util

package
v0.0.0-...-09899ef Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jun 23, 2021 License: MIT Imports: 23 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source
var (
	// ListenAddr is the http server listen address
	ListenAddr string

	// ListenPort is the http server listen port
	ListenPort string

	// CertificatePath is the SSL certificate path used by HTTPS listener
	CertificatePath string

	// PrivateKeyPath is the private key used by HTTPS listener
	PrivateKeyPath string

	// ServeTLS is true when CertificatePath and PrivateKeyPath are valid
	ServeTLS bool
)

gin configuration vars

View Source
var (

	// JWTApplicationClaimsKey is the key within the JWT payload where application-specific claims are encoded
	JWTApplicationClaimsKey string

	// JWTAuthorizationAudience is the audience who will consume the JWT; this will be set as the JWT "aud" claim
	JWTAuthorizationAudience string

	// JWTAlternativeAuthorizationAudiences are additional valid audiences who will consume signed JWTs, keyed on a scope; these will be allowed to be set as the JWT "aud" claim
	JWTAlternativeAuthorizationAudiences map[string]interface{}

	// JWTAuthorizationIssuer is the common name of the operator of the token vending machine; this will be set as the JWT "iss" claim
	JWTAuthorizationIssuer string

	// JWTAuthorizationTTL is the ttl in milliseconds for new token authorizations, calculated from the issued at timestamp ("iat" claim)
	JWTAuthorizationTTL time.Duration

	// JWTNatsClaimsKey is the key within the JWT claims payload where NATS-specific claims are encoded
	JWTNatsClaimsKey string

	// JWTNatsAuthorizationAudience is the audience who will consume the NATS bearer authorization JWT; this will be set as the JWT "aud" claim
	JWTNatsAuthorizationAudience string

	// Vault is the vault instance
	Vault *vault.Vault
)
View Source
var (
	// DefaultVaultAccessJWT for the default vault context
	DefaultVaultAccessJWT string
)

Functions

func AuthorizedSubjectID

func AuthorizedSubjectID(c *gin.Context, subject string) *uuid.UUID

AuthorizedSubjectID returns the requested JWT subject if it matches

func ParseBearerAuthorizationHeader

func ParseBearerAuthorizationHeader(c *gin.Context, keyfunc *func(_jwtToken *jwt.Token) (interface{}, error)) (*jwt.Token, error)

ParseBearerAuthorizationHeader parses a bearer authorization header expecting to find a valid JWT token; returns the token if present

func RequireGin

func RequireGin()

RequireGin initializes the gin configuration

func RequireJWT

func RequireJWT() map[string]*JWTKeypair

RequireJWT allows a package to conditionally require a valid JWT configuration in the ident environment; at least one RS256 keypair must be configured using the JWT_SIGNER_PRIVATE_KEY and JWT_SIGNER_PUBLIC_KEY environment variables

func RequireJWTVerifiers

func RequireJWTVerifiers() map[string]*JWTKeypair

RequireJWTVerifiers allows a package to conditionally require RS256 signature verification in the configured environment via JWT_SIGNER_PUBLIC_KEY; the use-case for this support is when another microservice is depending on the token authorization middleware provided in this package

func RequireVault

func RequireVault()

RequireVault panics if the VAULT_REFRESH_TOKEN is not given or an access token is otherwise unable to be obtained; attepts to unseal the vault if possible

func ResolveCapabilitiesManifest

func ResolveCapabilitiesManifest() (map[string]interface{}, error)

ResolveCapabilitiesManifest attempts to resolve the capabilities manifest from S3

func ResolveJWTKeypair

func ResolveJWTKeypair(fingerprint *string) (*rsa.PublicKey, *rsa.PrivateKey, *vault.Key, *string)

ResolveJWTKeypair returns the configured public/private signing keypair and its fingerprint, if one has been configured; this impl will be upgraded soon to allow many key to be configured

func SealVault

func SealVault() error

SealVault seals the configured vault context

func TrackAPICalls

func TrackAPICalls() gin.HandlerFunc

TrackAPICalls returns gin middleware for tracking API calls

func UnsealVault

func UnsealVault() error

UnsealVault unseals the configured vault context

Types

type JWTKeypair

type JWTKeypair struct {
	Fingerprint  string
	PublicKey    rsa.PublicKey
	PublicKeyPEM *string
	PrivateKey   *rsa.PrivateKey
	SSHPublicKey *ssh.PublicKey
	VaultKey     *vault.Key
}

JWTKeypair enables private key or vault-based JWT signing and verification

func (*JWTKeypair) SSHSigner

func (j *JWTKeypair) SSHSigner() ssh.Signer

PublicKey returns an associated PublicKey instance.

type JWTKeypairSSHSigner

type JWTKeypairSSHSigner struct {
	// contains filtered or unexported fields
}

func (*JWTKeypairSSHSigner) PublicKey

func (j *JWTKeypairSSHSigner) PublicKey() ssh.PublicKey

PublicKey returns an associated PublicKey instance.

func (*JWTKeypairSSHSigner) Sign

func (j *JWTKeypairSSHSigner) Sign(rand io.Reader, data []byte) (*ssh.Signature, error)

Sign returns raw signature for the given data. This method will apply the hash specified for the keytype to the data.

type SigningMethodEdDSA

type SigningMethodEdDSA struct{}

SigningMethodEdDSA enables Ed25519

func (*SigningMethodEdDSA) Alg

func (m *SigningMethodEdDSA) Alg() string

Alg returns EdDSA

func (*SigningMethodEdDSA) Sign

func (m *SigningMethodEdDSA) Sign(signingString string, key interface{}) (str string, err error)

Sign the jwt using Ed25519

func (*SigningMethodEdDSA) Verify

func (m *SigningMethodEdDSA) Verify(signingString string, signature string, key interface{}) error

Verify the Ed25519 jwt

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL