crypto

package
v1.0.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Apr 1, 2022 License: GPL-3.0 Imports: 20 Imported by: 0

Documentation

Overview

Package crypto is a generated GoMock package.

Index

Constants

View Source
const (
	// ModuleName contains the name of this module
	ModuleName = "Crypto"
)

Variables

View Source
var ErrKeyNotFound = errors.New("key not found")

ErrKeyNotFound is returned when the key should not exists but does

View Source
var ErrUnsupportedSigningKey = errors.New("signing key algorithm not supported")

ErrUnsupportedSigningKey is returned when an unsupported private key is used to sign. Currently only ecdsa and rsa keys are supported

Functions

func EciesDecrypt

func EciesDecrypt(privateKey *ecdsa.PrivateKey, cipherText []byte) ([]byte, error)

EciesDecrypt decrypts the `cipherText` using the Elliptic Curve Integrated Encryption Scheme

func EciesEncrypt

func EciesEncrypt(publicKey *ecdsa.PublicKey, plainText []byte) ([]byte, error)

EciesEncrypt encrypts the `plainText` using the Elliptic Curve Integrated Encryption Scheme

func JWTKidAlg

func JWTKidAlg(tokenString string) (string, jwa.SignatureAlgorithm, error)

JWTKidAlg parses a JWT, does not validate it and returns the 'kid' and 'alg' headers

func NewMemoryStorage

func NewMemoryStorage() storage.Storage

func ParseJWT

func ParseJWT(tokenString string, f PublicKeyFunc, options ...jwt.ParseOption) (jwt.Token, error)

ParseJWT parses a token, validates and verifies it.

func SignDetachedJWS

func SignDetachedJWS(payload []byte, protectedHeaders map[string]interface{}, privateKey crypto.Signer) (string, error)

SignDetachedJWS signs a JWS with a detached payload. This function does not require the payload value to be base64 encoded since it will not be part of the resulting JWS. (If it is not base64 encoded, make sure to set the 'b64' header param to false)

func SignJWS

func SignJWS(payload []byte, protectedHeaders map[string]interface{}, privateKey crypto.Signer) (string, error)

SignJWS signs the payload using the JWS format with the provided signer. Provided protected headers will be included in the JWS.

func SignJWT

func SignJWT(key jwk.Key, claims map[string]interface{}, headers map[string]interface{}) (token string, err error)

SignJWT signs claims with the signer and returns the compacted token. The headers param can be used to add additional headers

func SignatureAlgorithm

func SignatureAlgorithm(key crypto.PublicKey) (jwa.SignatureAlgorithm, error)

SignatureAlgorithm determines the jwa.SigningAlgorithm for ec/rsa/ed25519 keys.

func Thumbprint

func Thumbprint(key jwk.Key) (string, error)

Thumbprint generates a Nuts compatible thumbprint: Base58(SHA256(rfc7638-json))

Types

type Config

type Config struct {
	Storage string              `koanf:"crypto.storage"`
	Vault   storage.VaultConfig `koanf:"crypto.vault"`
}

Config holds the values for the crypto engine

func DefaultCryptoConfig

func DefaultCryptoConfig() Config

DefaultCryptoConfig returns a Config with sane defaults

type Crypto

type Crypto struct {
	Storage storage.Storage
	// contains filtered or unexported fields
}

Crypto holds references to storage and needed config

func NewCryptoInstance

func NewCryptoInstance() *Crypto

NewCryptoInstance creates a new instance of the crypto engine.

func NewTestCryptoInstance

func NewTestCryptoInstance() *Crypto

NewTestCryptoInstance returns a new Crypto instance to be used for integration tests. Any data is stored in the specified test directory.

func (*Crypto) Config

func (client *Crypto) Config() interface{}

func (*Crypto) Configure

func (client *Crypto) Configure(config core.ServerConfig) error

Configure loads the given configurations in the engine. Any wrong combination will return an error

func (*Crypto) Decrypt

func (client *Crypto) Decrypt(kid string, cipherText []byte) ([]byte, error)

Decrypt decrypts the `cipherText` with key `kid`

func (*Crypto) Exists

func (client *Crypto) Exists(kid string) bool

Exists checks storage for an entry for the given legal entity and returns true if it exists

func (*Crypto) List

func (client *Crypto) List() []string

List returns the KIDs of the private keys that are present in the key store.

func (*Crypto) Name

func (client *Crypto) Name() string

func (*Crypto) New

func (client *Crypto) New(namingFunc KIDNamingFunc) (Key, error)

New generates a new key pair. Stores the private key, returns the public key If a key is overwritten is handled by the storage implementation. (it's considered bad practise to reuse a kid for different keys)

func (*Crypto) Resolve

func (client *Crypto) Resolve(kid string) (Key, error)

func (*Crypto) SignJWT

func (client *Crypto) SignJWT(claims map[string]interface{}, kid string) (token string, err error)

SignJWT creates a signed JWT given a legalEntity and map of claims

type Decrypter

type Decrypter interface {
	// Decrypt decrypts the `cipherText` with key `kid`
	Decrypt(kid string, ciphertext []byte) ([]byte, error)
}

Decrypter is the interface to support decryption

type JWTSigner

type JWTSigner interface {
	// SignJWT creates a signed JWT using the indicated key and map of claims.
	// Returns ErrKeyNotFound when indicated private key is not present.
	SignJWT(claims map[string]interface{}, kid string) (string, error)
}

JWTSigner is the interface used to sign authorization tokens.

type KIDNamingFunc

type KIDNamingFunc func(key crypto.PublicKey) (string, error)

KIDNamingFunc is a function passed to New() which generates the kid for the pub/priv key

func ErrorNamingFunc

func ErrorNamingFunc(err error) KIDNamingFunc

func StringNamingFunc

func StringNamingFunc(name string) KIDNamingFunc

StringNamingFunc can be used to give a key a simple string name

type Key

type Key interface {
	// Signer returns a crypto.Signer.
	Signer() crypto.Signer
	// KID returns the unique ID for this key.
	KID() string
	// Public returns the public key. This is a short-hand for Signer().Public()
	Public() crypto.PublicKey
}

Key is a helper interface which holds a crypto.Signer, KID and public key for a key.

func NewEphemeralKey

func NewEphemeralKey(namingFunc KIDNamingFunc) (Key, error)

NewEphemeralKey returns a Key for single use.

func NewTestKey

func NewTestKey(kid string) Key

type KeyCreator

type KeyCreator interface {
	// New generates a keypair and returns a Key.
	// the KIDNamingFunc will provide the kid.
	New(namingFunc KIDNamingFunc) (Key, error)
}

KeyCreator is the interface for creating key pairs.

type KeyResolver

type KeyResolver interface {
	// Exists returns if the specified private key exists.
	// If an error occurs, false is also returned
	Exists(kid string) bool
	// Resolve returns a Key for the given KID. ErrKeyNotFound is returned for an unknown KID.
	Resolve(kid string) (Key, error)
	// List returns the KIDs of the private keys that are present in the KeyStore.
	List() []string
}

KeyResolver is the interface for resolving keys.

type KeyStore

type KeyStore interface {
	Decrypter
	KeyCreator
	KeyResolver
	JWTSigner
}

KeyStore defines the functions for working with private keys.

type MockDecrypter

type MockDecrypter struct {
	// contains filtered or unexported fields
}

MockDecrypter is a mock of Decrypter interface.

func NewMockDecrypter

func NewMockDecrypter(ctrl *gomock.Controller) *MockDecrypter

NewMockDecrypter creates a new mock instance.

func (*MockDecrypter) Decrypt

func (m *MockDecrypter) Decrypt(kid string, ciphertext []byte) ([]byte, error)

Decrypt mocks base method.

func (*MockDecrypter) EXPECT

EXPECT returns an object that allows the caller to indicate expected use.

type MockDecrypterMockRecorder

type MockDecrypterMockRecorder struct {
	// contains filtered or unexported fields
}

MockDecrypterMockRecorder is the mock recorder for MockDecrypter.

func (*MockDecrypterMockRecorder) Decrypt

func (mr *MockDecrypterMockRecorder) Decrypt(kid, ciphertext interface{}) *gomock.Call

Decrypt indicates an expected call of Decrypt.

type MockJWTSigner

type MockJWTSigner struct {
	// contains filtered or unexported fields
}

MockJWTSigner is a mock of JWTSigner interface.

func NewMockJWTSigner

func NewMockJWTSigner(ctrl *gomock.Controller) *MockJWTSigner

NewMockJWTSigner creates a new mock instance.

func (*MockJWTSigner) EXPECT

EXPECT returns an object that allows the caller to indicate expected use.

func (*MockJWTSigner) SignJWT

func (m *MockJWTSigner) SignJWT(claims map[string]interface{}, kid string) (string, error)

SignJWT mocks base method.

type MockJWTSignerMockRecorder

type MockJWTSignerMockRecorder struct {
	// contains filtered or unexported fields
}

MockJWTSignerMockRecorder is the mock recorder for MockJWTSigner.

func (*MockJWTSignerMockRecorder) SignJWT

func (mr *MockJWTSignerMockRecorder) SignJWT(claims, kid interface{}) *gomock.Call

SignJWT indicates an expected call of SignJWT.

type MockKey

type MockKey struct {
	// contains filtered or unexported fields
}

MockKey is a mock of Key interface.

func NewMockKey

func NewMockKey(ctrl *gomock.Controller) *MockKey

NewMockKey creates a new mock instance.

func (*MockKey) EXPECT

func (m *MockKey) EXPECT() *MockKeyMockRecorder

EXPECT returns an object that allows the caller to indicate expected use.

func (*MockKey) KID

func (m *MockKey) KID() string

KID mocks base method.

func (*MockKey) Public

func (m *MockKey) Public() crypto.PublicKey

Public mocks base method.

func (*MockKey) Signer

func (m *MockKey) Signer() crypto.Signer

Signer mocks base method.

type MockKeyCreator

type MockKeyCreator struct {
	// contains filtered or unexported fields
}

MockKeyCreator is a mock of KeyCreator interface.

func NewMockKeyCreator

func NewMockKeyCreator(ctrl *gomock.Controller) *MockKeyCreator

NewMockKeyCreator creates a new mock instance.

func (*MockKeyCreator) EXPECT

EXPECT returns an object that allows the caller to indicate expected use.

func (*MockKeyCreator) New

func (m *MockKeyCreator) New(namingFunc KIDNamingFunc) (Key, error)

New mocks base method.

type MockKeyCreatorMockRecorder

type MockKeyCreatorMockRecorder struct {
	// contains filtered or unexported fields
}

MockKeyCreatorMockRecorder is the mock recorder for MockKeyCreator.

func (*MockKeyCreatorMockRecorder) New

func (mr *MockKeyCreatorMockRecorder) New(namingFunc interface{}) *gomock.Call

New indicates an expected call of New.

type MockKeyMockRecorder

type MockKeyMockRecorder struct {
	// contains filtered or unexported fields
}

MockKeyMockRecorder is the mock recorder for MockKey.

func (*MockKeyMockRecorder) KID

func (mr *MockKeyMockRecorder) KID() *gomock.Call

KID indicates an expected call of KID.

func (*MockKeyMockRecorder) Public

func (mr *MockKeyMockRecorder) Public() *gomock.Call

Public indicates an expected call of Public.

func (*MockKeyMockRecorder) Signer

func (mr *MockKeyMockRecorder) Signer() *gomock.Call

Signer indicates an expected call of Signer.

type MockKeyResolver

type MockKeyResolver struct {
	// contains filtered or unexported fields
}

MockKeyResolver is a mock of KeyResolver interface.

func NewMockKeyResolver

func NewMockKeyResolver(ctrl *gomock.Controller) *MockKeyResolver

NewMockKeyResolver creates a new mock instance.

func (*MockKeyResolver) EXPECT

EXPECT returns an object that allows the caller to indicate expected use.

func (*MockKeyResolver) Exists

func (m *MockKeyResolver) Exists(kid string) bool

Exists mocks base method.

func (*MockKeyResolver) List

func (m *MockKeyResolver) List() []string

List mocks base method.

func (*MockKeyResolver) Resolve

func (m *MockKeyResolver) Resolve(kid string) (Key, error)

Resolve mocks base method.

type MockKeyResolverMockRecorder

type MockKeyResolverMockRecorder struct {
	// contains filtered or unexported fields
}

MockKeyResolverMockRecorder is the mock recorder for MockKeyResolver.

func (*MockKeyResolverMockRecorder) Exists

func (mr *MockKeyResolverMockRecorder) Exists(kid interface{}) *gomock.Call

Exists indicates an expected call of Exists.

func (*MockKeyResolverMockRecorder) List

List indicates an expected call of List.

func (*MockKeyResolverMockRecorder) Resolve

func (mr *MockKeyResolverMockRecorder) Resolve(kid interface{}) *gomock.Call

Resolve indicates an expected call of Resolve.

type MockKeyStore

type MockKeyStore struct {
	// contains filtered or unexported fields
}

MockKeyStore is a mock of KeyStore interface.

func NewMockKeyStore

func NewMockKeyStore(ctrl *gomock.Controller) *MockKeyStore

NewMockKeyStore creates a new mock instance.

func (*MockKeyStore) Decrypt

func (m *MockKeyStore) Decrypt(kid string, ciphertext []byte) ([]byte, error)

Decrypt mocks base method.

func (*MockKeyStore) EXPECT

EXPECT returns an object that allows the caller to indicate expected use.

func (*MockKeyStore) Exists

func (m *MockKeyStore) Exists(kid string) bool

Exists mocks base method.

func (*MockKeyStore) List

func (m *MockKeyStore) List() []string

List mocks base method.

func (*MockKeyStore) New

func (m *MockKeyStore) New(namingFunc KIDNamingFunc) (Key, error)

New mocks base method.

func (*MockKeyStore) Resolve

func (m *MockKeyStore) Resolve(kid string) (Key, error)

Resolve mocks base method.

func (*MockKeyStore) SignJWT

func (m *MockKeyStore) SignJWT(claims map[string]interface{}, kid string) (string, error)

SignJWT mocks base method.

type MockKeyStoreMockRecorder

type MockKeyStoreMockRecorder struct {
	// contains filtered or unexported fields
}

MockKeyStoreMockRecorder is the mock recorder for MockKeyStore.

func (*MockKeyStoreMockRecorder) Decrypt

func (mr *MockKeyStoreMockRecorder) Decrypt(kid, ciphertext interface{}) *gomock.Call

Decrypt indicates an expected call of Decrypt.

func (*MockKeyStoreMockRecorder) Exists

func (mr *MockKeyStoreMockRecorder) Exists(kid interface{}) *gomock.Call

Exists indicates an expected call of Exists.

func (*MockKeyStoreMockRecorder) List

func (mr *MockKeyStoreMockRecorder) List() *gomock.Call

List indicates an expected call of List.

func (*MockKeyStoreMockRecorder) New

func (mr *MockKeyStoreMockRecorder) New(namingFunc interface{}) *gomock.Call

New indicates an expected call of New.

func (*MockKeyStoreMockRecorder) Resolve

func (mr *MockKeyStoreMockRecorder) Resolve(kid interface{}) *gomock.Call

Resolve indicates an expected call of Resolve.

func (*MockKeyStoreMockRecorder) SignJWT

func (mr *MockKeyStoreMockRecorder) SignJWT(claims, kid interface{}) *gomock.Call

SignJWT indicates an expected call of SignJWT.

type PublicKeyFunc

type PublicKeyFunc func(kid string) (crypto.PublicKey, error)

PublicKeyFunc defines a function that resolves a public key based on a kid

type TestKey

type TestKey struct {
	PrivateKey crypto.Signer
	Kid        string
}

TestKey is a Key impl for testing purposes

func (TestKey) KID

func (t TestKey) KID() string

func (TestKey) Private

func (t TestKey) Private() crypto.PrivateKey

func (TestKey) Public

func (t TestKey) Public() crypto.PublicKey

func (TestKey) Signer

func (t TestKey) Signer() crypto.Signer

Directories

Path Synopsis
api
v1
Package v1 provides primitives to interact with the openapi HTTP API.
Package v1 provides primitives to interact with the openapi HTTP API.
Package storage is a generated GoMock package.
Package storage is a generated GoMock package.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL