Documentation ¶
Overview ¶
Package keycache provides the ability to hold active keys in memory for the Red October server.
Copyright (c) 2013 CloudFlare, Inc.
Index ¶
- type ActiveUser
- type Cache
- func (cache *Cache) AddKeyFromRecord(record passvault.PasswordRecord, name, password string, users, labels []string, ...) (err error)
- func (cache *Cache) DecryptKey(in []byte, name, user string, labels []string, pubEncryptedKey []byte) (out []byte, err error)
- func (cache *Cache) DecryptShares(in [][]byte, name, user string, labels []string, pubEncryptedKey []byte) (out [][]byte, err error)
- func (cache *Cache) DelegateStatus(name string, labels, admins []string) (adminsDelegated []string, hasDelegated int)
- func (cache *Cache) Flush() bool
- func (cache *Cache) GetSummary() map[string]ActiveUser
- func (cache *Cache) MatchUser(name, user string, labels []string) (ActiveUser, string, bool)
- func (cache *Cache) Refresh() int
- func (cache *Cache) Restore() (err error)
- func (cache *Cache) Valid(name, user string, labels []string) (present bool)
- type DelegateIndex
- type Usage
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type ActiveUser ¶
type ActiveUser struct { Usage AltNames map[string]string Admin bool Type string Key []byte // contains filtered or unexported fields }
ActiveUser holds the information about an actively delegated key.
type Cache ¶
type Cache struct { UserKeys map[DelegateIndex]ActiveUser // contains filtered or unexported fields }
Cache represents the current list of delegated keys in memory
func NewFrom ¶
func NewFrom(summary map[string]ActiveUser) *Cache
NewFrom takes the output of GetSummary and returns a new keycache.
func (*Cache) AddKeyFromRecord ¶
func (cache *Cache) AddKeyFromRecord(record passvault.PasswordRecord, name, password string, users, labels []string, uses int, slot, durationString string) (err error)
AddKeyFromRecord decrypts a key for a given record and adds it to the cache.
func (*Cache) DecryptKey ¶
func (cache *Cache) DecryptKey(in []byte, name, user string, labels []string, pubEncryptedKey []byte) (out []byte, err error)
DecryptKey decrypts a 16 byte key using the key corresponding to the name parameter For RSA and EC keys, the cached RSA/EC key is used to decrypt the pubEncryptedKey which is then used to decrypt the input buffer.
func (*Cache) DecryptShares ¶
func (cache *Cache) DecryptShares(in [][]byte, name, user string, labels []string, pubEncryptedKey []byte) (out [][]byte, err error)
DecryptShares decrypts an array of 16 byte shares using the key corresponding to the name parameter.
func (*Cache) DelegateStatus ¶
func (cache *Cache) DelegateStatus(name string, labels, admins []string) (adminsDelegated []string, hasDelegated int)
DelegateStatus will return a list of admins who have delegated to a particular user, for a particular label. This is useful information to have when determining the status of an order and conveying order progress.
func (*Cache) Flush ¶
Flush removes all delegated keys. It returns true if the cache wasn't empty (i.e. there were active users removed), and false if the cache was empty.
func (*Cache) GetSummary ¶
func (cache *Cache) GetSummary() map[string]ActiveUser
GetSummary returns the list of active user keys.
func (*Cache) MatchUser ¶
MatchUser returns the matching active user if present and a boolean to indicate its presence.
func (*Cache) Refresh ¶
Refresh purges all expired keys. It returns the number of delegations that were removed.
type DelegateIndex ¶
DelegateIndex is used to index the map of currently delegated keys. This is necessary to provide a way for a delegator to provide multiple delegations. It is also used to avoid the complexity of string parsing and enforcement of username and slot character requirements.