

func (ks *CryptoKeyStore) AutoGenerate(tag, algo string) error

AutoGenerate auto-generates public-private key pair capable of both signing and verifying tokens.

func (*CryptoKeyStore) GetKeys

func (ks *CryptoKeyStore) GetKeys() []*CryptoKey

GetKeys returns CryptoKey instances from CryptoKeyStore.

func (*CryptoKeyStore) GetSignKeys

func (ks *CryptoKeyStore) GetSignKeys() []*CryptoKey

GetSignKeys returns CryptoKey instances with key signing capabilities from CryptoKeyStore.

func (*CryptoKeyStore) GetTokenLifetime

func (ks *CryptoKeyStore) GetTokenLifetime(tokenName, signMethod interface{}) int

GetTokenLifetime returns lifetime for a signed token.

func (*CryptoKeyStore) GetVerifyKeys

func (ks *CryptoKeyStore) GetVerifyKeys() []*CryptoKey

GetVerifyKeys returns CryptoKey instances with key verification capabilities from CryptoKeyStore.

func (*CryptoKeyStore) HasSignKeys

func (ks *CryptoKeyStore) HasSignKeys() error

HasSignKeys returns true if CryptoKeyStore has key signing capabilities.

func (*CryptoKeyStore) HasVerifyKeys

func (ks *CryptoKeyStore) HasVerifyKeys() error

HasVerifyKeys returns true if CryptoKeyStore has key verification capabilities.

func (*CryptoKeyStore) ParseToken

func (ks *CryptoKeyStore) ParseToken(tokenName, token string) (*user.User, error)

ParseToken parses JWT token and returns User instance.

func (*CryptoKeyStore) SetLogger

func (ks *CryptoKeyStore) SetLogger(logger *zap.Logger)

SetLogger adds a logger to CryptoKeyStore.

func (*CryptoKeyStore) SignToken

func (ks *CryptoKeyStore) SignToken(tokenName, signMethod interface{}, usr *user.User) error

SignToken signs user claims and add signed token to user identity.

type CryptoKeyTokenOperator

type CryptoKeyTokenOperator struct {
	ID               string                 `json:"id,omitempty" xml:"id,omitempty" yaml:"id,omitempty"`
	Name             string                 `json:"name,omitempty" xml:"name,omitempty" yaml:"name,omitempty"`
	MaxLifetime      int                    `json:"max_lifetime,omitempty" xml:"max_lifetime,omitempty" yaml:"max_lifetime,omitempty"`
	Methods          map[string]interface{} `json:"methods,omitempty" xml:"methods,omitempty" yaml:"methods,omitempty"`
	PreferredMethods []string               `json:"preferred_methods,omitempty" xml:"preferred_methods,omitempty" yaml:"preferred_methods,omitempty"`
	DefaultMethod    string                 `json:"default_method,omitempty" xml:"default_method,omitempty" yaml:"default_method,omitempty"`
	Capable          bool                   `json:"capable,omitempty" xml:"capable,omitempty" yaml:"capable,omitempty"`
	// contains filtered or unexported fields
}

CryptoKeyTokenOperator represents CryptoKeyOperator token operator.

func NewCryptoKeyTokenOperator

func NewCryptoKeyTokenOperator() *CryptoKeyTokenOperator

NewCryptoKeyTokenOperator returns an instance of CryptoKeyTokenOperator.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL