Documentation ¶
Index ¶
- func ParseCryptoKeyStoreConfig(cfg string) (map[string]interface{}, error)
- type CryptoKey
- type CryptoKeyConfig
- type CryptoKeyOperator
- type CryptoKeyStore
- func (ks *CryptoKeyStore) AddDefaults(m map[string]interface{}) error
- func (ks *CryptoKeyStore) AddKey(k *CryptoKey) error
- func (ks *CryptoKeyStore) AddKeys(keys []*CryptoKey) error
- func (ks *CryptoKeyStore) AddKeysWithConfigs(cfgs []*CryptoKeyConfig) error
- func (ks *CryptoKeyStore) AutoGenerate(tag, algo string) error
- func (ks *CryptoKeyStore) GetKeys() []*CryptoKey
- func (ks *CryptoKeyStore) GetSignKeys() []*CryptoKey
- func (ks *CryptoKeyStore) GetTokenLifetime(tokenName, signMethod interface{}) int
- func (ks *CryptoKeyStore) GetVerifyKeys() []*CryptoKey
- func (ks *CryptoKeyStore) HasSignKeys() error
- func (ks *CryptoKeyStore) HasVerifyKeys() error
- func (ks *CryptoKeyStore) ParseToken(tokenName, token string) (*user.User, error)
- func (ks *CryptoKeyStore) SetLogger(logger *zap.Logger)
- func (ks *CryptoKeyStore) SignToken(tokenName, signMethod interface{}, usr *user.User) error
- type CryptoKeyTokenOperator
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func ParseCryptoKeyStoreConfig ¶
ParseCryptoKeyStoreConfig parses crypto key store default configuration, e.g. default token name and configuration.
Types ¶
type CryptoKey ¶
type CryptoKey struct { Config *CryptoKeyConfig `json:"config,omitempty" xml:"config,omitempty" yaml:"config,omitempty"` Sign *CryptoKeyOperator `json:"sign,omitempty" xml:"sign,omitempty" yaml:"sign,omitempty"` Verify *CryptoKeyOperator `json:"verify,omitempty" xml:"verify,omitempty" yaml:"verify,omitempty"` }
CryptoKey contains a crypto graphic key and associated metadata.
func GetKeysFromConfig ¶
func GetKeysFromConfig(cfg *CryptoKeyConfig) ([]*CryptoKey, error)
GetKeysFromConfig loads keys from a single key config.
func GetKeysFromConfigs ¶
func GetKeysFromConfigs(cfgs []*CryptoKeyConfig) ([]*CryptoKey, error)
GetKeysFromConfigs loads keys from one or more key configs.
func (*CryptoKey) ProvideKey ¶
ProvideKey returns the appropriate encryption key.
type CryptoKeyConfig ¶
type CryptoKeyConfig struct { // Seq is the order in which a key would be processed. Seq int `json:"seq,omitempty" xml:"seq,omitempty" yaml:"seq,omitempty"` // ID is the key ID, aka kid. ID string `json:"id,omitempty" xml:"id,omitempty" yaml:"id,omitempty"` // Usage is the intended key usage. The values are: sign, verify, both, // or auto. Usage string `json:"usage,omitempty" xml:"usage,omitempty" yaml:"usage,omitempty"` // TokenName is the token name associated with the key. TokenName string `json:"token_name,omitempty" xml:"token_name,omitempty" yaml:"token_name,omitempty"` // Source is either config or env. Source string `json:"source,omitempty" xml:"source,omitempty" yaml:"source,omitempty"` // Algorithm is either hmac, rsa, or ecdsa. Algorithm string `json:"algorithm,omitempty" xml:"algorithm,omitempty" yaml:"algorithm,omitempty"` // EnvVarName is the name of environment variables holding either the value of // a key or the path a directory or file containing a key. EnvVarName string `json:"env_var_name,omitempty" xml:"env_var_name,omitempty" yaml:"env_var_name,omitempty"` // EnvVarType indicates how to interpret the value found in the EnvVarName. If // it is blank, then the assumption is the environment variable value // contains either public or private key. EnvVarType string `json:"env_var_type,omitempty" xml:"env_var_type,omitempty" yaml:"env_var_type,omitempty"` // EnvVarValue is the value associated with the environment variable set by EnvVarName. EnvVarValue string `json:"env_var_value,omitempty" xml:"env_var_value,omitempty" yaml:"env_var_value,omitempty"` // FilePath is the path of a file containing either private or public key. FilePath string `json:"file_path,omitempty" xml:"file_path,omitempty" yaml:"file_path,omitempty"` // DirPath is the path to a directory containing crypto keys. DirPath string `json:"dir_path,omitempty" xml:"dir_path,omitempty" yaml:"dir_path,omitempty"` // TokenLifetime is the expected token grant lifetime in seconds. TokenLifetime int `json:"token_lifetime,omitempty" xml:"token_lifetime,omitempty" yaml:"token_lifetime,omitempty"` // Secret is the shared key used with HMAC algorithm. Secret string `json:"token_secret,omitempty" xml:"token_secret" yaml:"token_secret"` // PreferredSignMethod is the preferred method to sign tokens, e.g. // all HMAC keys could use HS256, HS384, and HS512 methods. By default, // the preferred method is HS512. However, one may prefer using HS256. PreferredSignMethod string `json:"token_sign_method,omitempty" xml:"token_sign_method,omitempty" yaml:"token_sign_method,omitempty"` // EvalExpr is a list of expressions evaluated whether a specific key // should be used for signing and verification. EvalExpr []string `json:"token_eval_expr,omitempty" xml:"token_eval_expr" yaml:"token_eval_expr"` // contains filtered or unexported fields }
CryptoKeyConfig is common token-related configuration settings.
func ParseCryptoKeyConfigs ¶
func ParseCryptoKeyConfigs(cfg string) ([]*CryptoKeyConfig, error)
ParseCryptoKeyConfigs parses crypto key configurations.
func (*CryptoKeyConfig) ToString ¶
func (k *CryptoKeyConfig) ToString() string
ToString returns string representation of a crypto key config.
type CryptoKeyOperator ¶
type CryptoKeyOperator struct { Token *CryptoKeyTokenOperator `json:"token,omitempty" xml:"token,omitempty" yaml:"token,omitempty"` Secret interface{} `json:"secret,omitempty" xml:"secret,omitempty" yaml:"secret,omitempty"` Capable bool `json:"capable,omitempty" xml:"capable,omitempty" yaml:"capable,omitempty"` }
CryptoKeyOperator represents CryptoKey operator.
func NewCryptoKeyOperator ¶
func NewCryptoKeyOperator() *CryptoKeyOperator
NewCryptoKeyOperator returns an instance of CryptoKeyOperator.
type CryptoKeyStore ¶
type CryptoKeyStore struct {
// contains filtered or unexported fields
}
CryptoKeyStore constains keys assembled for a specific purpose, i.e. signing or validation.
func NewCryptoKeyStore ¶
func NewCryptoKeyStore() *CryptoKeyStore
NewCryptoKeyStore returns a new instance of CryptoKeyStore
func (*CryptoKeyStore) AddDefaults ¶
func (ks *CryptoKeyStore) AddDefaults(m map[string]interface{}) error
AddDefaults adds default settings to CryptoKeyStore.
func (*CryptoKeyStore) AddKey ¶
func (ks *CryptoKeyStore) AddKey(k *CryptoKey) error
AddKey adds CryptoKey instance to CryptoKeyStore.
func (*CryptoKeyStore) AddKeys ¶
func (ks *CryptoKeyStore) AddKeys(keys []*CryptoKey) error
AddKeys adds CryptoKey instances to CryptoKeyStore.
func (*CryptoKeyStore) AddKeysWithConfigs ¶
func (ks *CryptoKeyStore) AddKeysWithConfigs(cfgs []*CryptoKeyConfig) error
AddKeysWithConfigs adds CryptoKey instances by providing their configurations to CryptoKeyStore.
func (*CryptoKeyStore) AutoGenerate ¶
func (ks *CryptoKeyStore) AutoGenerate(tag, algo string) error
AutoGenerate auto-generates public-private key pair capable of both signing and verifying tokens.
func (*CryptoKeyStore) GetKeys ¶
func (ks *CryptoKeyStore) GetKeys() []*CryptoKey
GetKeys returns CryptoKey instances from CryptoKeyStore.
func (*CryptoKeyStore) GetSignKeys ¶
func (ks *CryptoKeyStore) GetSignKeys() []*CryptoKey
GetSignKeys returns CryptoKey instances with key signing capabilities from CryptoKeyStore.
func (*CryptoKeyStore) GetTokenLifetime ¶
func (ks *CryptoKeyStore) GetTokenLifetime(tokenName, signMethod interface{}) int
GetTokenLifetime returns lifetime for a signed token.
func (*CryptoKeyStore) GetVerifyKeys ¶
func (ks *CryptoKeyStore) GetVerifyKeys() []*CryptoKey
GetVerifyKeys returns CryptoKey instances with key verification capabilities from CryptoKeyStore.
func (*CryptoKeyStore) HasSignKeys ¶
func (ks *CryptoKeyStore) HasSignKeys() error
HasSignKeys returns true if CryptoKeyStore has key signing capabilities.
func (*CryptoKeyStore) HasVerifyKeys ¶
func (ks *CryptoKeyStore) HasVerifyKeys() error
HasVerifyKeys returns true if CryptoKeyStore has key verification capabilities.
func (*CryptoKeyStore) ParseToken ¶
func (ks *CryptoKeyStore) ParseToken(tokenName, token string) (*user.User, error)
ParseToken parses JWT token and returns User instance.
func (*CryptoKeyStore) SetLogger ¶
func (ks *CryptoKeyStore) SetLogger(logger *zap.Logger)
SetLogger adds a logger to CryptoKeyStore.
type CryptoKeyTokenOperator ¶
type CryptoKeyTokenOperator struct { ID string `json:"id,omitempty" xml:"id,omitempty" yaml:"id,omitempty"` Name string `json:"name,omitempty" xml:"name,omitempty" yaml:"name,omitempty"` MaxLifetime int `json:"max_lifetime,omitempty" xml:"max_lifetime,omitempty" yaml:"max_lifetime,omitempty"` Methods map[string]interface{} `json:"methods,omitempty" xml:"methods,omitempty" yaml:"methods,omitempty"` PreferredMethods []string `json:"preferred_methods,omitempty" xml:"preferred_methods,omitempty" yaml:"preferred_methods,omitempty"` DefaultMethod string `json:"default_method,omitempty" xml:"default_method,omitempty" yaml:"default_method,omitempty"` Capable bool `json:"capable,omitempty" xml:"capable,omitempty" yaml:"capable,omitempty"` // contains filtered or unexported fields }
CryptoKeyTokenOperator represents CryptoKeyOperator token operator.
func NewCryptoKeyTokenOperator ¶
func NewCryptoKeyTokenOperator() *CryptoKeyTokenOperator
NewCryptoKeyTokenOperator returns an instance of CryptoKeyTokenOperator.