access

package
v0.4.20 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Aug 22, 2024 License: BSD-3-Clause-Clear Imports: 36 Imported by: 0

Documentation

Index

Constants

View Source
const (
	ErrPolicyDissemInvalid     = Error("policy dissem invalid")
	ErrDecisionUnexpected      = Error("authorization decision unexpected")
	ErrDecisionCountUnexpected = Error("authorization decision count unexpected")
)
View Source
const (
	ErrHSM    = Error("hsm unexpected")
	ErrConfig = Error("invalid config")
)
View Source
const (
	ErrCertificateEncode = Error("certificate encode error")
	ErrPublicKeyMarshal  = Error("public key marshal error")
)
View Source
const (
	ErrUser     = Error("request error")
	ErrInternal = Error("internal error")
)

Variables

This section is empty.

Functions

func ConvertToAuditKasPolicy added in v0.4.6

func ConvertToAuditKasPolicy(policy Policy) audit.KasPolicy

Audit helper methods

Types

type Attribute

type Attribute struct {
	URI           string           `json:"attribute"` // attribute
	PublicKey     crypto.PublicKey `json:"pubKey"`    // pubKey
	ProviderURI   string           `json:"kasUrl"`    // kasUrl
	SchemaVersion string           `json:"tdf_spec_version,omitempty"`
	Name          string           `json:"displayName"` // displayName
}

type CurrentKeyFor added in v0.4.7

type CurrentKeyFor struct {
	Algorithm string `mapstructure:"alg" json:"alg"`
	KID       string `mapstructure:"kid" json:"kid"`
	// Indicates that the key should not be serves by default,
	// but instead is allowed for legacy reasons on decrypt (rewrap) only
	Legacy bool `mapstructure:"legacy" json:"legacy"`
}

Specifies the preferred/default key for a given algorithm type.

type Error

type Error string

func (Error) Error

func (e Error) Error() string

type KASConfig added in v0.4.7

type KASConfig struct {
	// Which keys are currently the default.
	Keyring []CurrentKeyFor `mapstructure:"keyring" json:"keyring"`
	// Deprecated
	ECCertID string `mapstructure:"eccertid" json:"eccertid"`
	// Deprecated
	RSACertID string `mapstructure:"rsacertid" json:"rsacertid"`
}

type KeyAccess added in v0.4.7

type KeyAccess struct {
	EncryptedMetadata string      `json:"encryptedMetadata,omitempty"`
	PolicyBinding     interface{} `json:"policyBinding,omitempty"`
	Protocol          string      `json:"protocol"`
	Type              string      `json:"type"`
	URL               string      `json:"url"`
	KID               string      `json:"kid,omitempty"`
	SID               string      `json:"sid,omitempty"`
	WrappedKey        []byte      `json:"wrappedKey,omitempty"`
	Header            []byte      `json:"header,omitempty"`
	Algorithm         string      `json:"algorithm,omitempty"`
}

type Policy

type Policy struct {
	UUID uuid.UUID  `json:"uuid"`
	Body PolicyBody `json:"body"`
}

type PolicyBody

type PolicyBody struct {
	DataAttributes []Attribute `json:"dataAttributes"`
	Dissem         []string    `json:"dissem"`
}

type Provider

type Provider struct {
	kaspb.AccessServiceServer
	URI            url.URL `json:"uri"`
	SDK            *otdf.SDK
	AttributeSvc   *url.URL
	CryptoProvider security.CryptoProvider
	Logger         *logger.Logger
	Config         *serviceregistry.ServiceConfig
	KASConfig
}

func (*Provider) IsReady added in v0.4.2

func (p *Provider) IsReady(ctx context.Context) error

func (Provider) LegacyPublicKey

func (Provider) PublicKey

func (*Provider) Rewrap

type RequestBody

type RequestBody struct {
	AuthToken       string      `json:"authToken"`
	KeyAccess       KeyAccess   `json:"keyAccess"`
	Policy          string      `json:"policy,omitempty"`
	Algorithm       string      `json:"algorithm,omitempty"`
	ClientPublicKey string      `json:"clientPublicKey"`
	PublicKey       interface{} `json:"-"`
	SchemaVersion   string      `json:"schemaVersion,omitempty"`
}

type SignedRequestBody added in v0.4.1

type SignedRequestBody struct {
	RequestBody string `json:"requestBody"`
}

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL