token

package
v0.0.0-...-31b9ebf Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Dec 3, 2024 License: Apache-2.0 Imports: 25 Imported by: 0

Documentation

Overview

Package encrypter is suitable for encrypting messages you would like to securely share between two points. Useful for providing end to end encryption (E2EE). It uses Box (NaCl) for encrypting the messages. tldr is it uses Elliptic Curves (Curve25519) for the keys, XSalsa20 and Poly1305 for encryption. You can read more here https://godoc.org/golang.org/x/crypto/nacl/box.

msg := []byte("super safe message.")
alice, err := NewEncrypter("alice_priv_key.pem", "alice_pub_key.pem")
if err != nil {
	log.Fatal(err)
}

bob, err := NewEncrypter("bob_priv_key.pem", "bob_pub_key.pem")
if err != nil {
	log.Fatal(err)
}
encrypted, err := alice.Encrypt(msg, bob.PublicKey())
if err != nil {
	log.Fatal(err)
}

data, err := bob.Decrypt(encrypted, alice.PublicKey())
if err != nil {
	log.Fatal(err)
}
fmt.Println(string(data))

Index

Constants

View Source
const (
	AccessLoginWorkerPath      = "/cdn-cgi/access/login"
	AccessAuthorizedWorkerPath = "/cdn-cgi/access/authorized"
)

Variables

This section is empty.

Functions

func FetchToken

func FetchToken(appURL *url.URL, appInfo *AppInfo, log *zerolog.Logger) (string, error)

FetchToken will either load a stored token or generate a new one it appends the host of the appURL as the redirect URL to the access cli request if opening the browser

func FetchTokenWithRedirect

func FetchTokenWithRedirect(appURL *url.URL, appInfo *AppInfo, log *zerolog.Logger) (string, error)

FetchTokenWithRedirect will either load a stored token or generate a new one it appends the full url as the redirect URL to the access cli request if opening the browser

func GenerateAppTokenFilePathFromURL

func GenerateAppTokenFilePathFromURL(appDomain, aud string, suffix string) (string, error)

GenerateAppTokenFilePathFromURL will return a filepath for given Access org token

func GenerateSSHCertFilePathFromURL

func GenerateSSHCertFilePathFromURL(url *url.URL, suffix string) (string, error)

GenerateSSHCertFilePathFromURL will return a file path for creating short lived certificates

func GetAppTokenIfExists

func GetAppTokenIfExists(appInfo *AppInfo) (string, error)

func GetOrgTokenIfExists

func GetOrgTokenIfExists(authDomain string) (string, error)

func Init

func Init(version string)

func OpenBrowser

func OpenBrowser(url string) error

OpenBrowser opens the specified URL in the default browser of the user

func RemoveTokenIfExists

func RemoveTokenIfExists(appInfo *AppInfo) error

RemoveTokenIfExists removes the a token from local storage if it exists

func RunTransfer

func RunTransfer(transferURL *url.URL, appAUD, resourceName, key, value string, shouldEncrypt bool, useHostOnly bool, log *zerolog.Logger) ([]byte, error)

RunTransfer does the transfer "dance" with the end result downloading the supported resource. The expanded description is run is encapsulation of shared business logic needed to request a resource (token/cert/etc) from the transfer service (loginhelper). The "dance" we refer to is building a HTTP request, opening that in a browser waiting for the user to complete an action, while it long polls in the background waiting for an action to be completed to download the resource.

Types

type AppInfo

type AppInfo struct {
	AuthDomain string
	AppAUD     string
	AppDomain  string
}

func GetAppInfo

func GetAppInfo(reqURL *url.URL) (*AppInfo, error)

GetAppInfo makes a request to the appURL and stops at the first redirect. The 302 location header will contain the auth domain

type Encrypter

type Encrypter struct {
	// contains filtered or unexported fields
}

Encrypter represents a keypair value with auxiliary functions to make doing encryption and decryption easier

func NewEncrypter

func NewEncrypter(privateKey, publicKey string) (*Encrypter, error)

NewEncrypter returns a new encrypter with initialized keypair

func (*Encrypter) Decrypt

func (e *Encrypter) Decrypt(data []byte, senderPublicKey string) ([]byte, error)

Decrypt data that was encrypted using our publicKey. It will use our privateKey and the sender's publicKey to decrypt data is an encrypted buffer of data, mostly like from the Encrypt function. Messages contain the nonce data on the front of the message. senderPublicKey is a base64 encoded version of the sender's public key (most likely from the PublicKey function). The return value is the decrypted buffer or an error.

func (*Encrypter) Encrypt

func (e *Encrypter) Encrypt(data []byte, recipientPublicKey string) ([]byte, error)

Encrypt data using our privateKey and the recipient publicKey data is a buffer of data that we would like to encrypt. Messages will have the nonce added to front as they have to unique for each message shared. recipientPublicKey is a base64 encoded version of the sender's public key (most likely from the PublicKey function). The return value is the encrypted buffer or an error.

func (*Encrypter) PublicKey

func (e *Encrypter) PublicKey() string

PublicKey returns a base64 encoded public key. Useful for transport (like in HTTP requests)

func (*Encrypter) WriteKeys

func (e *Encrypter) WriteKeys(privateKey, publicKey string) error

WriteKeys keys will take the currently initialized keypair and write them to provided filenames

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL