Documentation
¶
Index ¶
- Variables
- func ValidateMessage(msg proto.Message) error
- func X25519EncryptionKey(privKey []byte, privKeyType KEYTYPE, pubKey []byte, pubKeyType KEYTYPE) ([]byte, error)
- type CertificateBundle
- func (*CertificateBundle) Descriptor() ([]byte, []int)deprecated
- func (x *CertificateBundle) GetCaCertificateDer() []byte
- func (x *CertificateBundle) GetCertificateDer() []byte
- func (x *CertificateBundle) GetCertificateNotAfter() *timestamppb.Timestamp
- func (x *CertificateBundle) GetCertificateNotBefore() *timestamppb.Timestamp
- func (*CertificateBundle) ProtoMessage()
- func (x *CertificateBundle) ProtoReflect() protoreflect.Message
- func (x *CertificateBundle) Reset()
- func (x *CertificateBundle) String() string
- type DuplicateRecordError
- type EncryptionKey
- func (*EncryptionKey) Descriptor() ([]byte, []int)deprecated
- func (x *EncryptionKey) GetKeyId() string
- func (x *EncryptionKey) GetPrivateKeyPkcs8() []byte
- func (x *EncryptionKey) GetPrivateKeyType() KEYTYPE
- func (x *EncryptionKey) GetPublicKeyPkix() []byte
- func (x *EncryptionKey) GetPublicKeyType() KEYTYPE
- func (*EncryptionKey) ProtoMessage()
- func (x *EncryptionKey) ProtoReflect() protoreflect.Message
- func (x *EncryptionKey) Reset()
- func (x *EncryptionKey) String() string
- type FetchNodeCredentialsInfo
- func (*FetchNodeCredentialsInfo) Descriptor() ([]byte, []int)deprecated
- func (x *FetchNodeCredentialsInfo) GetCertificatePublicKeyPkix() []byte
- func (x *FetchNodeCredentialsInfo) GetCertificatePublicKeyType() KEYTYPE
- func (x *FetchNodeCredentialsInfo) GetEncryptionPublicKeyBytes() []byte
- func (x *FetchNodeCredentialsInfo) GetEncryptionPublicKeyType() KEYTYPE
- func (x *FetchNodeCredentialsInfo) GetId() string
- func (x *FetchNodeCredentialsInfo) GetNonce() []byte
- func (x *FetchNodeCredentialsInfo) GetNotAfter() *timestamppb.Timestamp
- func (x *FetchNodeCredentialsInfo) GetNotBefore() *timestamppb.Timestamp
- func (x *FetchNodeCredentialsInfo) GetPreviousCertificatePublicKeyPkix() []byte
- func (x *FetchNodeCredentialsInfo) GetWrappedRegistrationInfo() []byte
- func (x *FetchNodeCredentialsInfo) GetWrappingRegistrationFlowInfo() *WrappingRegistrationFlowInfo
- func (*FetchNodeCredentialsInfo) ProtoMessage()
- func (x *FetchNodeCredentialsInfo) ProtoReflect() protoreflect.Message
- func (x *FetchNodeCredentialsInfo) Reset()
- func (x *FetchNodeCredentialsInfo) String() string
- type FetchNodeCredentialsRequest
- func (*FetchNodeCredentialsRequest) Descriptor() ([]byte, []int)deprecated
- func (x *FetchNodeCredentialsRequest) GetBundle() []byte
- func (x *FetchNodeCredentialsRequest) GetBundleSignature() []byte
- func (x *FetchNodeCredentialsRequest) GetRewrappedWrappingRegistrationFlowInfo() []byte
- func (x *FetchNodeCredentialsRequest) GetRewrappingKeyId() string
- func (*FetchNodeCredentialsRequest) ProtoMessage()
- func (x *FetchNodeCredentialsRequest) ProtoReflect() protoreflect.Message
- func (x *FetchNodeCredentialsRequest) Reset()
- func (x *FetchNodeCredentialsRequest) String() string
- type FetchNodeCredentialsResponse
- func (*FetchNodeCredentialsResponse) Descriptor() ([]byte, []int)deprecated
- func (x *FetchNodeCredentialsResponse) GetEncryptedNodeCredentials() []byte
- func (x *FetchNodeCredentialsResponse) GetEncryptedNodeCredentialsSignature() []byte
- func (x *FetchNodeCredentialsResponse) GetServerEncryptionPublicKeyBytes() []byte
- func (x *FetchNodeCredentialsResponse) GetServerEncryptionPublicKeyType() KEYTYPE
- func (*FetchNodeCredentialsResponse) ProtoMessage()
- func (x *FetchNodeCredentialsResponse) ProtoReflect() protoreflect.Message
- func (x *FetchNodeCredentialsResponse) Reset()
- func (x *FetchNodeCredentialsResponse) String() string
- type GenerateServerCertificatesRequest
- func (*GenerateServerCertificatesRequest) Descriptor() ([]byte, []int)deprecated
- func (x *GenerateServerCertificatesRequest) GetCertificatePublicKeyPkix() []byte
- func (x *GenerateServerCertificatesRequest) GetClientState() []byte
- func (x *GenerateServerCertificatesRequest) GetClientStateSignature() []byte
- func (x *GenerateServerCertificatesRequest) GetCommonName() string
- func (x *GenerateServerCertificatesRequest) GetNodeId() string
- func (x *GenerateServerCertificatesRequest) GetNonce() []byte
- func (x *GenerateServerCertificatesRequest) GetNonceSignature() []byte
- func (x *GenerateServerCertificatesRequest) GetSkipVerification() bool
- func (*GenerateServerCertificatesRequest) ProtoMessage()
- func (x *GenerateServerCertificatesRequest) ProtoReflect() protoreflect.Message
- func (x *GenerateServerCertificatesRequest) Reset()
- func (x *GenerateServerCertificatesRequest) String() string
- type GenerateServerCertificatesResponse
- func (*GenerateServerCertificatesResponse) Descriptor() ([]byte, []int)deprecated
- func (x *GenerateServerCertificatesResponse) GetCertificateBundles() []*CertificateBundle
- func (x *GenerateServerCertificatesResponse) GetCertificatePrivateKeyPkcs8() []byte
- func (x *GenerateServerCertificatesResponse) GetCertificatePrivateKeyType() KEYTYPE
- func (x *GenerateServerCertificatesResponse) GetClientState() *structpb.Struct
- func (*GenerateServerCertificatesResponse) ProtoMessage()
- func (x *GenerateServerCertificatesResponse) ProtoReflect() protoreflect.Message
- func (x *GenerateServerCertificatesResponse) Reset()
- func (x *GenerateServerCertificatesResponse) String() string
- type KEYTYPE
- type NodeCredentials
- func (n *NodeCredentials) CreateFetchNodeCredentialsRequest(ctx context.Context, opt ...nodeenrollment.Option) (*FetchNodeCredentialsRequest, error)
- func (*NodeCredentials) Descriptor() ([]byte, []int)deprecated
- func (x *NodeCredentials) GetCertificateBundles() []*CertificateBundle
- func (x *NodeCredentials) GetCertificatePrivateKeyPkcs8() []byte
- func (x *NodeCredentials) GetCertificatePrivateKeyType() KEYTYPE
- func (x *NodeCredentials) GetCertificatePublicKeyPkix() []byte
- func (x *NodeCredentials) GetEncryptionPrivateKeyBytes() []byte
- func (x *NodeCredentials) GetEncryptionPrivateKeyType() KEYTYPE
- func (x *NodeCredentials) GetId() string
- func (x *NodeCredentials) GetPreviousCertificatePublicKeyPkix() []byte
- func (x *NodeCredentials) GetPreviousEncryptionKey() *EncryptionKey
- func (x *NodeCredentials) GetRegistrationNonce() []byte
- func (x *NodeCredentials) GetServerEncryptionPublicKeyBytes() []byte
- func (x *NodeCredentials) GetServerEncryptionPublicKeyType() KEYTYPE
- func (x *NodeCredentials) GetState() *structpb.Struct
- func (x *NodeCredentials) GetWrappingKeyId() string
- func (n *NodeCredentials) HandleFetchNodeCredentialsResponse(ctx context.Context, storage nodeenrollment.Storage, ...) (*NodeCredentials, error)
- func (n *NodeCredentials) PreviousX25519EncryptionKey() (string, []byte, error)
- func (*NodeCredentials) ProtoMessage()
- func (x *NodeCredentials) ProtoReflect() protoreflect.Message
- func (x *NodeCredentials) Reset()
- func (n *NodeCredentials) SetPreviousEncryptionKey(oldNodeCredentials *NodeCredentials) error
- func (n *NodeCredentials) Store(ctx context.Context, storage nodeenrollment.Storage, ...) error
- func (x *NodeCredentials) String() string
- func (n *NodeCredentials) X25519EncryptionKey() (string, []byte, error)
- type NodeInformation
- func (*NodeInformation) Descriptor() ([]byte, []int)deprecated
- func (x *NodeInformation) GetCertificateBundles() []*CertificateBundle
- func (x *NodeInformation) GetCertificatePublicKeyPkix() []byte
- func (x *NodeInformation) GetCertificatePublicKeyType() KEYTYPE
- func (x *NodeInformation) GetEncryptionPublicKeyBytes() []byte
- func (x *NodeInformation) GetEncryptionPublicKeyType() KEYTYPE
- func (x *NodeInformation) GetId() string
- func (x *NodeInformation) GetNodeId() string
- func (x *NodeInformation) GetPreviousCertificatePublicKeyPkix() []byte
- func (x *NodeInformation) GetPreviousEncryptionKey() *EncryptionKey
- func (x *NodeInformation) GetRegistrationNonce() []byte
- func (x *NodeInformation) GetServerEncryptionPrivateKeyBytes() []byte
- func (x *NodeInformation) GetServerEncryptionPrivateKeyType() KEYTYPE
- func (x *NodeInformation) GetState() *structpb.Struct
- func (x *NodeInformation) GetWrappingKeyId() string
- func (x *NodeInformation) GetWrappingRegistrationFlowInfo() *WrappingRegistrationFlowInfo
- func (n *NodeInformation) PreviousX25519EncryptionKey() (string, []byte, error)
- func (*NodeInformation) ProtoMessage()
- func (x *NodeInformation) ProtoReflect() protoreflect.Message
- func (x *NodeInformation) Reset()
- func (n *NodeInformation) SetPreviousEncryptionKey(oldNodeInformation *NodeInformation) error
- func (n *NodeInformation) Store(ctx context.Context, storage nodeenrollment.Storage, ...) error
- func (x *NodeInformation) String() string
- func (n *NodeInformation) X25519EncryptionKey() (string, []byte, error)
- type NodeInformationSet
- func (*NodeInformationSet) Descriptor() ([]byte, []int)deprecated
- func (x *NodeInformationSet) GetNodeId() string
- func (x *NodeInformationSet) GetNodes() []*NodeInformation
- func (*NodeInformationSet) ProtoMessage()
- func (x *NodeInformationSet) ProtoReflect() protoreflect.Message
- func (x *NodeInformationSet) Reset()
- func (x *NodeInformationSet) String() string
- type RootCertificate
- func (*RootCertificate) Descriptor() ([]byte, []int)deprecated
- func (x *RootCertificate) GetCertificateDer() []byte
- func (x *RootCertificate) GetId() string
- func (x *RootCertificate) GetNotAfter() *timestamppb.Timestamp
- func (x *RootCertificate) GetNotBefore() *timestamppb.Timestamp
- func (x *RootCertificate) GetPrivateKeyPkcs8() []byte
- func (x *RootCertificate) GetPrivateKeyType() KEYTYPE
- func (x *RootCertificate) GetPublicKeyPkix() []byte
- func (*RootCertificate) ProtoMessage()
- func (x *RootCertificate) ProtoReflect() protoreflect.Message
- func (x *RootCertificate) Reset()
- func (r *RootCertificate) SigningParams(ctx context.Context) (*x509.Certificate, crypto.Signer, error)
- func (x *RootCertificate) String() string
- type RootCertificates
- func (*RootCertificates) Descriptor() ([]byte, []int)deprecated
- func (x *RootCertificates) GetCurrent() *RootCertificate
- func (x *RootCertificates) GetId() string
- func (x *RootCertificates) GetNext() *RootCertificate
- func (x *RootCertificates) GetState() *structpb.Struct
- func (x *RootCertificates) GetWrappingKeyId() string
- func (*RootCertificates) ProtoMessage()
- func (x *RootCertificates) ProtoReflect() protoreflect.Message
- func (x *RootCertificates) Reset()
- func (r *RootCertificates) Store(ctx context.Context, storage nodeenrollment.Storage, ...) error
- func (x *RootCertificates) String() string
- type RotateNodeCredentialsRequest
- func (*RotateNodeCredentialsRequest) Descriptor() ([]byte, []int)deprecated
- func (x *RotateNodeCredentialsRequest) GetCertificatePublicKeyPkix() []byte
- func (x *RotateNodeCredentialsRequest) GetEncryptedFetchNodeCredentialsRequest() []byte
- func (x *RotateNodeCredentialsRequest) GetNodeId() string
- func (*RotateNodeCredentialsRequest) ProtoMessage()
- func (x *RotateNodeCredentialsRequest) ProtoReflect() protoreflect.Message
- func (x *RotateNodeCredentialsRequest) Reset()
- func (x *RotateNodeCredentialsRequest) String() string
- type RotateNodeCredentialsResponse
- func (*RotateNodeCredentialsResponse) Descriptor() ([]byte, []int)deprecated
- func (x *RotateNodeCredentialsResponse) GetEncryptedFetchNodeCredentialsResponse() []byte
- func (*RotateNodeCredentialsResponse) ProtoMessage()
- func (x *RotateNodeCredentialsResponse) ProtoReflect() protoreflect.Message
- func (x *RotateNodeCredentialsResponse) Reset()
- func (x *RotateNodeCredentialsResponse) String() string
- type ServerLedActivationToken
- func (*ServerLedActivationToken) Descriptor() ([]byte, []int)deprecated
- func (x *ServerLedActivationToken) GetCreationTime() *timestamppb.Timestamp
- func (x *ServerLedActivationToken) GetCreationTimeMarshaled() []byte
- func (x *ServerLedActivationToken) GetId() string
- func (x *ServerLedActivationToken) GetState() *structpb.Struct
- func (x *ServerLedActivationToken) GetWrappingKeyId() string
- func (*ServerLedActivationToken) ProtoMessage()
- func (x *ServerLedActivationToken) ProtoReflect() protoreflect.Message
- func (x *ServerLedActivationToken) Reset()
- func (s *ServerLedActivationToken) Store(ctx context.Context, storage nodeenrollment.Storage, ...) error
- func (x *ServerLedActivationToken) String() string
- type ServerLedActivationTokenNonce
- func (*ServerLedActivationTokenNonce) Descriptor() ([]byte, []int)deprecated
- func (x *ServerLedActivationTokenNonce) GetHmacKeyBytes() []byte
- func (x *ServerLedActivationTokenNonce) GetNonce() []byte
- func (*ServerLedActivationTokenNonce) ProtoMessage()
- func (x *ServerLedActivationTokenNonce) ProtoReflect() protoreflect.Message
- func (x *ServerLedActivationTokenNonce) Reset()
- func (x *ServerLedActivationTokenNonce) String() string
- type ServerLedRegistrationRequest
- func (*ServerLedRegistrationRequest) Descriptor() ([]byte, []int)deprecated
- func (*ServerLedRegistrationRequest) ProtoMessage()
- func (x *ServerLedRegistrationRequest) ProtoReflect() protoreflect.Message
- func (x *ServerLedRegistrationRequest) Reset()
- func (x *ServerLedRegistrationRequest) String() string
- type WrappingRegistrationFlowInfo
- func (*WrappingRegistrationFlowInfo) Descriptor() ([]byte, []int)deprecated
- func (x *WrappingRegistrationFlowInfo) GetApplicationSpecificParams() *structpb.Struct
- func (x *WrappingRegistrationFlowInfo) GetCertificatePublicKeyPkix() []byte
- func (x *WrappingRegistrationFlowInfo) GetNonce() []byte
- func (*WrappingRegistrationFlowInfo) ProtoMessage()
- func (x *WrappingRegistrationFlowInfo) ProtoReflect() protoreflect.Message
- func (x *WrappingRegistrationFlowInfo) Reset()
- func (x *WrappingRegistrationFlowInfo) String() string
Constants ¶
This section is empty.
Variables ¶
var ( KEYTYPE_name = map[int32]string{ 0: "UNSPECIFIED", 1: "ED25519", 2: "X25519", } KEYTYPE_value = map[string]int32{ "UNSPECIFIED": 0, "ED25519": 1, "X25519": 2, } )
Enum value maps for KEYTYPE.
var File_types_github_com_hashicorp_nodeenrollment_types_v1_proto protoreflect.FileDescriptor
Functions ¶
func ValidateMessage ¶
ValidateMessage contains some common functions that can be used to ensure that the message is valid before further processing:
* It's not nil * It's a known type
func X25519EncryptionKey ¶
func X25519EncryptionKey(privKey []byte, privKeyType KEYTYPE, pubKey []byte, pubKeyType KEYTYPE) ([]byte, error)
X25519EncryptionKey takes in public and private keys and performs the X25519 operation on them.
NOTE: This function is tested by tests on the individual implementations in NodeCredentials and NodeInformation, which also perform nil checks, and which are a thin wrapper around this.
Types ¶
type CertificateBundle ¶
type CertificateBundle struct { CertificateDer []byte `protobuf:"bytes,1,opt,name=certificate_der,proto3" json:"certificate_der,omitempty"` CaCertificateDer []byte `protobuf:"bytes,2,opt,name=ca_certificate_der,proto3" json:"ca_certificate_der,omitempty"` CertificateNotBefore *timestamppb.Timestamp `protobuf:"bytes,7,opt,name=certificate_not_before,proto3" json:"certificate_not_before,omitempty"` CertificateNotAfter *timestamppb.Timestamp `protobuf:"bytes,8,opt,name=certificate_not_after,proto3" json:"certificate_not_after,omitempty"` // contains filtered or unexported fields }
CertificateBundle contains information about a certificate the its issuing certificate
func (*CertificateBundle) Descriptor
deprecated
func (*CertificateBundle) Descriptor() ([]byte, []int)
Deprecated: Use CertificateBundle.ProtoReflect.Descriptor instead.
func (*CertificateBundle) GetCaCertificateDer ¶
func (x *CertificateBundle) GetCaCertificateDer() []byte
func (*CertificateBundle) GetCertificateDer ¶
func (x *CertificateBundle) GetCertificateDer() []byte
func (*CertificateBundle) GetCertificateNotAfter ¶
func (x *CertificateBundle) GetCertificateNotAfter() *timestamppb.Timestamp
func (*CertificateBundle) GetCertificateNotBefore ¶
func (x *CertificateBundle) GetCertificateNotBefore() *timestamppb.Timestamp
func (*CertificateBundle) ProtoMessage ¶
func (*CertificateBundle) ProtoMessage()
func (*CertificateBundle) ProtoReflect ¶
func (x *CertificateBundle) ProtoReflect() protoreflect.Message
func (*CertificateBundle) Reset ¶
func (x *CertificateBundle) Reset()
func (*CertificateBundle) String ¶
func (x *CertificateBundle) String() string
type DuplicateRecordError ¶ added in v0.2.5
type DuplicateRecordError struct { }
func (DuplicateRecordError) Error ¶ added in v0.2.5
func (d DuplicateRecordError) Error() string
type EncryptionKey ¶ added in v0.1.17
type EncryptionKey struct { KeyId string `protobuf:"bytes,1,opt,name=key_id,proto3" json:"key_id,omitempty"` PrivateKeyPkcs8 []byte `protobuf:"bytes,2,opt,name=private_key_pkcs8,proto3" json:"private_key_pkcs8,omitempty"` PrivateKeyType KEYTYPE `` /* 144-byte string literal not displayed */ PublicKeyPkix []byte `protobuf:"bytes,4,opt,name=public_key_pkix,proto3" json:"public_key_pkix,omitempty"` PublicKeyType KEYTYPE `` /* 142-byte string literal not displayed */ // contains filtered or unexported fields }
EncryptionKey contains the key information necessary to generate a sharedKey NodeInformation and NodeCredentials will store their previous encryption key using this message type
func (*EncryptionKey) Descriptor
deprecated
added in
v0.1.17
func (*EncryptionKey) Descriptor() ([]byte, []int)
Deprecated: Use EncryptionKey.ProtoReflect.Descriptor instead.
func (*EncryptionKey) GetKeyId ¶ added in v0.1.17
func (x *EncryptionKey) GetKeyId() string
func (*EncryptionKey) GetPrivateKeyPkcs8 ¶ added in v0.1.17
func (x *EncryptionKey) GetPrivateKeyPkcs8() []byte
func (*EncryptionKey) GetPrivateKeyType ¶ added in v0.1.17
func (x *EncryptionKey) GetPrivateKeyType() KEYTYPE
func (*EncryptionKey) GetPublicKeyPkix ¶ added in v0.1.17
func (x *EncryptionKey) GetPublicKeyPkix() []byte
func (*EncryptionKey) GetPublicKeyType ¶ added in v0.1.17
func (x *EncryptionKey) GetPublicKeyType() KEYTYPE
func (*EncryptionKey) ProtoMessage ¶ added in v0.1.17
func (*EncryptionKey) ProtoMessage()
func (*EncryptionKey) ProtoReflect ¶ added in v0.1.17
func (x *EncryptionKey) ProtoReflect() protoreflect.Message
func (*EncryptionKey) Reset ¶ added in v0.1.17
func (x *EncryptionKey) Reset()
func (*EncryptionKey) String ¶ added in v0.1.17
func (x *EncryptionKey) String() string
type FetchNodeCredentialsInfo ¶
type FetchNodeCredentialsInfo struct { Id string `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"` // Key id derived from pkix public key CertificatePublicKeyPkix []byte `protobuf:"bytes,2,opt,name=certificate_public_key_pkix,proto3" json:"certificate_public_key_pkix,omitempty"` CertificatePublicKeyType KEYTYPE `` /* 166-byte string literal not displayed */ PreviousCertificatePublicKeyPkix []byte `protobuf:"bytes,9,opt,name=previous_certificate_public_key_pkix,proto3" json:"previous_certificate_public_key_pkix,omitempty"` EncryptionPublicKeyBytes []byte `protobuf:"bytes,10,opt,name=encryption_public_key_bytes,proto3" json:"encryption_public_key_bytes,omitempty"` EncryptionPublicKeyType KEYTYPE `` /* 165-byte string literal not displayed */ Nonce []byte `protobuf:"bytes,20,opt,name=nonce,proto3" json:"nonce,omitempty"` // If provided, a wrapped (encrypted) registration bundle that can be used for // just-in-time authorization WrappedRegistrationInfo []byte `protobuf:"bytes,21,opt,name=wrapped_registration_info,proto3" json:"wrapped_registration_info,omitempty"` // This will be populated with decrypted values if the above field is populated WrappingRegistrationFlowInfo *WrappingRegistrationFlowInfo `protobuf:"bytes,22,opt,name=wrapping_registration_flow_info,proto3" json:"wrapping_registration_flow_info,omitempty"` NotBefore *timestamppb.Timestamp `protobuf:"bytes,7,opt,name=not_before,proto3" json:"not_before,omitempty"` NotAfter *timestamppb.Timestamp `protobuf:"bytes,8,opt,name=not_after,proto3" json:"not_after,omitempty"` // contains filtered or unexported fields }
FetchNodeCredentialsInfo contains the values bundled and signed into a FetchNodeCredentialsRequest. These values contain the ID (for identification, although the server should always re-derive this itself), the claimed certificate public key (which is also used to sign these values), and the public encryption key, as well as the registration nonce.
Because the signature from the certificate public key is across both itself and the encryption key, if the key ID is authorized, then after verification of the signature we can trust the public encryption key too, which is an important property for preventing MITM/replay scenarios.
func (*FetchNodeCredentialsInfo) Descriptor
deprecated
func (*FetchNodeCredentialsInfo) Descriptor() ([]byte, []int)
Deprecated: Use FetchNodeCredentialsInfo.ProtoReflect.Descriptor instead.
func (*FetchNodeCredentialsInfo) GetCertificatePublicKeyPkix ¶
func (x *FetchNodeCredentialsInfo) GetCertificatePublicKeyPkix() []byte
func (*FetchNodeCredentialsInfo) GetCertificatePublicKeyType ¶
func (x *FetchNodeCredentialsInfo) GetCertificatePublicKeyType() KEYTYPE
func (*FetchNodeCredentialsInfo) GetEncryptionPublicKeyBytes ¶
func (x *FetchNodeCredentialsInfo) GetEncryptionPublicKeyBytes() []byte
func (*FetchNodeCredentialsInfo) GetEncryptionPublicKeyType ¶
func (x *FetchNodeCredentialsInfo) GetEncryptionPublicKeyType() KEYTYPE
func (*FetchNodeCredentialsInfo) GetId ¶
func (x *FetchNodeCredentialsInfo) GetId() string
func (*FetchNodeCredentialsInfo) GetNonce ¶
func (x *FetchNodeCredentialsInfo) GetNonce() []byte
func (*FetchNodeCredentialsInfo) GetNotAfter ¶
func (x *FetchNodeCredentialsInfo) GetNotAfter() *timestamppb.Timestamp
func (*FetchNodeCredentialsInfo) GetNotBefore ¶
func (x *FetchNodeCredentialsInfo) GetNotBefore() *timestamppb.Timestamp
func (*FetchNodeCredentialsInfo) GetPreviousCertificatePublicKeyPkix ¶ added in v0.2.13
func (x *FetchNodeCredentialsInfo) GetPreviousCertificatePublicKeyPkix() []byte
func (*FetchNodeCredentialsInfo) GetWrappedRegistrationInfo ¶ added in v0.2.0
func (x *FetchNodeCredentialsInfo) GetWrappedRegistrationInfo() []byte
func (*FetchNodeCredentialsInfo) GetWrappingRegistrationFlowInfo ¶ added in v0.2.0
func (x *FetchNodeCredentialsInfo) GetWrappingRegistrationFlowInfo() *WrappingRegistrationFlowInfo
func (*FetchNodeCredentialsInfo) ProtoMessage ¶
func (*FetchNodeCredentialsInfo) ProtoMessage()
func (*FetchNodeCredentialsInfo) ProtoReflect ¶
func (x *FetchNodeCredentialsInfo) ProtoReflect() protoreflect.Message
func (*FetchNodeCredentialsInfo) Reset ¶
func (x *FetchNodeCredentialsInfo) Reset()
func (*FetchNodeCredentialsInfo) String ¶
func (x *FetchNodeCredentialsInfo) String() string
type FetchNodeCredentialsRequest ¶
type FetchNodeCredentialsRequest struct { Bundle []byte `protobuf:"bytes,28,opt,name=bundle,proto3" json:"bundle,omitempty"` BundleSignature []byte `protobuf:"bytes,29,opt,name=bundle_signature,proto3" json:"bundle_signature,omitempty"` // If an intermediate node is decrypting the wrapped registration info with a // wrapper not available on the server, it can't cache the decrypted value in // the original bundle because it's signed. In that case, it can cache the // value here and encrypt it to the server. RewrappedWrappingRegistrationFlowInfo []byte `` /* 136-byte string literal not displayed */ RewrappingKeyId string `protobuf:"bytes,33,opt,name=rewrapping_key_id,proto3" json:"rewrapping_key_id,omitempty"` // contains filtered or unexported fields }
FetchNodeCredentialsRequest contains the marshaled FetchNodeCredentialsInfo message and a signature using private key corresponding to the certificate public key contained within the marshaled bundle.
func (*FetchNodeCredentialsRequest) Descriptor
deprecated
func (*FetchNodeCredentialsRequest) Descriptor() ([]byte, []int)
Deprecated: Use FetchNodeCredentialsRequest.ProtoReflect.Descriptor instead.
func (*FetchNodeCredentialsRequest) GetBundle ¶
func (x *FetchNodeCredentialsRequest) GetBundle() []byte
func (*FetchNodeCredentialsRequest) GetBundleSignature ¶
func (x *FetchNodeCredentialsRequest) GetBundleSignature() []byte
func (*FetchNodeCredentialsRequest) GetRewrappedWrappingRegistrationFlowInfo ¶ added in v0.2.0
func (x *FetchNodeCredentialsRequest) GetRewrappedWrappingRegistrationFlowInfo() []byte
func (*FetchNodeCredentialsRequest) GetRewrappingKeyId ¶ added in v0.2.0
func (x *FetchNodeCredentialsRequest) GetRewrappingKeyId() string
func (*FetchNodeCredentialsRequest) ProtoMessage ¶
func (*FetchNodeCredentialsRequest) ProtoMessage()
func (*FetchNodeCredentialsRequest) ProtoReflect ¶
func (x *FetchNodeCredentialsRequest) ProtoReflect() protoreflect.Message
func (*FetchNodeCredentialsRequest) Reset ¶
func (x *FetchNodeCredentialsRequest) Reset()
func (*FetchNodeCredentialsRequest) String ¶
func (x *FetchNodeCredentialsRequest) String() string
type FetchNodeCredentialsResponse ¶
type FetchNodeCredentialsResponse struct { ServerEncryptionPublicKeyBytes []byte `` /* 155-byte string literal not displayed */ ServerEncryptionPublicKeyType KEYTYPE `` /* 211-byte string literal not displayed */ EncryptedNodeCredentials []byte `protobuf:"bytes,40,opt,name=encrypted_node_credentials,proto3" json:"encrypted_node_credentials,omitempty"` EncryptedNodeCredentialsSignature []byte `` /* 126-byte string literal not displayed */ // contains filtered or unexported fields }
FetchNodeCredentialsResponse contains a response to a fetch request. If unauthorized, only that bool will be returned. If authorized, the encrypted node credentials will contain a marshaled NodeCredentials struct containing certificates and other server-provided information, with the encryption key derived from a DH operation on the node's submitted public key and the server's private key corresponding to the given public encryption key.
The encrypted node credentials are signed with the current root certificate key. This is an optional step that can be taken by the node if it has pre-distributed CA certificates to validate the signature on the encrypted node credentials. This mostly is a guard against the failure of an operator to actually validate the key ID that they are authorizing.
func (*FetchNodeCredentialsResponse) Descriptor
deprecated
func (*FetchNodeCredentialsResponse) Descriptor() ([]byte, []int)
Deprecated: Use FetchNodeCredentialsResponse.ProtoReflect.Descriptor instead.
func (*FetchNodeCredentialsResponse) GetEncryptedNodeCredentials ¶
func (x *FetchNodeCredentialsResponse) GetEncryptedNodeCredentials() []byte
func (*FetchNodeCredentialsResponse) GetEncryptedNodeCredentialsSignature ¶
func (x *FetchNodeCredentialsResponse) GetEncryptedNodeCredentialsSignature() []byte
func (*FetchNodeCredentialsResponse) GetServerEncryptionPublicKeyBytes ¶
func (x *FetchNodeCredentialsResponse) GetServerEncryptionPublicKeyBytes() []byte
func (*FetchNodeCredentialsResponse) GetServerEncryptionPublicKeyType ¶
func (x *FetchNodeCredentialsResponse) GetServerEncryptionPublicKeyType() KEYTYPE
func (*FetchNodeCredentialsResponse) ProtoMessage ¶
func (*FetchNodeCredentialsResponse) ProtoMessage()
func (*FetchNodeCredentialsResponse) ProtoReflect ¶
func (x *FetchNodeCredentialsResponse) ProtoReflect() protoreflect.Message
func (*FetchNodeCredentialsResponse) Reset ¶
func (x *FetchNodeCredentialsResponse) Reset()
func (*FetchNodeCredentialsResponse) String ¶
func (x *FetchNodeCredentialsResponse) String() string
type GenerateServerCertificatesRequest ¶
type GenerateServerCertificatesRequest struct { CertificatePublicKeyPkix []byte `protobuf:"bytes,2,opt,name=certificate_public_key_pkix,proto3" json:"certificate_public_key_pkix,omitempty"` // NodeId is an external identifier for this node that does not change NodeId string `protobuf:"bytes,7,opt,name=node_id,proto3" json:"node_id,omitempty"` Nonce []byte `protobuf:"bytes,20,opt,name=nonce,proto3" json:"nonce,omitempty"` NonceSignature []byte `protobuf:"bytes,21,opt,name=nonce_signature,proto3" json:"nonce_signature,omitempty"` CommonName string `protobuf:"bytes,24,opt,name=common_name,proto3" json:"common_name,omitempty"` SkipVerification bool `protobuf:"varint,25,opt,name=skip_verification,proto3" json:"skip_verification,omitempty"` // ClientState data comes from the client and will be returned in the // *protocol.Conn, if used. This must be a marshaled structpb.Struct. ClientState []byte `protobuf:"bytes,50,opt,name=client_state,proto3" json:"client_state,omitempty"` // ClientStateSignature, like with the nonce, is used to be able to trust the // data, once the public key has been validated ClientStateSignature []byte `protobuf:"bytes,51,opt,name=client_state_signature,proto3" json:"client_state_signature,omitempty"` // contains filtered or unexported fields }
GenerateServerCertificatesRequest holds values necessary for the server to generate a server-side TLS certificate, either for itself or for a middle node in a multi-hop scenario. The nonce and signature are provided by the authenticating node, so that the server can validate the signature and ensure that the node is authorized, then embed the nonce in the returned certificate to authorize the upstream node (or server) to the authenticating node.
The common name and skip verification parameters would ideally be options to downstream functions, however, since multihop goes over gRPC (or could go over some other transport) the options cannot be carried in that way. If desired, in the future, an options message could be created and these (and any other) values aggregated there.
func (*GenerateServerCertificatesRequest) Descriptor
deprecated
func (*GenerateServerCertificatesRequest) Descriptor() ([]byte, []int)
Deprecated: Use GenerateServerCertificatesRequest.ProtoReflect.Descriptor instead.
func (*GenerateServerCertificatesRequest) GetCertificatePublicKeyPkix ¶
func (x *GenerateServerCertificatesRequest) GetCertificatePublicKeyPkix() []byte
func (*GenerateServerCertificatesRequest) GetClientState ¶ added in v0.1.19
func (x *GenerateServerCertificatesRequest) GetClientState() []byte
func (*GenerateServerCertificatesRequest) GetClientStateSignature ¶ added in v0.1.19
func (x *GenerateServerCertificatesRequest) GetClientStateSignature() []byte
func (*GenerateServerCertificatesRequest) GetCommonName ¶
func (x *GenerateServerCertificatesRequest) GetCommonName() string
func (*GenerateServerCertificatesRequest) GetNodeId ¶ added in v0.2.12
func (x *GenerateServerCertificatesRequest) GetNodeId() string
func (*GenerateServerCertificatesRequest) GetNonce ¶
func (x *GenerateServerCertificatesRequest) GetNonce() []byte
func (*GenerateServerCertificatesRequest) GetNonceSignature ¶
func (x *GenerateServerCertificatesRequest) GetNonceSignature() []byte
func (*GenerateServerCertificatesRequest) GetSkipVerification ¶
func (x *GenerateServerCertificatesRequest) GetSkipVerification() bool
func (*GenerateServerCertificatesRequest) ProtoMessage ¶
func (*GenerateServerCertificatesRequest) ProtoMessage()
func (*GenerateServerCertificatesRequest) ProtoReflect ¶
func (x *GenerateServerCertificatesRequest) ProtoReflect() protoreflect.Message
func (*GenerateServerCertificatesRequest) Reset ¶
func (x *GenerateServerCertificatesRequest) Reset()
func (*GenerateServerCertificatesRequest) String ¶
func (x *GenerateServerCertificatesRequest) String() string
type GenerateServerCertificatesResponse ¶
type GenerateServerCertificatesResponse struct { CertificatePrivateKeyPkcs8 []byte `protobuf:"bytes,4,opt,name=certificate_private_key_pkcs8,proto3" json:"certificate_private_key_pkcs8,omitempty"` CertificatePrivateKeyType KEYTYPE `` /* 168-byte string literal not displayed */ CertificateBundles []*CertificateBundle `protobuf:"bytes,6,rep,name=certificate_bundles,proto3" json:"certificate_bundles,omitempty"` // ClientState data is copied here from the request, if verified, and used to // populate the *protocol.Conn, if used ClientState *structpb.Struct `protobuf:"bytes,50,opt,name=client_state,proto3" json:"client_state,omitempty"` // contains filtered or unexported fields }
GenerateServerCertificatesResponse contains values for a successful response to the request: a private key for the server (or intemediate node) to use along with the returned certificates.
func (*GenerateServerCertificatesResponse) Descriptor
deprecated
func (*GenerateServerCertificatesResponse) Descriptor() ([]byte, []int)
Deprecated: Use GenerateServerCertificatesResponse.ProtoReflect.Descriptor instead.
func (*GenerateServerCertificatesResponse) GetCertificateBundles ¶
func (x *GenerateServerCertificatesResponse) GetCertificateBundles() []*CertificateBundle
func (*GenerateServerCertificatesResponse) GetCertificatePrivateKeyPkcs8 ¶
func (x *GenerateServerCertificatesResponse) GetCertificatePrivateKeyPkcs8() []byte
func (*GenerateServerCertificatesResponse) GetCertificatePrivateKeyType ¶
func (x *GenerateServerCertificatesResponse) GetCertificatePrivateKeyType() KEYTYPE
func (*GenerateServerCertificatesResponse) GetClientState ¶ added in v0.1.19
func (x *GenerateServerCertificatesResponse) GetClientState() *structpb.Struct
func (*GenerateServerCertificatesResponse) ProtoMessage ¶
func (*GenerateServerCertificatesResponse) ProtoMessage()
func (*GenerateServerCertificatesResponse) ProtoReflect ¶
func (x *GenerateServerCertificatesResponse) ProtoReflect() protoreflect.Message
func (*GenerateServerCertificatesResponse) Reset ¶
func (x *GenerateServerCertificatesResponse) Reset()
func (*GenerateServerCertificatesResponse) String ¶
func (x *GenerateServerCertificatesResponse) String() string
type KEYTYPE ¶
type KEYTYPE int32
KEYTYPE is an enum holding known key types
func (KEYTYPE) Descriptor ¶
func (KEYTYPE) Descriptor() protoreflect.EnumDescriptor
func (KEYTYPE) EnumDescriptor
deprecated
func (KEYTYPE) Number ¶
func (x KEYTYPE) Number() protoreflect.EnumNumber
func (KEYTYPE) Type ¶
func (KEYTYPE) Type() protoreflect.EnumType
type NodeCredentials ¶
type NodeCredentials struct { Id string `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"` // "current" or "next" CertificatePublicKeyPkix []byte `protobuf:"bytes,2,opt,name=certificate_public_key_pkix,proto3" json:"certificate_public_key_pkix,omitempty"` CertificatePrivateKeyPkcs8 []byte `protobuf:"bytes,4,opt,name=certificate_private_key_pkcs8,proto3" json:"certificate_private_key_pkcs8,omitempty"` CertificatePrivateKeyType KEYTYPE `` /* 168-byte string literal not displayed */ CertificateBundles []*CertificateBundle `protobuf:"bytes,6,rep,name=certificate_bundles,proto3" json:"certificate_bundles,omitempty"` PreviousCertificatePublicKeyPkix []byte `protobuf:"bytes,9,opt,name=previous_certificate_public_key_pkix,proto3" json:"previous_certificate_public_key_pkix,omitempty"` EncryptionPrivateKeyBytes []byte `protobuf:"bytes,10,opt,name=encryption_private_key_bytes,proto3" json:"encryption_private_key_bytes,omitempty"` EncryptionPrivateKeyType KEYTYPE `` /* 167-byte string literal not displayed */ ServerEncryptionPublicKeyBytes []byte `protobuf:"bytes,12,opt,name=server_encryption_public_key_bytes,proto3" json:"server_encryption_public_key_bytes,omitempty"` ServerEncryptionPublicKeyType KEYTYPE `` /* 179-byte string literal not displayed */ RegistrationNonce []byte `protobuf:"bytes,20,opt,name=registration_nonce,proto3" json:"registration_nonce,omitempty"` // If set, the key ID of the wrapping key used to encrypt the private keys WrappingKeyId string `protobuf:"bytes,30,opt,name=wrapping_key_id,proto3" json:"wrapping_key_id,omitempty"` // State is data that the implementor of a Store can use to round-trip data // through this library; as an example, a version number on the resource for // implementing transactions. State *structpb.Struct `protobuf:"bytes,50,opt,name=state,proto3" json:"state,omitempty"` PreviousEncryptionKey *EncryptionKey `protobuf:"bytes,60,opt,name=previous_encryption_key,proto3" json:"previous_encryption_key,omitempty"` // contains filtered or unexported fields }
NodeCredentials is the corresponding struct for NodeInformation on the node side, containing the values necessary for proving identity. At various points in registration/authorization flows this may have some or all fields filled in.
func LoadNodeCredentials ¶
func LoadNodeCredentials(ctx context.Context, storage nodeenrollment.Storage, id nodeenrollment.KnownId, opt ...nodeenrollment.Option) (*NodeCredentials, error)
LoadNodeCredentials loads the node credentials from storage, unwrapping encrypted values if needed
Supported options: WithStorageWrapper
func NewNodeCredentials ¶
func NewNodeCredentials( ctx context.Context, storage nodeenrollment.Storage, opt ...nodeenrollment.Option, ) (*NodeCredentials, error)
NewNodeCredentials creates a new node credentials object and populates it with suitable parameters for presenting for registration.
Once registration succeeds, the node credentials stored here can be used to decrypt the incoming bundle with the server's view of the node credentials, which can then be merged; this happens in a different function.
Supported options: WithRandomReader, WithStorageWrapper (passed through to NodeCredentials.Store), WithSkipStorage, WithActivationToken
func (*NodeCredentials) CreateFetchNodeCredentialsRequest ¶
func (n *NodeCredentials) CreateFetchNodeCredentialsRequest( ctx context.Context, opt ...nodeenrollment.Option, ) (*FetchNodeCredentialsRequest, error)
CreateFetchNodeCredentialsRequest creates and returns a fetch request based on the current node creds
Supported options: WithRandomReader, WithActivationToken (used in place of the node's nonce value if provided, for the server-led flow; note that this should be the full string token, it will be decoded by this function), WithRegistrationWrapper/WithWrappingRegistrationFlowApplicationSpecificParams
func (*NodeCredentials) Descriptor
deprecated
func (*NodeCredentials) Descriptor() ([]byte, []int)
Deprecated: Use NodeCredentials.ProtoReflect.Descriptor instead.
func (*NodeCredentials) GetCertificateBundles ¶
func (x *NodeCredentials) GetCertificateBundles() []*CertificateBundle
func (*NodeCredentials) GetCertificatePrivateKeyPkcs8 ¶
func (x *NodeCredentials) GetCertificatePrivateKeyPkcs8() []byte
func (*NodeCredentials) GetCertificatePrivateKeyType ¶
func (x *NodeCredentials) GetCertificatePrivateKeyType() KEYTYPE
func (*NodeCredentials) GetCertificatePublicKeyPkix ¶
func (x *NodeCredentials) GetCertificatePublicKeyPkix() []byte
func (*NodeCredentials) GetEncryptionPrivateKeyBytes ¶
func (x *NodeCredentials) GetEncryptionPrivateKeyBytes() []byte
func (*NodeCredentials) GetEncryptionPrivateKeyType ¶
func (x *NodeCredentials) GetEncryptionPrivateKeyType() KEYTYPE
func (*NodeCredentials) GetId ¶
func (x *NodeCredentials) GetId() string
func (*NodeCredentials) GetPreviousCertificatePublicKeyPkix ¶ added in v0.2.13
func (x *NodeCredentials) GetPreviousCertificatePublicKeyPkix() []byte
func (*NodeCredentials) GetPreviousEncryptionKey ¶ added in v0.1.17
func (x *NodeCredentials) GetPreviousEncryptionKey() *EncryptionKey
func (*NodeCredentials) GetRegistrationNonce ¶
func (x *NodeCredentials) GetRegistrationNonce() []byte
func (*NodeCredentials) GetServerEncryptionPublicKeyBytes ¶
func (x *NodeCredentials) GetServerEncryptionPublicKeyBytes() []byte
func (*NodeCredentials) GetServerEncryptionPublicKeyType ¶
func (x *NodeCredentials) GetServerEncryptionPublicKeyType() KEYTYPE
func (*NodeCredentials) GetState ¶
func (x *NodeCredentials) GetState() *structpb.Struct
func (*NodeCredentials) GetWrappingKeyId ¶
func (x *NodeCredentials) GetWrappingKeyId() string
func (*NodeCredentials) HandleFetchNodeCredentialsResponse ¶
func (n *NodeCredentials) HandleFetchNodeCredentialsResponse( ctx context.Context, storage nodeenrollment.Storage, input *FetchNodeCredentialsResponse, opt ...nodeenrollment.Option, ) (*NodeCredentials, error)
HandleFetchNodeCredentialsResponse parses the response from a server for node credentials and attempts to decrypt and merge with the existing NodeCredentials, storing the result. It returns the updated value and any error and stores the result in storage, unless WithSkipStorage is passed.
Supported options: WithWrapping (passed through to NodeCredentials.Store), WithSkipStorage, WithActivationToken (overrides the NodeCredentials' nonce when using server-led node authorization)
func (*NodeCredentials) PreviousX25519EncryptionKey ¶ added in v0.1.17
func (n *NodeCredentials) PreviousX25519EncryptionKey() (string, []byte, error)
PreviousX25519EncryptionKey satisfies the X25519Producer and will produce a shared encryption key via X25519 if previous key data is present
func (*NodeCredentials) ProtoMessage ¶
func (*NodeCredentials) ProtoMessage()
func (*NodeCredentials) ProtoReflect ¶
func (x *NodeCredentials) ProtoReflect() protoreflect.Message
func (*NodeCredentials) Reset ¶
func (x *NodeCredentials) Reset()
func (*NodeCredentials) SetPreviousEncryptionKey ¶ added in v0.1.17
func (n *NodeCredentials) SetPreviousEncryptionKey(oldNodeCredentials *NodeCredentials) error
SetPreviousEncryptionKey will set this NodeCredential's PreviousEncryptionKey field using the passed NodeCredentials
func (*NodeCredentials) Store ¶
func (n *NodeCredentials) Store(ctx context.Context, storage nodeenrollment.Storage, opt ...nodeenrollment.Option) error
Store stores node credentials to storage, wrapping values along the way if given a wrapper
Supported options: WithStorageWrapper
func (*NodeCredentials) String ¶
func (x *NodeCredentials) String() string
func (*NodeCredentials) X25519EncryptionKey ¶
func (n *NodeCredentials) X25519EncryptionKey() (string, []byte, error)
X25519EncryptionKey uses the NodeCredentials values to produce a shared encryption key via X25519
type NodeInformation ¶
type NodeInformation struct { Id string `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"` CertificatePublicKeyPkix []byte `protobuf:"bytes,2,opt,name=certificate_public_key_pkix,proto3" json:"certificate_public_key_pkix,omitempty"` CertificatePublicKeyType KEYTYPE `` /* 166-byte string literal not displayed */ CertificateBundles []*CertificateBundle `protobuf:"bytes,6,rep,name=certificate_bundles,proto3" json:"certificate_bundles,omitempty"` NodeId string `protobuf:"bytes,7,opt,name=node_id,proto3" json:"node_id,omitempty"` PreviousCertificatePublicKeyPkix []byte `protobuf:"bytes,9,opt,name=previous_certificate_public_key_pkix,proto3" json:"previous_certificate_public_key_pkix,omitempty"` EncryptionPublicKeyBytes []byte `protobuf:"bytes,10,opt,name=encryption_public_key_bytes,proto3" json:"encryption_public_key_bytes,omitempty"` EncryptionPublicKeyType KEYTYPE `` /* 165-byte string literal not displayed */ ServerEncryptionPrivateKeyBytes []byte `protobuf:"bytes,12,opt,name=server_encryption_private_key_bytes,proto3" json:"server_encryption_private_key_bytes,omitempty"` ServerEncryptionPrivateKeyType KEYTYPE `` /* 181-byte string literal not displayed */ RegistrationNonce []byte `protobuf:"bytes,20,opt,name=registration_nonce,proto3" json:"registration_nonce,omitempty"` // This will be populated with with any decrypted values that came in as a // result of this flow WrappingRegistrationFlowInfo *WrappingRegistrationFlowInfo `protobuf:"bytes,22,opt,name=wrapping_registration_flow_info,proto3" json:"wrapping_registration_flow_info,omitempty"` // If set, the key ID of the wrapping key used to encrypt the private key and // the nonce WrappingKeyId string `protobuf:"bytes,30,opt,name=wrapping_key_id,proto3" json:"wrapping_key_id,omitempty"` // State is data that the implementor of a Store can use to round-trip data // through this library; as an example, a version number on the resource for // implementing transactions. State *structpb.Struct `protobuf:"bytes,50,opt,name=state,proto3" json:"state,omitempty"` PreviousEncryptionKey *EncryptionKey `protobuf:"bytes,60,opt,name=previous_encryption_key,proto3" json:"previous_encryption_key,omitempty"` // contains filtered or unexported fields }
NodeInformation contains server-side information about a node: its certificate public key, any issued certificates (purely for informational purposes), its encryption public key and the corresponding server private key. Nonce may or may not have a value depending on the flow used to register the node and the current state of that flow. The first seen value can be useful for display to an operator looking to authorize a node. Authorized stores whether or not this node is authorized; technically we could derive this based on whether we have complete key/certificate information, but it's nice to be explicit.
The ID corresponds to a key identifier generated by this library's KeyIdFromPkix function; unlike RootCertificate or NodeCredentials, which will only have at most two active values, here we need to identify an incoming node's information so use the actual key ID. Rotation simply means a new entry will be added with the new ID.
NodeId is an external identifier for this node that does not change
func LoadNodeInformation ¶
func LoadNodeInformation(ctx context.Context, storage nodeenrollment.Storage, id string, opt ...nodeenrollment.Option) (*NodeInformation, error)
LoadNodeInformation loads the node information from storage, unwrapping encrypted values if needed.
Supported options: WithStorageWrapper, WithState
func (*NodeInformation) Descriptor
deprecated
func (*NodeInformation) Descriptor() ([]byte, []int)
Deprecated: Use NodeInformation.ProtoReflect.Descriptor instead.
func (*NodeInformation) GetCertificateBundles ¶
func (x *NodeInformation) GetCertificateBundles() []*CertificateBundle
func (*NodeInformation) GetCertificatePublicKeyPkix ¶
func (x *NodeInformation) GetCertificatePublicKeyPkix() []byte
func (*NodeInformation) GetCertificatePublicKeyType ¶
func (x *NodeInformation) GetCertificatePublicKeyType() KEYTYPE
func (*NodeInformation) GetEncryptionPublicKeyBytes ¶
func (x *NodeInformation) GetEncryptionPublicKeyBytes() []byte
func (*NodeInformation) GetEncryptionPublicKeyType ¶
func (x *NodeInformation) GetEncryptionPublicKeyType() KEYTYPE
func (*NodeInformation) GetId ¶
func (x *NodeInformation) GetId() string
func (*NodeInformation) GetNodeId ¶ added in v0.2.12
func (x *NodeInformation) GetNodeId() string
func (*NodeInformation) GetPreviousCertificatePublicKeyPkix ¶ added in v0.2.13
func (x *NodeInformation) GetPreviousCertificatePublicKeyPkix() []byte
func (*NodeInformation) GetPreviousEncryptionKey ¶ added in v0.1.17
func (x *NodeInformation) GetPreviousEncryptionKey() *EncryptionKey
func (*NodeInformation) GetRegistrationNonce ¶
func (x *NodeInformation) GetRegistrationNonce() []byte
func (*NodeInformation) GetServerEncryptionPrivateKeyBytes ¶
func (x *NodeInformation) GetServerEncryptionPrivateKeyBytes() []byte
func (*NodeInformation) GetServerEncryptionPrivateKeyType ¶
func (x *NodeInformation) GetServerEncryptionPrivateKeyType() KEYTYPE
func (*NodeInformation) GetState ¶
func (x *NodeInformation) GetState() *structpb.Struct
func (*NodeInformation) GetWrappingKeyId ¶
func (x *NodeInformation) GetWrappingKeyId() string
func (*NodeInformation) GetWrappingRegistrationFlowInfo ¶ added in v0.2.0
func (x *NodeInformation) GetWrappingRegistrationFlowInfo() *WrappingRegistrationFlowInfo
func (*NodeInformation) PreviousX25519EncryptionKey ¶ added in v0.1.17
func (n *NodeInformation) PreviousX25519EncryptionKey() (string, []byte, error)
PreviousX25519EncryptionKey satisfies the X25519Producer and will produce a shared encryption key via X25519 if previous key data is present
func (*NodeInformation) ProtoMessage ¶
func (*NodeInformation) ProtoMessage()
func (*NodeInformation) ProtoReflect ¶
func (x *NodeInformation) ProtoReflect() protoreflect.Message
func (*NodeInformation) Reset ¶
func (x *NodeInformation) Reset()
func (*NodeInformation) SetPreviousEncryptionKey ¶ added in v0.1.17
func (n *NodeInformation) SetPreviousEncryptionKey(oldNodeInformation *NodeInformation) error
SetPreviousEncryptionKey will set this NodeInformation's PreviousEncryptionKey field using the passed NodeInformation
func (*NodeInformation) Store ¶
func (n *NodeInformation) Store(ctx context.Context, storage nodeenrollment.Storage, opt ...nodeenrollment.Option) error
Store stores node information to server storage, wrapping values along the way if given a wrapper
Supported options: WithStorageWrapper
func (*NodeInformation) String ¶
func (x *NodeInformation) String() string
func (*NodeInformation) X25519EncryptionKey ¶
func (n *NodeInformation) X25519EncryptionKey() (string, []byte, error)
X25519EncryptionKey uses the NodeInformation's values to produce a shared encryption key via X25519
type NodeInformationSet ¶ added in v0.2.13
type NodeInformationSet struct { NodeId string `protobuf:"bytes,7,opt,name=node_id,proto3" json:"node_id,omitempty"` Nodes []*NodeInformation `protobuf:"bytes,10,rep,name=nodes,proto3" json:"nodes,omitempty"` // contains filtered or unexported fields }
NodeInformationSet is a message that holds multiple NodeInformation entries for a node. This is used to load all valid NodeInformation entries for a node from storage and can be used in situations where failover to previous credentials is necessary.
NodeId is an external identifier for this node that does not change
func LoadNodeInformationSetByNodeId ¶ added in v0.2.13
func LoadNodeInformationSetByNodeId(ctx context.Context, storage nodeenrollment.NodeIdLoader, nodeid string, opt ...nodeenrollment.Option) (*NodeInformationSet, error)
LoadNodeInformationSetByNodeId loads node information entries from storage by node id, unwrapping encrypted values if needed.
Supported options: WithStorageWrapper
func (*NodeInformationSet) Descriptor
deprecated
added in
v0.2.13
func (*NodeInformationSet) Descriptor() ([]byte, []int)
Deprecated: Use NodeInformationSet.ProtoReflect.Descriptor instead.
func (*NodeInformationSet) GetNodeId ¶ added in v0.2.13
func (x *NodeInformationSet) GetNodeId() string
func (*NodeInformationSet) GetNodes ¶ added in v0.2.13
func (x *NodeInformationSet) GetNodes() []*NodeInformation
func (*NodeInformationSet) ProtoMessage ¶ added in v0.2.13
func (*NodeInformationSet) ProtoMessage()
func (*NodeInformationSet) ProtoReflect ¶ added in v0.2.13
func (x *NodeInformationSet) ProtoReflect() protoreflect.Message
func (*NodeInformationSet) Reset ¶ added in v0.2.13
func (x *NodeInformationSet) Reset()
func (*NodeInformationSet) String ¶ added in v0.2.13
func (x *NodeInformationSet) String() string
type RootCertificate ¶
type RootCertificate struct { Id string `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"` // "current" or "next" PublicKeyPkix []byte `protobuf:"bytes,2,opt,name=public_key_pkix,proto3" json:"public_key_pkix,omitempty"` PrivateKeyPkcs8 []byte `protobuf:"bytes,4,opt,name=private_key_pkcs8,proto3" json:"private_key_pkcs8,omitempty"` PrivateKeyType KEYTYPE `` /* 144-byte string literal not displayed */ CertificateDer []byte `protobuf:"bytes,6,opt,name=certificate_der,proto3" json:"certificate_der,omitempty"` NotBefore *timestamppb.Timestamp `protobuf:"bytes,7,opt,name=not_before,proto3" json:"not_before,omitempty"` NotAfter *timestamppb.Timestamp `protobuf:"bytes,8,opt,name=not_after,proto3" json:"not_after,omitempty"` // contains filtered or unexported fields }
RootCertificate contains information about a root CA certificate and its associated public/private keys
func (*RootCertificate) Descriptor
deprecated
func (*RootCertificate) Descriptor() ([]byte, []int)
Deprecated: Use RootCertificate.ProtoReflect.Descriptor instead.
func (*RootCertificate) GetCertificateDer ¶
func (x *RootCertificate) GetCertificateDer() []byte
func (*RootCertificate) GetId ¶
func (x *RootCertificate) GetId() string
func (*RootCertificate) GetNotAfter ¶
func (x *RootCertificate) GetNotAfter() *timestamppb.Timestamp
func (*RootCertificate) GetNotBefore ¶
func (x *RootCertificate) GetNotBefore() *timestamppb.Timestamp
func (*RootCertificate) GetPrivateKeyPkcs8 ¶
func (x *RootCertificate) GetPrivateKeyPkcs8() []byte
func (*RootCertificate) GetPrivateKeyType ¶
func (x *RootCertificate) GetPrivateKeyType() KEYTYPE
func (*RootCertificate) GetPublicKeyPkix ¶
func (x *RootCertificate) GetPublicKeyPkix() []byte
func (*RootCertificate) ProtoMessage ¶
func (*RootCertificate) ProtoMessage()
func (*RootCertificate) ProtoReflect ¶
func (x *RootCertificate) ProtoReflect() protoreflect.Message
func (*RootCertificate) Reset ¶
func (x *RootCertificate) Reset()
func (*RootCertificate) SigningParams ¶
func (r *RootCertificate) SigningParams(ctx context.Context) (*x509.Certificate, crypto.Signer, error)
SigningParams is a helper to extract the necessary information from the RootCertificate to use as a CA certificate
func (*RootCertificate) String ¶
func (x *RootCertificate) String() string
type RootCertificates ¶
type RootCertificates struct { Id string `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"` Current *RootCertificate `protobuf:"bytes,2,opt,name=current,proto3" json:"current,omitempty"` Next *RootCertificate `protobuf:"bytes,3,opt,name=next,proto3" json:"next,omitempty"` // If set, the key ID of the wrapping key used to encrypt the private key WrappingKeyId string `protobuf:"bytes,30,opt,name=wrapping_key_id,proto3" json:"wrapping_key_id,omitempty"` // State is data that the implementor of a Store can use to round-trip data // through this library; as an example, a version number on the resource for // implementing transactions. State *structpb.Struct `protobuf:"bytes,50,opt,name=state,proto3" json:"state,omitempty"` // contains filtered or unexported fields }
RootCertificates is a message that holds two root certificates for easy usage/identification. The ID will always be "roots".
func LoadRootCertificates ¶
func LoadRootCertificates(ctx context.Context, storage nodeenrollment.Storage, opt ...nodeenrollment.Option) (*RootCertificates, error)
LoadRootCertificates loads the RootCertificates from storage, unwrapping encrypted values if needed
Supported options: WithStorageWrapper
func (*RootCertificates) Descriptor
deprecated
func (*RootCertificates) Descriptor() ([]byte, []int)
Deprecated: Use RootCertificates.ProtoReflect.Descriptor instead.
func (*RootCertificates) GetCurrent ¶
func (x *RootCertificates) GetCurrent() *RootCertificate
func (*RootCertificates) GetId ¶
func (x *RootCertificates) GetId() string
func (*RootCertificates) GetNext ¶
func (x *RootCertificates) GetNext() *RootCertificate
func (*RootCertificates) GetState ¶
func (x *RootCertificates) GetState() *structpb.Struct
func (*RootCertificates) GetWrappingKeyId ¶
func (x *RootCertificates) GetWrappingKeyId() string
func (*RootCertificates) ProtoMessage ¶
func (*RootCertificates) ProtoMessage()
func (*RootCertificates) ProtoReflect ¶
func (x *RootCertificates) ProtoReflect() protoreflect.Message
func (*RootCertificates) Reset ¶
func (x *RootCertificates) Reset()
func (*RootCertificates) Store ¶
func (r *RootCertificates) Store(ctx context.Context, storage nodeenrollment.Storage, opt ...nodeenrollment.Option) error
Store stores the certificates to the given storage, possibly encrypting secret values along the way if a wrapper is passed
Supported options: WithStorageWrapper
func (*RootCertificates) String ¶
func (x *RootCertificates) String() string
type RotateNodeCredentialsRequest ¶
type RotateNodeCredentialsRequest struct { // For identification of the node, in case it's not trivial from the // connection CertificatePublicKeyPkix []byte `protobuf:"bytes,2,opt,name=certificate_public_key_pkix,proto3" json:"certificate_public_key_pkix,omitempty"` // NodeId is an external identifier for this node that does not change NodeId string `protobuf:"bytes,7,opt,name=node_id,proto3" json:"node_id,omitempty"` // Encrypted FetchNodeCredentialsRequest, with the current encryption // parameters used for key generation EncryptedFetchNodeCredentialsRequest []byte `` /* 134-byte string literal not displayed */ // contains filtered or unexported fields }
RotateNodeCredentialsRequest is the message used when a node wants to rotate credentials
func (*RotateNodeCredentialsRequest) Descriptor
deprecated
func (*RotateNodeCredentialsRequest) Descriptor() ([]byte, []int)
Deprecated: Use RotateNodeCredentialsRequest.ProtoReflect.Descriptor instead.
func (*RotateNodeCredentialsRequest) GetCertificatePublicKeyPkix ¶
func (x *RotateNodeCredentialsRequest) GetCertificatePublicKeyPkix() []byte
func (*RotateNodeCredentialsRequest) GetEncryptedFetchNodeCredentialsRequest ¶
func (x *RotateNodeCredentialsRequest) GetEncryptedFetchNodeCredentialsRequest() []byte
func (*RotateNodeCredentialsRequest) GetNodeId ¶ added in v0.2.12
func (x *RotateNodeCredentialsRequest) GetNodeId() string
func (*RotateNodeCredentialsRequest) ProtoMessage ¶
func (*RotateNodeCredentialsRequest) ProtoMessage()
func (*RotateNodeCredentialsRequest) ProtoReflect ¶
func (x *RotateNodeCredentialsRequest) ProtoReflect() protoreflect.Message
func (*RotateNodeCredentialsRequest) Reset ¶
func (x *RotateNodeCredentialsRequest) Reset()
func (*RotateNodeCredentialsRequest) String ¶
func (x *RotateNodeCredentialsRequest) String() string
type RotateNodeCredentialsResponse ¶
type RotateNodeCredentialsResponse struct { // Encrypted FetchNodeCredentialsResponse, with the current encryption // parameters used for key generation. The new key will be used for the // encrypted node credentials in the response. EncryptedFetchNodeCredentialsResponse []byte `` /* 136-byte string literal not displayed */ // contains filtered or unexported fields }
RotateNodeCredentialsResponse is the message used to return values
func (*RotateNodeCredentialsResponse) Descriptor
deprecated
func (*RotateNodeCredentialsResponse) Descriptor() ([]byte, []int)
Deprecated: Use RotateNodeCredentialsResponse.ProtoReflect.Descriptor instead.
func (*RotateNodeCredentialsResponse) GetEncryptedFetchNodeCredentialsResponse ¶
func (x *RotateNodeCredentialsResponse) GetEncryptedFetchNodeCredentialsResponse() []byte
func (*RotateNodeCredentialsResponse) ProtoMessage ¶
func (*RotateNodeCredentialsResponse) ProtoMessage()
func (*RotateNodeCredentialsResponse) ProtoReflect ¶
func (x *RotateNodeCredentialsResponse) ProtoReflect() protoreflect.Message
func (*RotateNodeCredentialsResponse) Reset ¶
func (x *RotateNodeCredentialsResponse) Reset()
func (*RotateNodeCredentialsResponse) String ¶
func (x *RotateNodeCredentialsResponse) String() string
type ServerLedActivationToken ¶ added in v0.1.16
type ServerLedActivationToken struct { Id string `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"` // The time at which this was created; always overwritten on load from // creation_time_marshaled CreationTime *timestamppb.Timestamp `protobuf:"bytes,10,opt,name=creation_time,proto3" json:"creation_time,omitempty"` // This stores a marshaled version of the creation time so that it can easily // be wrapped CreationTimeMarshaled []byte `protobuf:"bytes,11,opt,name=creation_time_marshaled,proto3" json:"creation_time_marshaled,omitempty"` // If set, the key ID of the wrapping key used to encrypt the private keys WrappingKeyId string `protobuf:"bytes,30,opt,name=wrapping_key_id,proto3" json:"wrapping_key_id,omitempty"` // State is data that the implementor of a Store can use to round-trip data // through this library; as an example, a version number on the resource for // implementing transactions. State *structpb.Struct `protobuf:"bytes,50,opt,name=state,proto3" json:"state,omitempty"` // contains filtered or unexported fields }
ServerLedActivationToken contains stored information about a one-time-use activation token. The ID is created by the actual returned token's nonce HMAC'd by the token's keybytes.
func LoadServerLedActivationToken ¶ added in v0.1.16
func LoadServerLedActivationToken(ctx context.Context, storage nodeenrollment.Storage, id string, opt ...nodeenrollment.Option) (*ServerLedActivationToken, error)
LoadServerLedActivationToken loads the node credentials from storage, unwrapping encrypted values if needed
Supported options: WithStorageWrapper
func (*ServerLedActivationToken) Descriptor
deprecated
added in
v0.1.16
func (*ServerLedActivationToken) Descriptor() ([]byte, []int)
Deprecated: Use ServerLedActivationToken.ProtoReflect.Descriptor instead.
func (*ServerLedActivationToken) GetCreationTime ¶ added in v0.1.16
func (x *ServerLedActivationToken) GetCreationTime() *timestamppb.Timestamp
func (*ServerLedActivationToken) GetCreationTimeMarshaled ¶ added in v0.1.16
func (x *ServerLedActivationToken) GetCreationTimeMarshaled() []byte
func (*ServerLedActivationToken) GetId ¶ added in v0.1.16
func (x *ServerLedActivationToken) GetId() string
func (*ServerLedActivationToken) GetState ¶ added in v0.1.16
func (x *ServerLedActivationToken) GetState() *structpb.Struct
func (*ServerLedActivationToken) GetWrappingKeyId ¶ added in v0.1.16
func (x *ServerLedActivationToken) GetWrappingKeyId() string
func (*ServerLedActivationToken) ProtoMessage ¶ added in v0.1.16
func (*ServerLedActivationToken) ProtoMessage()
func (*ServerLedActivationToken) ProtoReflect ¶ added in v0.1.16
func (x *ServerLedActivationToken) ProtoReflect() protoreflect.Message
func (*ServerLedActivationToken) Reset ¶ added in v0.1.16
func (x *ServerLedActivationToken) Reset()
func (*ServerLedActivationToken) Store ¶ added in v0.1.16
func (s *ServerLedActivationToken) Store(ctx context.Context, storage nodeenrollment.Storage, opt ...nodeenrollment.Option) error
Store stores an activation token to storage, wrapping values along the way if given a wrapper
Supported options: WithStorageWrapper
func (*ServerLedActivationToken) String ¶ added in v0.1.16
func (x *ServerLedActivationToken) String() string
type ServerLedActivationTokenNonce ¶ added in v0.1.16
type ServerLedActivationTokenNonce struct { Nonce []byte `protobuf:"bytes,1,opt,name=nonce,proto3" json:"nonce,omitempty"` HmacKeyBytes []byte `protobuf:"bytes,2,opt,name=hmac_key_bytes,proto3" json:"hmac_key_bytes,omitempty"` // contains filtered or unexported fields }
ServerLedActivationTokenNonce is the value actually returned to a user. The a SHA256-HMAC of the nonce by the key bytes should result in an ID that can be found in storage.
func (*ServerLedActivationTokenNonce) Descriptor
deprecated
added in
v0.1.16
func (*ServerLedActivationTokenNonce) Descriptor() ([]byte, []int)
Deprecated: Use ServerLedActivationTokenNonce.ProtoReflect.Descriptor instead.
func (*ServerLedActivationTokenNonce) GetHmacKeyBytes ¶ added in v0.1.16
func (x *ServerLedActivationTokenNonce) GetHmacKeyBytes() []byte
func (*ServerLedActivationTokenNonce) GetNonce ¶ added in v0.1.16
func (x *ServerLedActivationTokenNonce) GetNonce() []byte
func (*ServerLedActivationTokenNonce) ProtoMessage ¶ added in v0.1.16
func (*ServerLedActivationTokenNonce) ProtoMessage()
func (*ServerLedActivationTokenNonce) ProtoReflect ¶ added in v0.1.16
func (x *ServerLedActivationTokenNonce) ProtoReflect() protoreflect.Message
func (*ServerLedActivationTokenNonce) Reset ¶ added in v0.1.16
func (x *ServerLedActivationTokenNonce) Reset()
func (*ServerLedActivationTokenNonce) String ¶ added in v0.1.16
func (x *ServerLedActivationTokenNonce) String() string
type ServerLedRegistrationRequest ¶
type ServerLedRegistrationRequest struct {
// contains filtered or unexported fields
}
ServerLedRegistrationRequest is a request for the "operator-led" registration flow. Although currently empty it's required to ensure that we can add parameters later without an API change.
func (*ServerLedRegistrationRequest) Descriptor
deprecated
func (*ServerLedRegistrationRequest) Descriptor() ([]byte, []int)
Deprecated: Use ServerLedRegistrationRequest.ProtoReflect.Descriptor instead.
func (*ServerLedRegistrationRequest) ProtoMessage ¶
func (*ServerLedRegistrationRequest) ProtoMessage()
func (*ServerLedRegistrationRequest) ProtoReflect ¶
func (x *ServerLedRegistrationRequest) ProtoReflect() protoreflect.Message
func (*ServerLedRegistrationRequest) Reset ¶
func (x *ServerLedRegistrationRequest) Reset()
func (*ServerLedRegistrationRequest) String ¶
func (x *ServerLedRegistrationRequest) String() string
type WrappingRegistrationFlowInfo ¶ added in v0.2.0
type WrappingRegistrationFlowInfo struct { CertificatePublicKeyPkix []byte `protobuf:"bytes,2,opt,name=certificate_public_key_pkix,proto3" json:"certificate_public_key_pkix,omitempty"` Nonce []byte `protobuf:"bytes,20,opt,name=nonce,proto3" json:"nonce,omitempty"` ApplicationSpecificParams *structpb.Struct `` /* 139-byte string literal not displayed */ // contains filtered or unexported fields }
WrappingRegistrationFlowInfo is a message that can be encrypted via a shared encryption wrapper and supplied to perform just-in-time registration. The public key contained in this bundle must match that within FetchNodeCredentialsInfo, as must the nonce. Forgeries by other users with access to the wrapper are prevented due to the signature on the FetchNodeCredentialsRequest including this; replays are prevented because the returned credentials are still encrypted to the derived shared key.
The application specific params can be used to pass extra registration information to the consuming application. Although both provide state to the server, there are two differences between the application specific params and passing state through to the node's dialer:
- The information is available at different times; client state cannot be sent through most of the nodeenrollment code because state parameters are reserved for the storage system to use as needed (e.g. to track operations across multiple calls). So client state is only available to the eventual receiver of a connection via a *protocol.Conn, whereas the application specific params are available when node information is being stored (at which time a conn is not available, and where passing this information as state would overwrite the storage system's state, if used).
- Anything in WrappingRegistrationFlowInfo is encrypted via the KMS, if required
It is entirely possible that the state passed into `protocol.Dial` and application specific params will carry the same data for use at different times. For instance, information about a node's name and version may be put into application specific params in order to have it avaialble during registration time, since registration is automatic (as opposed to e.g. an API call to activate a worker-led token where name can be provided at that time); however, when the connection is eventually returned to the application listener, the state can help the application figure out the next step in handling the connection based on version (e.g. passing to gRPC versus starting a yamux session).
func (*WrappingRegistrationFlowInfo) Descriptor
deprecated
added in
v0.2.0
func (*WrappingRegistrationFlowInfo) Descriptor() ([]byte, []int)
Deprecated: Use WrappingRegistrationFlowInfo.ProtoReflect.Descriptor instead.
func (*WrappingRegistrationFlowInfo) GetApplicationSpecificParams ¶ added in v0.2.0
func (x *WrappingRegistrationFlowInfo) GetApplicationSpecificParams() *structpb.Struct
func (*WrappingRegistrationFlowInfo) GetCertificatePublicKeyPkix ¶ added in v0.2.0
func (x *WrappingRegistrationFlowInfo) GetCertificatePublicKeyPkix() []byte
func (*WrappingRegistrationFlowInfo) GetNonce ¶ added in v0.2.0
func (x *WrappingRegistrationFlowInfo) GetNonce() []byte
func (*WrappingRegistrationFlowInfo) ProtoMessage ¶ added in v0.2.0
func (*WrappingRegistrationFlowInfo) ProtoMessage()
func (*WrappingRegistrationFlowInfo) ProtoReflect ¶ added in v0.2.0
func (x *WrappingRegistrationFlowInfo) ProtoReflect() protoreflect.Message
func (*WrappingRegistrationFlowInfo) Reset ¶ added in v0.2.0
func (x *WrappingRegistrationFlowInfo) Reset()
func (*WrappingRegistrationFlowInfo) String ¶ added in v0.2.0
func (x *WrappingRegistrationFlowInfo) String() string