kmsauth

package
v0.0.0-...-57b3f87 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Dec 15, 2024 License: MIT Imports: 14 Imported by: 0

Documentation

Index

Constants

View Source
const (
	// TimeFormat  = "%Y%m%dT%H%M%SZ"
	TimeFormat = "20060102T150405Z"

	// TokenVersion1 is a token version
	TokenVersion1 = 1
	// TokenVersion2 is a token version
	TokenVersion2 = 2
)

Variables

This section is empty.

Functions

This section is empty.

Types

type AuthContext

type AuthContext interface {
	Validate() error
	GetUsername() string
	GetKMSContext() map[string]string
}

AuthContext is a kms encryption context used to ascertain a user's identiy

type AuthContextV1

type AuthContextV1 struct {
	From string `json:"from" validate:"required"`
	To   string `json:"to" validate:"required"`
}

AuthContextV1 is a kms encryption context used to ascertain a user's identiy

func (*AuthContextV1) GetKMSContext

func (ac *AuthContextV1) GetKMSContext() map[string]string

GetKMSContext gets the kms context

func (*AuthContextV1) GetUsername

func (ac *AuthContextV1) GetUsername() string

GetUsername returns a username

func (*AuthContextV1) Validate

func (ac *AuthContextV1) Validate() error

Validate validates

type AuthContextV2

type AuthContextV2 struct {
	From     string `json:"from" validate:"required"`
	To       string `json:"to" validate:"required"`
	UserType string `json:"user_type" validate:"required"`
}

AuthContextV2 is a kms encryption context used to ascertain a user's identiy

func (*AuthContextV2) GetKMSContext

func (ac *AuthContextV2) GetKMSContext() map[string]string

GetKMSContext gets the kms context

func (*AuthContextV2) GetUsername

func (ac *AuthContextV2) GetUsername() string

GetUsername returns a username

func (*AuthContextV2) Validate

func (ac *AuthContextV2) Validate() error

Validate validates

type EncryptedToken

type EncryptedToken string

EncryptedToken is a b64 kms encrypted token

func (EncryptedToken) String

func (e EncryptedToken) String() string

String satisfies the stringer interface

type Token

type Token struct {
	NotBefore TokenTime `json:"not_before"`
	NotAfter  TokenTime `json:"not_after"`
}

Token is a kmsauth token

func NewToken

func NewToken(tokenLifetime time.Duration) *Token

NewToken generates a new token

func (*Token) IsValid

func (t *Token) IsValid(tokenLifetime time.Duration) error

IsValid returns an error if token is invalid, nil if valid

type TokenCache

type TokenCache struct {
	Token          Token             `json:"token,omitempty"`
	EncryptedToken EncryptedToken    `json:"encrypted_token,omitempty"`
	AuthContext    map[string]string `json:"auth_context,omitempty"`
}

TokenCache is a cached token, consists of a token and an encryptedToken

type TokenGenerator

type TokenGenerator struct {
	// AuthKey the key_arn or alias to use for authentication
	AuthKey string
	// TokenVersion is a kmsauth token version
	TokenVersion TokenVersion
	// The token lifetime
	TokenLifetime time.Duration
	// A file to use as a cache
	TokenCacheFile string
	// An auth context
	AuthContext AuthContext

	// KMSClient for kms encryption
	KMSClient *awscloud.KMSClient
	// contains filtered or unexported fields
}

TokenGenerator generates a token

func NewTokenGenerator

func NewTokenGenerator(
	authKey string,
	tokenVersion TokenVersion,
	tokenLifetime time.Duration,
	tokenCacheFile string,
	authContext AuthContext,
	kmsClient *awscloud.KMSClient,
) *TokenGenerator

NewTokenGenerator returns a new token generator

func (*TokenGenerator) GetEncryptedToken

func (tg *TokenGenerator) GetEncryptedToken(skipCache bool) (*EncryptedToken, error)

GetEncryptedToken returns the encrypted kmsauth token

func (*TokenGenerator) Validate

func (tg *TokenGenerator) Validate() error

Validate validates the TokenGenerator

type TokenTime

type TokenTime struct {
	time.Time
}

TokenTime is a custom time formatter

func (*TokenTime) MarshalJSON

func (t *TokenTime) MarshalJSON() ([]byte, error)

MarshalJSON marshals into json

func (*TokenTime) UnmarshalJSON

func (t *TokenTime) UnmarshalJSON(b []byte) error

UnmarshalJSON unmarshals

type TokenValidator

type TokenValidator struct {
	// An auth context
	AuthContext AuthContext
	// TokenLifetime is the max lifetime we accept tokens to have
	TokenLifetime time.Duration
	// AuthKey the key_arn or alias to use for authentication
	AuthKey string
	// KMSClient for kms encryption
	KMSClient *awscloud.KMSClient
}

TokenValidator validates a token

func NewTokenValidator

func NewTokenValidator(
	authKey string,
	authContext AuthContext,
	tokenLifetime time.Duration,
	kmsClient *awscloud.KMSClient,
) *TokenValidator

NewTokenValidator returns a new token validator

func (*TokenValidator) ValidateToken

func (tv *TokenValidator) ValidateToken(tokenb64 string) error

ValidateToken validates a token

type TokenVersion

type TokenVersion int

TokenVersion is a token version

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL