Documentation ¶
Index ¶
Constants ¶
const ( CertType = "PD NUCLEI USER CERTIFICATE" PrivateKeyType = "PD NUCLEI USER PRIVATE KEY" CertFilename = "nuclei-user.crt" PrivateKeyFilename = "nuclei-user-private-key.pem" CertEnvVarName = "NUCLEI_USER_CERTIFICATE" PrivateKeyEnvName = "NUCLEI_USER_PRIVATE_KEY" )
Variables ¶
var ( ErrNoCertificate = fmt.Errorf("nuclei user certificate not found") ErrNoPrivateKey = fmt.Errorf("nuclei user private key not found") SkipGeneratingKeys = false )
var ( ErrUnknownAlgorithm = errors.New("unknown algorithm") SignaturePattern = "# digest: " SignatureFmt = SignaturePattern + "%x" + ":%v" // `#digest: <signature>:<fragment>` )
var DefaultTemplateVerifiers []*TemplateSigner
DefaultTemplateVerifiers contains the default template verifiers
Functions ¶
func AddSignerToDefault ¶
func AddSignerToDefault(s *TemplateSigner) error
AddSignerToDefault adds a signer to the default list of signers
func ExtractSignatureAndContent ¶
ExtractSignatureAndContent extracts the signature (if present) and returns the content without the signature
Types ¶
type KeyHandler ¶
type KeyHandler struct { UserCert []byte PrivateKey []byte // contains filtered or unexported fields }
KeyHandler handles the key generation and management of signer public and private keys
func (*KeyHandler) GenerateKeyPair ¶
func (k *KeyHandler) GenerateKeyPair()
GenerateKeyPair generates a new key-pair for signing code templates
func (*KeyHandler) ParsePrivateKey ¶
func (k *KeyHandler) ParsePrivateKey() error
ParsePrivateKey parses the private key and returns the private key
func (*KeyHandler) ParseUserCert ¶
func (k *KeyHandler) ParseUserCert() error
ParseUserCert parses the user certificate and returns the public key
func (*KeyHandler) ReadCert ¶
func (k *KeyHandler) ReadCert(envName, dir string) error
ReadUserCert reads the user certificate from environment variable or given directory
func (*KeyHandler) ReadPrivateKey ¶
func (k *KeyHandler) ReadPrivateKey(envName, dir string) error
ReadPrivateKey reads the private key from environment variable or given directory
func (*KeyHandler) SaveToDisk ¶
func (k *KeyHandler) SaveToDisk(dir string) error
SaveToDisk saves the generated key-pair to the given directory
type SignableTemplate ¶
type SignableTemplate interface { // GetFileImports returns a list of files that are imported by the template GetFileImports() []string // HasCodeProtocol returns true if the template has a code protocol section HasCodeProtocol() bool }
SignableTemplate is a template that can be signed
type TemplateSigner ¶
func NewTemplateSigVerifier ¶
func NewTemplateSigVerifier(cert []byte) (*TemplateSigner, error)
NewTemplateSigVerifier creates a new signer for verifying templates
func NewTemplateSigner ¶
func NewTemplateSigner(cert, privateKey []byte) (*TemplateSigner, error)
NewTemplateSigner creates a new signer for signing templates
func NewTemplateSignerFromFiles ¶
func NewTemplateSignerFromFiles(cert, privKey string) (*TemplateSigner, error)
NewTemplateSignerFromFiles creates a new signer for signing templates
func (*TemplateSigner) GetUserFragment ¶
func (t *TemplateSigner) GetUserFragment() string
fragment is optional part of signature that is used to identify the user who signed the template via md5 hash of public key
func (*TemplateSigner) Identifier ¶
func (t *TemplateSigner) Identifier() string
Identifier returns the identifier for the template signer
func (*TemplateSigner) Sign ¶
func (t *TemplateSigner) Sign(data []byte, tmpl SignableTemplate) (string, error)
Sign signs the given template with the template signer and returns the signature
func (*TemplateSigner) Verify ¶
func (t *TemplateSigner) Verify(data []byte, tmpl SignableTemplate) (bool, error)
Verify verifies the given template with the template signer