crypto

package
v1.1.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 23, 2022 License: GPL-3.0 Imports: 20 Imported by: 0

Documentation

Overview

Package crypto is a generated GoMock package.

Index

Constants

View Source 
const (
	// ModuleName contains the name of this module
	ModuleName = "Crypto"
)

Variables

View Source 
var ErrKeyNotFound = errors.New("key not found")

ErrKeyNotFound is returned when the key should not exists but does

View Source 
var ErrUnsupportedSigningKey = errors.New("signing key algorithm not supported")

ErrUnsupportedSigningKey is returned when an unsupported private key is used to sign. Currently only ecdsa and rsa keys are supported

Functions

func EciesDecrypt 

func EciesDecrypt(privateKey *ecdsa.PrivateKey, cipherText []byte) ([]byte, error)

EciesDecrypt decrypts the `cipherText` using the Elliptic Curve Integrated Encryption Scheme

func EciesEncrypt 

func EciesEncrypt(publicKey *ecdsa.PublicKey, plainText []byte) ([]byte, error)

EciesEncrypt encrypts the `plainText` using the Elliptic Curve Integrated Encryption Scheme

func JWTKidAlg 

func JWTKidAlg(tokenString string) (string, jwa.SignatureAlgorithm, error)

JWTKidAlg parses a JWT, does not validate it and returns the 'kid' and 'alg' headers

func NewMemoryStorage 

func NewMemoryStorage() storage.Storage

func ParseJWT 

func ParseJWT(tokenString string, f PublicKeyFunc, options ...jwt.ParseOption) (jwt.Token, error)

ParseJWT parses a token, validates and verifies it.

func SignDetachedJWS 

func SignDetachedJWS(payload []byte, protectedHeaders map[string]interface{}, privateKey crypto.Signer) (string, error)

SignDetachedJWS signs a JWS with a detached payload. This function does not require the payload value to be base64 encoded since it will not be part of the resulting JWS. (If it is not base64 encoded, make sure to set the 'b64' header param to false)

func SignJWS 

func SignJWS(payload []byte, protectedHeaders map[string]interface{}, privateKey crypto.Signer) (string, error)

SignJWS signs the payload using the JWS format with the provided signer. Provided protected headers will be included in the JWS.

func SignJWT 

func SignJWT(key jwk.Key, claims map[string]interface{}, headers map[string]interface{}) (token string, err error)

SignJWT signs claims with the signer and returns the compacted token. The headers param can be used to add additional headers

func SignatureAlgorithm 

func SignatureAlgorithm(key crypto.PublicKey) (jwa.SignatureAlgorithm, error)

SignatureAlgorithm determines the jwa.SigningAlgorithm for ec/rsa/ed25519 keys.

func Thumbprint 

func Thumbprint(key jwk.Key) (string, error)

Thumbprint generates a Nuts compatible thumbprint: Base58(SHA256(rfc7638-json))

Types

type Config 

type Config struct {
	Storage string              `koanf:"crypto.storage"`
	Vault   storage.VaultConfig `koanf:"crypto.vault"`
}

Config holds the values for the crypto engine

func DefaultCryptoConfig 

func DefaultCryptoConfig() Config

DefaultCryptoConfig returns a Config with sane defaults

type Crypto 

type Crypto struct {
	Storage storage.Storage
	// contains filtered or unexported fields
}

Crypto holds references to storage and needed config

func NewCryptoInstance 

func NewCryptoInstance() *Crypto

NewCryptoInstance creates a new instance of the crypto engine.

func NewTestCryptoInstance 

func NewTestCryptoInstance() *Crypto

NewTestCryptoInstance returns a new Crypto instance to be used for integration tests. Any data is stored in the specified test directory.

func (*Crypto) Config 

func (client *Crypto) Config() interface{}

func (*Crypto) Configure 

func (client *Crypto) Configure(config core.ServerConfig) error

Configure loads the given configurations in the engine. Any wrong combination will return an error

func (*Crypto) Decrypt 

func (client *Crypto) Decrypt(kid string, cipherText []byte) ([]byte, error)

Decrypt decrypts the `cipherText` with key `kid`

func (*Crypto) Exists 

func (client *Crypto) Exists(kid string) bool

Exists checks storage for an entry for the given legal entity and returns true if it exists

func (*Crypto) List 

func (client *Crypto) List() []string

List returns the KIDs of the private keys that are present in the key store.

func (*Crypto) Name 

func (client *Crypto) Name() string

func (*Crypto) New 

func (client *Crypto) New(namingFunc KIDNamingFunc) (Key, error)

New generates a new key pair. Stores the private key, returns the public key If a key is overwritten is handled by the storage implementation. (it's considered bad practise to reuse a kid for different keys)

func (*Crypto) Resolve 

func (client *Crypto) Resolve(kid string) (Key, error)

func (*Crypto) SignJWT 

func (client *Crypto) SignJWT(claims map[string]interface{}, kid string) (token string, err error)

SignJWT creates a signed JWT given a legalEntity and map of claims

type Decrypter 

type Decrypter interface {
	// Decrypt decrypts the `cipherText` with key `kid`
	Decrypt(kid string, ciphertext []byte) ([]byte, error)
}

Decrypter is the interface to support decryption

type JWTSigner 

type JWTSigner interface {
	// SignJWT creates a signed JWT using the indicated key and map of claims.
	// Returns ErrKeyNotFound when indicated private key is not present.
	SignJWT(claims map[string]interface{}, kid string) (string, error)
}

JWTSigner is the interface used to sign authorization tokens.

type KIDNamingFunc 

type KIDNamingFunc func(key crypto.PublicKey) (string, error)

KIDNamingFunc is a function passed to New() which generates the kid for the pub/priv key

func ErrorNamingFunc 

func ErrorNamingFunc(err error) KIDNamingFunc

func StringNamingFunc 

func StringNamingFunc(name string) KIDNamingFunc

StringNamingFunc can be used to give a key a simple string name

type Key 

type Key interface {
	// Signer returns a crypto.Signer.
	Signer() crypto.Signer
	// KID returns the unique ID for this key.
	KID() string
	// Public returns the public key. This is a short-hand for Signer().Public()
	Public() crypto.PublicKey
}

Key is a helper interface which holds a crypto.Signer, KID and public key for a key.

func NewEphemeralKey 

func NewEphemeralKey(namingFunc KIDNamingFunc) (Key, error)

NewEphemeralKey returns a Key for single use.

func NewTestKey 

func NewTestKey(kid string) Key

type KeyCreator 

type KeyCreator interface {
	// New generates a keypair and returns a Key.
	// the KIDNamingFunc will provide the kid.
	New(namingFunc KIDNamingFunc) (Key, error)
}

KeyCreator is the interface for creating key pairs.

type KeyResolver 

type KeyResolver interface {
	// Exists returns if the specified private key exists.
	// If an error occurs, false is also returned
	Exists(kid string) bool
	// Resolve returns a Key for the given KID. ErrKeyNotFound is returned for an unknown KID.
	Resolve(kid string) (Key, error)
	// List returns the KIDs of the private keys that are present in the KeyStore.
	List() []string
}

KeyResolver is the interface for resolving keys.

type KeyStore 

type KeyStore interface {
	Decrypter
	KeyCreator
	KeyResolver
	JWTSigner
}

KeyStore defines the functions for working with private keys.

type MockDecrypter 

type MockDecrypter struct {
	// contains filtered or unexported fields
}

MockDecrypter is a mock of Decrypter interface.

func NewMockDecrypter 

func NewMockDecrypter(ctrl *gomock.Controller) *MockDecrypter

NewMockDecrypter creates a new mock instance.

func (*MockDecrypter) Decrypt 

func (m *MockDecrypter) Decrypt(kid string, ciphertext []byte) ([]byte, error)

Decrypt mocks base method.

func (*MockDecrypter) EXPECT 

func (m *MockDecrypter) EXPECT() *MockDecrypterMockRecorder

EXPECT returns an object that allows the caller to indicate expected use.

type MockDecrypterMockRecorder 

type MockDecrypterMockRecorder struct {
	// contains filtered or unexported fields
}

MockDecrypterMockRecorder is the mock recorder for MockDecrypter.

func (*MockDecrypterMockRecorder) Decrypt 

func (mr *MockDecrypterMockRecorder) Decrypt(kid, ciphertext interface{}) *gomock.Call

Decrypt indicates an expected call of Decrypt.

type MockJWTSigner 

type MockJWTSigner struct {
	// contains filtered or unexported fields
}

MockJWTSigner is a mock of JWTSigner interface.

func NewMockJWTSigner 

func NewMockJWTSigner(ctrl *gomock.Controller) *MockJWTSigner

NewMockJWTSigner creates a new mock instance.

func (*MockJWTSigner) EXPECT 

func (m *MockJWTSigner) EXPECT() *MockJWTSignerMockRecorder

EXPECT returns an object that allows the caller to indicate expected use.

func (*MockJWTSigner) SignJWT 

func (m *MockJWTSigner) SignJWT(claims map[string]interface{}, kid string) (string, error)

SignJWT mocks base method.

type MockJWTSignerMockRecorder 

type MockJWTSignerMockRecorder struct {
	// contains filtered or unexported fields
}

MockJWTSignerMockRecorder is the mock recorder for MockJWTSigner.

func (*MockJWTSignerMockRecorder) SignJWT 

func (mr *MockJWTSignerMockRecorder) SignJWT(claims, kid interface{}) *gomock.Call

SignJWT indicates an expected call of SignJWT.

type MockKey 

type MockKey struct {
	// contains filtered or unexported fields
}

MockKey is a mock of Key interface.

func NewMockKey 

func NewMockKey(ctrl *gomock.Controller) *MockKey

NewMockKey creates a new mock instance.

func (*MockKey) EXPECT 

func (m *MockKey) EXPECT() *MockKeyMockRecorder

EXPECT returns an object that allows the caller to indicate expected use.

func (*MockKey) KID 

func (m *MockKey) KID() string

KID mocks base method.

func (*MockKey) Public 

func (m *MockKey) Public() crypto.PublicKey

Public mocks base method.

func (*MockKey) Signer 

func (m *MockKey) Signer() crypto.Signer

Signer mocks base method.

type MockKeyCreator 

type MockKeyCreator struct {
	// contains filtered or unexported fields
}

MockKeyCreator is a mock of KeyCreator interface.

func NewMockKeyCreator 

func NewMockKeyCreator(ctrl *gomock.Controller) *MockKeyCreator

NewMockKeyCreator creates a new mock instance.

func (*MockKeyCreator) EXPECT 

func (m *MockKeyCreator) EXPECT() *MockKeyCreatorMockRecorder

EXPECT returns an object that allows the caller to indicate expected use.

func (*MockKeyCreator) New 

func (m *MockKeyCreator) New(namingFunc KIDNamingFunc) (Key, error)

New mocks base method.

type MockKeyCreatorMockRecorder 

type MockKeyCreatorMockRecorder struct {
	// contains filtered or unexported fields
}

MockKeyCreatorMockRecorder is the mock recorder for MockKeyCreator.

func (*MockKeyCreatorMockRecorder) New 

func (mr *MockKeyCreatorMockRecorder) New(namingFunc interface{}) *gomock.Call

New indicates an expected call of New.

type MockKeyMockRecorder 

type MockKeyMockRecorder struct {
	// contains filtered or unexported fields
}

MockKeyMockRecorder is the mock recorder for MockKey.

func (*MockKeyMockRecorder) KID 

func (mr *MockKeyMockRecorder) KID() *gomock.Call

KID indicates an expected call of KID.

func (*MockKeyMockRecorder) Public 

func (mr *MockKeyMockRecorder) Public() *gomock.Call

Public indicates an expected call of Public.

func (*MockKeyMockRecorder) Signer 

func (mr *MockKeyMockRecorder) Signer() *gomock.Call

Signer indicates an expected call of Signer.

type MockKeyResolver 

type MockKeyResolver struct {
	// contains filtered or unexported fields
}

MockKeyResolver is a mock of KeyResolver interface.

func NewMockKeyResolver 

func NewMockKeyResolver(ctrl *gomock.Controller) *MockKeyResolver

NewMockKeyResolver creates a new mock instance.

func (*MockKeyResolver) EXPECT 

func (m *MockKeyResolver) EXPECT() *MockKeyResolverMockRecorder

EXPECT returns an object that allows the caller to indicate expected use.

func (*MockKeyResolver) Exists 

func (m *MockKeyResolver) Exists(kid string) bool

Exists mocks base method.

func (*MockKeyResolver) List 

func (m *MockKeyResolver) List() []string

List mocks base method.

func (*MockKeyResolver) Resolve 

func (m *MockKeyResolver) Resolve(kid string) (Key, error)

Resolve mocks base method.

type MockKeyResolverMockRecorder 

type MockKeyResolverMockRecorder struct {
	// contains filtered or unexported fields
}

