keys

package
v0.7.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Aug 12, 2020 License: MIT Imports: 11 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var (
	// ErrKeysNotFound describes error when kid is missing in repository
	ErrKeysNotFound = errors.New("keys with kid not found in repository")
	// ErrKeysExpired fires when keys exist and expired
	ErrKeysExpired = errors.New("keys with kid exist in repository, marked as expired, must be deleted")
	// ErrKeysExist if keys exist and are valid
	ErrKeysExist = errors.New("keys with kid exist in repository and are valid")
	// ErrKeysExistInvalid if keys exist and are not valid
	ErrKeysExistInvalid = errors.New("keys with kid exist in repository and are not valid")
	// ErrKeysInvalid fires when keys are not valid
	ErrKeysInvalid = errors.New("keys with kid exist in repository and are not valid")
)

Functions

This section is empty.

Types

type DefaultOptions 

type DefaultOptions struct {
	SigAlg          string        // Default algorithm to be used for sign
	SigBits         int           // Default key size in bits for sign
	EncAlg          string        // Default algorithm to be used for encrypt
	EncBits         int           // Default key size in bits for encrypt
	ContEnc         string        // Default content encryption algorithm
	Expiry          time.Duration // Default value for keys ttl
	AuthTTL         time.Duration // Default value for auth jwt ttl
	RefreshTTL      time.Duration // Default value for refresh jwt ttl
	RefreshStrategy string        // optional, values are: 'refreshBoth', 'refreshOnExpire', 'noRefresh' (default)
}

DefaultOptions represents default sig ang enc options

type InfoSet 

type InfoSet struct {
	KID             string `json:"kid"`
	Expiry          int64  `json:"expiry"`
	AuthTTL         int64  `json:"authTTL"`
	RefreshTTL      int64  `json:"refreshTTL"`
	RefreshStrategy string `json:"refreshStrategy"`
	Enc             []byte `json:"enc"`
	Sig             []byte `json:"sig"`
	ContEnc         string `json:"contEnc"`
	Locked          bool   `json:"locked"`
	Valid           bool   `json:"valid"`
	Expired         bool   `json:"expired"`
}

InfoSet holds keys info for list request

type JWTKeysIssuerSet 

type JWTKeysIssuerSet struct {
	KID             []byte                 // key id
	Expiry          jwt.NumericDate        // keys expiry time
	AuthTTL         time.Duration          // token expiry duration
	RefreshTTL      time.Duration          // token expiry duration
	RefreshStrategy string                 // optional, values are: 'refreshBoth', 'refreshOnExpire', 'noRefresh' (default)
	Enc             jose.JSONWebKey        // enc private key
	Sig             jose.JSONWebKey        // sig private key
	ContEnc         jose.ContentEncryption // content encryption algorithm
	Locked          bool                   // is this keyset locked for further deletion (lost or other reason)
	SigOpts         jwtis.KeyOptions
	EncOpts         jwtis.KeyOptions
	// contains filtered or unexported fields
}

JWTKeysIssuerSet holds keys info

func (*JWTKeysIssuerSet) Expired 

func (k *JWTKeysIssuerSet) Expired() bool

Expired returns true if JWTKeysIssuerSet is expired

func (*JWTKeysIssuerSet) Public 

func (k *JWTKeysIssuerSet) Public() SigEncKeys

Public returns SigEncKeys with public sig and enc keys

func (*JWTKeysIssuerSet) Valid 

func (k *JWTKeysIssuerSet) Valid() bool

Valid checks keys for validity

func (*JWTKeysIssuerSet) Validate 

func (k *JWTKeysIssuerSet) Validate() bool

Validate checks Expired() and Valid()

type RepoOptions 

type RepoOptions struct {
	Store  *svalkey.Store
	Prefix string
	Opts   *DefaultOptions
}

RepoOptions holds options for NewKeysRepo func

type Repository 

type Repository struct {
	// Keys map[string]JWTKeysIssuerSet
	DefaultOptions
	// contains filtered or unexported fields
}

Repository holds all jose.JSONWebKey's

func New 

func New(repoOpts *RepoOptions) (*Repository, error)

New returns pointer to new KeysRepository

func (*Repository) AddKey 

func (p *Repository) AddKey(key *JWTKeysIssuerSet) (*SigEncKeys, error)

AddKey adds jose.JSONWebKey with key.KeyID to repository returns public jose.JSONWebKey

func (*Repository) DelKey 

func (p *Repository) DelKey(kid string) error

DelKey deletes key from cache and boltDB

func (*Repository) GetPrivateKeys 

func (p *Repository) GetPrivateKeys(kid string) (SigEncKeys, error)

GetPrivateKeys returns from boltDB private keys with kid returns pointer to public jose.JSONWebKey

func (*Repository) GetPublicKeys 

func (p *Repository) GetPublicKeys(kid string) (*SigEncKeys, error)

GetPublicKeys returns from boltDB public keys with kid returns pointer to public jose.JSONWebKey

func (*Repository) KeyExists 

func (p *Repository) KeyExists(kid []byte) (bool, *JWTKeysIssuerSet, error)

KeyExists return true is key with kid is in boltDB

func (*Repository) ListKeys 

func (p *Repository) ListKeys() ([]InfoSet, error)

ListKeys returns info about keys for all registered kids

func (*Repository) NewKey 

func (p *Repository) NewKey(kid string, opts *DefaultOptions) (*SigEncKeys, error)

NewKey creates new key with key_id and adds it to repository returns public jose.JSONWebKey

type SigEncKeys 

type SigEncKeys struct {
	Sig             jose.JSONWebKey        `json:"sig"`
	Enc             jose.JSONWebKey        `json:"enc"`
	ContEnc         jose.ContentEncryption `json:"contEnc"`
	Expiry          jwt.NumericDate        `json:"expiry"`
	Valid           bool                   `json:"valid"`
	RefreshStrategy string                 `json:"refresh_strategy"`
}

SigEncKeys represents a structure that holds public or private JWT keys

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.