Documentation
¶
Index ¶
- Constants
- func ConvertToAuditKasPolicy(policy Policy) audit.KasPolicy
- type Attribute
- type CurrentKeyFor
- type Error
- type KASConfig
- type KeyAccess
- type Policy
- type PolicyBody
- type Provider
- func (p *Provider) IsReady(ctx context.Context) error
- func (p Provider) LegacyPublicKey(ctx context.Context, in *kaspb.LegacyPublicKeyRequest) (*wrapperspb.StringValue, error)
- func (p Provider) PublicKey(ctx context.Context, in *kaspb.PublicKeyRequest) (*kaspb.PublicKeyResponse, error)
- func (p *Provider) Rewrap(ctx context.Context, in *kaspb.RewrapRequest) (*kaspb.RewrapResponse, error)
- type RequestBody
- type SignedRequestBody
Constants ¶
View Source
const ( ErrPolicyDissemInvalid = Error("policy dissem invalid") ErrDecisionUnexpected = Error("authorization decision unexpected") ErrDecisionCountUnexpected = Error("authorization decision count unexpected") )
View Source
const ( ErrHSM = Error("hsm unexpected") ErrConfig = Error("invalid config") )
View Source
const ( ErrCertificateEncode = Error("certificate encode error") ErrPublicKeyMarshal = Error("public key marshal error") )
View Source
const ( ErrUser = Error("request error") ErrInternal = Error("internal error") )
Variables ¶
This section is empty.
Functions ¶
func ConvertToAuditKasPolicy ¶ added in v0.4.6
Audit helper methods
Types ¶
type CurrentKeyFor ¶ added in v0.4.7
type CurrentKeyFor struct {
Algorithm string `mapstructure:"alg"`
KID string `mapstructure:"kid"`
// Indicates that the key should not be serves by default,
// but instead is allowed for legacy reasons on decrypt (rewrap) only
Legacy bool `mapstructure:"legacy"`
}
Specifies the preferred/default key for a given algorithm type.
type KASConfig ¶ added in v0.4.7
type KASConfig struct {
// Which keys are currently the default.
Keyring []CurrentKeyFor `mapstructure:"keyring"`
// Deprecated
ECCertID string `mapstructure:"eccertid"`
// Deprecated
RSACertID string `mapstructure:"rsacertid"`
}
type KeyAccess ¶ added in v0.4.7
type KeyAccess struct {
EncryptedMetadata string `json:"encryptedMetadata,omitempty"`
PolicyBinding string `json:"policyBinding,omitempty"`
Protocol string `json:"protocol"`
Type string `json:"type"`
URL string `json:"url"`
KID string `json:"kid,omitempty"`
WrappedKey []byte `json:"wrappedKey,omitempty"`
Header []byte `json:"header,omitempty"`
Algorithm string `json:"algorithm,omitempty"`
}
type Policy ¶
type Policy struct {
UUID uuid.UUID `json:"uuid"`
Body PolicyBody `json:"body"`
}
type PolicyBody ¶
type Provider ¶
type Provider struct {
kaspb.AccessServiceServer
URI url.URL `json:"uri"`
SDK *otdf.SDK
AttributeSvc *url.URL
CryptoProvider security.CryptoProvider
Logger *logger.Logger
Config *serviceregistry.ServiceConfig
KASConfig
}
func (Provider) LegacyPublicKey ¶
func (p Provider) LegacyPublicKey(ctx context.Context, in *kaspb.LegacyPublicKeyRequest) (*wrapperspb.StringValue, error)
func (Provider) PublicKey ¶
func (p Provider) PublicKey(ctx context.Context, in *kaspb.PublicKeyRequest) (*kaspb.PublicKeyResponse, error)
func (*Provider) Rewrap ¶
func (p *Provider) Rewrap(ctx context.Context, in *kaspb.RewrapRequest) (*kaspb.RewrapResponse, error)
type RequestBody ¶
type RequestBody struct {
AuthToken string `json:"authToken"`
KeyAccess KeyAccess `json:"keyAccess"`
Policy string `json:"policy,omitempty"`
Algorithm string `json:"algorithm,omitempty"`
ClientPublicKey string `json:"clientPublicKey"`
PublicKey interface{} `json:"-"`
SchemaVersion string `json:"schemaVersion,omitempty"`
}
type SignedRequestBody ¶ added in v0.4.1
type SignedRequestBody struct {
RequestBody string `json:"requestBody"`
}
Source Files
Click to show internal directories.
Click to hide internal directories.