MockKeyResolverMockRecorder is the mock recorder for MockKeyResolver.

func (*MockKeyResolverMockRecorder) Exists 

func (mr *MockKeyResolverMockRecorder) Exists(kid interface{}) *gomock.Call

Exists indicates an expected call of Exists.

func (*MockKeyResolverMockRecorder) List 

func (mr *MockKeyResolverMockRecorder) List() *gomock.Call

List indicates an expected call of List.

func (*MockKeyResolverMockRecorder) Resolve 

func (mr *MockKeyResolverMockRecorder) Resolve(kid interface{}) *gomock.Call

Resolve indicates an expected call of Resolve.

type MockKeyStore 

type MockKeyStore struct {
	// contains filtered or unexported fields
}

MockKeyStore is a mock of KeyStore interface.

func NewMockKeyStore 

func NewMockKeyStore(ctrl *gomock.Controller) *MockKeyStore

NewMockKeyStore creates a new mock instance.

func (*MockKeyStore) Decrypt 

func (m *MockKeyStore) Decrypt(kid string, ciphertext []byte) ([]byte, error)

Decrypt mocks base method.

func (*MockKeyStore) EXPECT 

func (m *MockKeyStore) EXPECT() *MockKeyStoreMockRecorder

EXPECT returns an object that allows the caller to indicate expected use.

func (*MockKeyStore) Exists 

func (m *MockKeyStore) Exists(kid string) bool

Exists mocks base method.

func (*MockKeyStore) List 

func (m *MockKeyStore) List() []string

List mocks base method.

func (*MockKeyStore) New 

func (m *MockKeyStore) New(namingFunc KIDNamingFunc) (Key, error)

New mocks base method.

func (*MockKeyStore) Resolve 

func (m *MockKeyStore) Resolve(kid string) (Key, error)

Resolve mocks base method.

func (*MockKeyStore) SignJWT 

func (m *MockKeyStore) SignJWT(claims map[string]interface{}, kid string) (string, error)

SignJWT mocks base method.

type MockKeyStoreMockRecorder 

type MockKeyStoreMockRecorder struct {
	// contains filtered or unexported fields
}

MockKeyStoreMockRecorder is the mock recorder for MockKeyStore.

func (*MockKeyStoreMockRecorder) Decrypt 

func (mr *MockKeyStoreMockRecorder) Decrypt(kid, ciphertext interface{}) *gomock.Call

Decrypt indicates an expected call of Decrypt.

func (*MockKeyStoreMockRecorder) Exists 

func (mr *MockKeyStoreMockRecorder) Exists(kid interface{}) *gomock.Call

Exists indicates an expected call of Exists.

func (*MockKeyStoreMockRecorder) List 

func (mr *MockKeyStoreMockRecorder) List() *gomock.Call

List indicates an expected call of List.

func (*MockKeyStoreMockRecorder) New 

func (mr *MockKeyStoreMockRecorder) New(namingFunc interface{}) *gomock.Call

New indicates an expected call of New.

func (*MockKeyStoreMockRecorder) Resolve 

func (mr *MockKeyStoreMockRecorder) Resolve(kid interface{}) *gomock.Call

Resolve indicates an expected call of Resolve.

func (*MockKeyStoreMockRecorder) SignJWT 

func (mr *MockKeyStoreMockRecorder) SignJWT(claims, kid interface{}) *gomock.Call

SignJWT indicates an expected call of SignJWT.

type PublicKeyFunc 

type PublicKeyFunc func(kid string) (crypto.PublicKey, error)

PublicKeyFunc defines a function that resolves a public key based on a kid

type TestKey 

type TestKey struct {
	PrivateKey crypto.Signer
	Kid        string
}

TestKey is a Key impl for testing purposes

func (TestKey) KID 

func (t TestKey) KID() string

func (TestKey) Private 

func (t TestKey) Private() crypto.PrivateKey

func (TestKey) Public 

func (t TestKey) Public() crypto.PublicKey

func (TestKey) Signer 

func (t TestKey) Signer() crypto.Signer

Source Files

View all Source files

Directories

Path Synopsis
api
v1
Package v1 provides primitives to interact with the openapi HTTP API.
 Package v1 provides primitives to interact with the openapi HTTP API.
Package storage is a generated GoMock package.
 Package storage is a generated GoMock package.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.