Versions in this module Expand all Collapse all v1 v1.0.1 May 28, 2024 v1.0.0 Apr 30, 2024 v0 v0.1.0 Apr 30, 2024 Changes in this version + var AttributeRPCContext = "rpc_security_context" + var AttributeSessionKey = "session_key" + var AttributeTarget = "target" + var ErrBadBindings = NewError(BadBindings, errors.New("channel binding mismatch")) + var ErrBadMIC = NewError(BadMIC, errors.New("token had invalid integrity check")) + var ErrBadMech = NewError(BadMech, errors.New("unsupported mechanism requested")) + var ErrBadName = NewError(BadName, errors.New("invalid name provided")) + var ErrBadNameType = NewError(BadNameType, errors.New("name of unsupported type provided")) + var ErrBadQoP = NewError(BadQoP, errors.New("unsupported QoP value")) + var ErrBadSig = NewError(BadSig, errors.New("token had invalid integrity check")) + var ErrBadStatus = NewError(BadStatus, errors.New("invalid input status selector")) + var ErrContextExpired = NewError(ContextExpired, errors.New("specified security context expired")) + var ErrCredentialsExpired = NewError(CredentialsExpired, errors.New("expired credentials detected")) + var ErrDefectiveCredential = NewError(DefectiveCredential, errors.New("defective credential detected")) + var ErrDefectiveToken = NewError(DefectiveToken, errors.New("defective token detected")) + var ErrDuplicateElement = NewError(DuplicateElement, errors.New("duplicate credential element requested")) + var ErrFailure = NewError(Failure, errors.New("failure, unspecified at GSS-API level")) + var ErrNameNotMN = NewError(NameNotMN, errors.New("name contains multi-mechanism elements")) + var ErrNoContext = NewError(NoContext, errors.New("no valid security context specified")) + var ErrNoCred = NewError(NoCred, errors.New("no valid credentials provided")) + var ErrUnauthorized = NewError(Unauthorized, errors.New("operation unauthorized")) + var ErrUnavailable = NewError(Unavailable, errors.New("operation unavailable")) + var ErrUnknown = NewError(Unknown, errors.New("unknown error")) + var ErrUnseqToken = NewError(UnseqToken, errors.New("reordered (early) per-message token detected.")) + func AddCredential(value any) + func AddMechanism(f MechanismFactory) + func ContextComplete(ctx context.Context) error + func ContextContinueNeeded(ctx context.Context) error + func ContextError(ctx context.Context, status Status, err error) error + func DeleteSecurityContext(ctx context.Context, _ ...Option) error + func GetAttribute(ctx context.Context, attrName string, _ ...Option) (any, bool) + func GetCredentialValue(ctx context.Context, name string, mechanismType OID, usage CredentialUsage) any + func GetMechanismConfig(ctx context.Context, oid OID) any + func IsComplete(ctx context.Context) bool + func NewCredential(targetName string, mechanismTypes []OID, usage CredentialUsage, value any) *credential + func NewError(status Status, err error) error + func NewSecurityContext(ctx context.Context, opts ...ContextOption) context.Context + func SetAttribute(ctx context.Context, attrName string, attrValue any, _ ...Option) + func VerifySignature(ctx context.Context, tok *MessageToken, opts ...Option) error + func VerifySignatureEx(ctx context.Context, tokEx *MessageTokenEx, opts ...Option) error + func WrapSizeLimit(ctx context.Context, sz int, opts ...Option) int + type Cap int + const Anonymity + const Confidentiality + const DCEStyle + const Datagram + const Delegation + const ExtendedError + const Identify + const Integrity + const MutualAuthn + const ReplayDetection + const Sequencing + func (c Cap) IsSet(cc Cap) bool + type ChannelBindings interface + Marshal func() ([]byte, error) + type Config struct + Capabilities Cap + Compatibility int + ContextTTL int + IsServer bool + MechanismConfigs []MechanismConfig + MechanismType OID + QoP int + TargetName string + TargetNameFromUntrustedSource bool + func MakeOptions(opts ...Option) *Config + type ContextManager interface + AcceptSecurityContext func(context.Context, *Token, ...Option) (*Token, error) + DeleteSecurityContext func(context.Context, ...Option) error + GetAttribute func(context.Context, string, ...Option) (any, error) + InitSecurityContext func(context.Context, *Token, ...Option) (*Token, error) + SetAttribute func(context.Context, string, any, ...Option) + WrapSizeLimit func(context.Context, int, ...Option) int + type ContextOption any + type Credential interface + MechanismTypes func() []OID + TargetName func() string + Usage func() CredentialUsage + Value func() any + func GetCredential(ctx context.Context, name string, mechanismType OID, usage CredentialUsage) Credential + type CredentialStore struct + func (c *CredentialStore) AddCredential(ctx context.Context, value any) + func (c *CredentialStore) GetCredential(ctx context.Context, name string, mechanismType OID, usage CredentialUsage) Credential + type CredentialUsage int + const AcceptOnly + const InitiateAndAccept + const InitiateOnly + type CredentialsManager interface + AcquireCredentials func(context.Context) error + AddCredentials func(context.Context, Credential) error + type Error struct + Err error + Status Status + func (e *Error) Error() string + type Mechanism interface + Accept func(ctx context.Context, token *Token) (*Token, error) + Init func(ctx context.Context, token *Token) (*Token, error) + MakeSignature func(context.Context, *MessageToken) (*MessageToken, error) + Type func() OID + Unwrap func(context.Context, *MessageToken) (*MessageToken, error) + VerifySignature func(context.Context, *MessageToken) error + Wrap func(context.Context, *MessageToken) (*MessageToken, error) + WrapSizeLimit func(context.Context, int, bool) int + type MechanismConfig interface + Type func() OID + type MechanismEx interface + MakeSignatureEx func(context.Context, *MessageTokenEx) (*MessageTokenEx, error) + UnwrapEx func(context.Context, *MessageTokenEx) (*MessageTokenEx, error) + VerifySignatureEx func(context.Context, *MessageTokenEx) error + WrapEx func(context.Context, *MessageTokenEx) (*MessageTokenEx, error) + type MechanismFactory interface + DefaultConfig func(context.Context) (MechanismConfig, error) + New func(context.Context) (Mechanism, error) + Type func() OID + func GetMechanism(ctx context.Context, oid OID) MechanismFactory + func ListMechanisms(ctx context.Context) []MechanismFactory + type MechanismStore struct + func (m *MechanismStore) AddMechanism(f MechanismFactory) + func (m *MechanismStore) GetMechanism(oid OID) MechanismFactory + func (m *MechanismStore) ListMechanisms() []MechanismFactory + type MessageToken struct + Capabilities Cap + Payload []byte + QoP int + Signature []byte + func MakeSignature(ctx context.Context, tok *MessageToken, opts ...Option) (*MessageToken, error) + func Unwrap(ctx context.Context, tok *MessageToken, opts ...Option) (*MessageToken, error) + func Wrap(ctx context.Context, tok *MessageToken, opts ...Option) (*MessageToken, error) + type MessageTokenEx struct + Payloads []*PayloadEx + QoP int + Signature []byte + func MakeSignatureEx(ctx context.Context, tokEx *MessageTokenEx, opts ...Option) (*MessageTokenEx, error) + func UnwrapEx(ctx context.Context, tokEx *MessageTokenEx, opts ...Option) (*MessageTokenEx, error) + func WrapEx(ctx context.Context, tokEx *MessageTokenEx, opts ...Option) (*MessageTokenEx, error) + type OID asn1.ObjectIdentifier + func (o OID) Equal(other OID) bool + func (o OID) String() string + type Option func(*Config) + func WithCompatibility(compat int) Option + func WithConfig(cfg *Config) Option + func WithMechanismConfig(cfg MechanismConfig) Option + func WithMechanismType(oid OID) Option + func WithQoP(qop int) Option + func WithRequest(req Cap) Option + func WithTargetName(name string, source ...TargetNameSource) Option + type PayloadEx struct + Capabilities Cap + Payload []byte + type SecurityAttributes interface + GetAttribute func(context.Context, string, ...Option) (any, bool) + SetAttribute func(context.Context, string, any, ...Option) + type SecurityContext struct + Attributes map[string]interface{} + Capabilities Cap + ChannelBindings ChannelBindings + Compatibility int + ContextTTL int + Credential Credential + CredentialStore *CredentialStore + Error error + IsServer bool + Mechanism Mechanism + MechanismConfigs []MechanismConfig + MechanismStore *MechanismStore + QoP int + Status Status + TargetName string + TargetNameFromUntrustedSource bool + func FromContext(ctx context.Context) SecurityContext + type SecurityService interface + MakeSignature func(context.Context, *MessageToken, ...Option) (*MessageToken, error) + Unwrap func(context.Context, *MessageToken, ...Option) (*MessageToken, error) + VerifySignature func(context.Context, *MessageToken, ...Option) (*MessageToken, error) + Wrap func(context.Context, *MessageToken, ...Option) (*MessageToken, error) + type SecurityServiceEx interface + MakeSignatureEx func(context.Context, *MessageTokenEx, ...Option) (*MessageTokenEx, error) + UnwrapEx func(context.Context, *MessageTokenEx, ...Option) (*MessageTokenEx, error) + VerifySignatureEx func(context.Context, *MessageTokenEx, ...Option) (*MessageTokenEx, error) + WrapEx func(context.Context, *MessageTokenEx, ...Option) (*MessageTokenEx, error) + type Status int + const BadBindings + const BadMIC + const BadMech + const BadName + const BadNameType + const BadQoP + const BadSig + const BadStatus + const Complete + const ContextExpired + const ContinueNeeded + const CredentialsExpired + const DefectiveCredential + const DefectiveToken + const DuplicateElement + const DuplicateToken + const Failure + const GapToken + const NameNotMN + const NoContext + const NoCred + const OldToken + const Unauthorized + const Unavailable + const Unknown + const UnseqToken + type TargetNameSource struct + Trusted bool + type Token struct + Payload []byte + func InitSecurityContext(ctx context.Context, tok *Token, opts ...Option) (*Token, error)