Documentation ¶
Index ¶
- Constants
- Variables
- func AddTokenToHeader(h http.Header, token string) http.Header
- func ExtractTokenFromHeader(h http.Header) string
- func SelectEndpoints(ctx context.Context, serviceEndpoints []string, cli HTTPClient) (string, error)
- func ValidateAlgorithm(alg string) bool
- type Client
- type Config
- type DomainConfig
- type DomainResolver
- type HTTPClient
- type JWKSet
- type Key
- type OTClient
- func (oc *OTClient) AddAudience(token, serviceEndpoint string) error
- func (oc *OTClient) Domain(td TrustDomain) *DomainResolver
- func (oc *OTClient) ParseOTVID(ctx context.Context, token string, auds ...OTID) (*OTVID, error)
- func (oc *OTClient) Service(aud OTID) *ServiceClient
- func (oc *OTClient) SetDomainKeys(publicKeys JWKSet)
- func (oc *OTClient) SetPrivateKeys(privateKeys JWKSet)
- func (oc *OTClient) Sign(ctx context.Context, input SignInput) (*SignOutput, error)
- func (oc *OTClient) SignSelf() (string, error)
- func (oc *OTClient) Verify(ctx context.Context, token string, auds ...OTID) (*OTVID, error)
- type OTID
- func (id OTID) Equal(another OTID) bool
- func (id OTID) ID() string
- func (id OTID) IsDomainID() bool
- func (id OTID) MarshalJSON() ([]byte, error)
- func (id OTID) MarshalText() ([]byte, error)
- func (id OTID) MemberOf(td TrustDomain) bool
- func (id OTID) String() string
- func (id OTID) Subject() string
- func (id OTID) TrustDomain() TrustDomain
- func (id OTID) Type() string
- func (id *OTID) UnmarshalJSON(data []byte) error
- func (id *OTID) UnmarshalText(data []byte) error
- func (id OTID) Validate() error
- type OTIDs
- type OTVID
- type Response
- type ServiceClient
- type ServiceConfig
- type SignInput
- type SignOutput
- type Token
- type TrustDomain
Constants ¶
const (
// CtxHeaderKey ...
CtxHeaderKey ctxKey = 0
)
const Version = "v0.10.0"
Version ...
Variables ¶
var DefaultHTTPClient = NewClient(nil)
DefaultHTTPClient ...
Functions ¶
func AddTokenToHeader ¶ added in v0.3.0
AddTokenToHeader ...
func ExtractTokenFromHeader ¶ added in v0.3.0
ExtractTokenFromHeader ...
func SelectEndpoints ¶ added in v0.8.0
func SelectEndpoints(ctx context.Context, serviceEndpoints []string, cli HTTPClient) (string, error)
SelectEndpoints ...
Types ¶
type Client ¶ added in v0.9.0
type Client struct { *http.Client Header http.Header ConstraintEndpoint string // set it for testing purposes only }
Client ...
type DomainConfig ¶ added in v0.10.0
DomainConfig ...
type DomainResolver ¶ added in v0.10.0
type DomainResolver struct {
// contains filtered or unexported fields
}
DomainResolver ...
func (*DomainResolver) Resolve ¶ added in v0.10.0
func (dr *DomainResolver) Resolve(ctx context.Context) (*DomainConfig, error)
Resolve ...
type HTTPClient ¶ added in v0.3.1
type HTTPClient interface {
Do(ctx context.Context, method, api string, h http.Header, input, output interface{}) error
}
HTTPClient ...
type OTClient ¶ added in v0.8.0
type OTClient struct { HTTPClient HTTPClient // contains filtered or unexported fields }
OTClient ...
func NewOTClient ¶ added in v0.8.0
NewOTClient ...
func (*OTClient) AddAudience ¶ added in v0.9.0
AddAudience add audience service' config to the OTClient. do not call this method if trust domain's OT-Auth service is online.
func (*OTClient) Domain ¶ added in v0.10.0
func (oc *OTClient) Domain(td TrustDomain) *DomainResolver
Domain ...
func (*OTClient) ParseOTVID ¶ added in v0.8.0
ParseOTVID ...
func (*OTClient) Service ¶ added in v0.10.0
func (oc *OTClient) Service(aud OTID) *ServiceClient
Service ...
func (*OTClient) SetDomainKeys ¶ added in v0.8.0
SetDomainKeys set trust domain's public keys persistently do not call this method if trust domain's OT-Auth service is online.
func (*OTClient) SetPrivateKeys ¶ added in v0.8.0
SetPrivateKeys ...
type OTID ¶
type OTID struct {
// contains filtered or unexported fields
}
OTID is a Open Trust Identity
func NewOTID ¶
NewOTID creates a new OTID using the trust domain (e.g. example.org) and subject parameters (type and ID).
func (OTID) IsDomainID ¶ added in v0.6.1
IsDomainID returns true if the OTID is the trust domain' OTID.
func (OTID) MarshalJSON ¶
MarshalJSON implements the json.Marshaler interface.
func (OTID) MarshalText ¶
MarshalText implements the encoding.TextMarshaler interface.
func (OTID) MemberOf ¶
func (id OTID) MemberOf(td TrustDomain) bool
MemberOf returns true if the OTID is a member of the given trust domain.
func (OTID) String ¶
String returns the string representation of the OTID. e.g., "otid:ot.example.com:user:9eebccd2-12bf-40a6-b262-65fe0487d453".
func (OTID) TrustDomain ¶
func (id OTID) TrustDomain() TrustDomain
TrustDomain returns the OTID's trust domain.
func (*OTID) UnmarshalJSON ¶
UnmarshalJSON implements the json.Unmarshaler interface.
func (*OTID) UnmarshalText ¶
UnmarshalText implements the encoding.TextUnmarshaler interface.
type OTIDs ¶
type OTIDs []OTID
OTIDs ...
func ParseOTIDs ¶
ParseOTIDs parses Open Trust IDs from a string slice.
type OTVID ¶
type OTVID struct { // ID is the Open Trust ID of the OTVID as present in the 'sub' claim ID OTID // Issuer is the principal that issued OTVID as present in 'iss' claim Issuer OTID // Audience is the intended recipient of OTVID as present in the 'aud' claim Audience OTID // Expiry is the expiration time of OTVID as present in 'exp' claim Expiry time.Time // IssuedAt is the the time at which the OTVID was issued as present in 'iat' claim IssuedAt time.Time // Release ID ReleaseID string // Claims is the parsed claims from token Claims map[string]interface{} // contains filtered or unexported fields }
OTVID represents a Open Trust Verifiable Identity Document.
func ParseOTVID ¶
ParseOTVID parses a OTVID from a serialized JWT token. The OTVID signature is verified using the JWK set.
func ParseOTVIDInsecure ¶
ParseOTVIDInsecure parses a OTVID from a serialized JWT token. The OTVID signature is not verified.
type Response ¶ added in v0.8.0
type Response struct { Error interface{} `json:"error"` Result interface{} `json:"result"` }
Response ...
type ServiceClient ¶ added in v0.9.0
type ServiceClient struct {
// contains filtered or unexported fields
}
ServiceClient ...
func (*ServiceClient) Do ¶ added in v0.9.0
func (sc *ServiceClient) Do(ctx context.Context, method, path string, h http.Header, input, output interface{}) error
Do ...
func (*ServiceClient) Resolve ¶ added in v0.9.0
func (sc *ServiceClient) Resolve(ctx context.Context) (*ServiceConfig, error)
Resolve ...
type ServiceConfig ¶ added in v0.10.0
type ServiceConfig struct { OTVID *OTVID // subject' OTVID to access the service Endpoint string // service's endpoint }
ServiceConfig ...
type SignInput ¶ added in v0.8.0
type SignInput struct { Subject OTID `json:"sub"` // 申请签发 OTVID 的 sub,可以是联盟信任域的 sub Audience OTID `json:"aud"` // 申请签发 OTVID 的 aud,可以是联盟信任域的 aud Expiry int64 `json:"exp"` Claims map[string]interface{} `json:"claims"` // 需要包含的其它签发数据 ForwardedOTVID string `json:"forwardedOtvid"` // 请求主体与 sub 不一致则是代理申请,且请求主体不是联盟域,需要 sub 的自签发 OTVID }
SignInput ...
type SignOutput ¶ added in v0.9.0
type SignOutput struct { Issuer OTID `json:"iss"` Audience OTID `json:"aud"` Expiry int64 `json:"exp"` OTVID string `json:"otvid"` ServiceEndpoints []string `json:"serviceEndpoints"` }
SignOutput ...
type TrustDomain ¶
type TrustDomain string
TrustDomain ...
func (TrustDomain) ConfigURL ¶ added in v0.8.0
func (td TrustDomain) ConfigURL() string
ConfigURL returns the Open Trust Authority URL for for retrieving configuration information, e.g. https://example.org/.well-known/open-trust-configuration.
func (TrustDomain) NewOTID ¶
func (td TrustDomain) NewOTID(subjectType, subjectID string) OTID
NewOTID returns a Open Trust ID with the given subjectType and subjectID inside the trust domain. The OTID should be checked with Validate() method before using.
func (TrustDomain) OTID ¶
func (td TrustDomain) OTID() OTID
OTID returns the trust domain' OTID. The TrustDomain should be checked with Validate() method before using.
func (TrustDomain) String ¶
func (td TrustDomain) String() string
String returns the trust domain as a string, e.g. example.org.
func (TrustDomain) Validate ¶
func (td TrustDomain) Validate() error
Validate returns a error if the trust domain is invalid.