Documentation ¶
Index ¶
- Constants
- Variables
- func NewCachedKeyService(baseKeyService signed.CryptoService) signed.CryptoService
- type GormPrivateKey
- type RDBPrivateKey
- type RethinkDBKeyStore
- func (rdb *RethinkDBKeyStore) AddKey(role data.RoleName, gun data.GUN, privKey data.PrivateKey) error
- func (rdb RethinkDBKeyStore) Bootstrap() error
- func (rdb RethinkDBKeyStore) CheckHealth() error
- func (rdb RethinkDBKeyStore) Create(role data.RoleName, gun data.GUN, algorithm string) (data.PublicKey, error)
- func (rdb *RethinkDBKeyStore) GetKey(keyID string) data.PublicKey
- func (rdb *RethinkDBKeyStore) GetPrivateKey(keyID string) (data.PrivateKey, data.RoleName, error)
- func (rdb RethinkDBKeyStore) ListAllKeys() map[string]data.RoleName
- func (rdb RethinkDBKeyStore) ListKeys(role data.RoleName) []string
- func (rdb *RethinkDBKeyStore) Name() string
- func (rdb RethinkDBKeyStore) RemoveKey(keyID string) error
- func (rdb RethinkDBKeyStore) RotateKeyPassphrase(keyID, newPassphraseAlias string) error
- type SQLKeyDBStore
- func (s *SQLKeyDBStore) AddKey(role data.RoleName, gun data.GUN, privKey data.PrivateKey) error
- func (s *SQLKeyDBStore) Create(role data.RoleName, gun data.GUN, algorithm string) (data.PublicKey, error)
- func (s *SQLKeyDBStore) GetKey(keyID string) data.PublicKey
- func (s *SQLKeyDBStore) GetPrivateKey(keyID string) (data.PrivateKey, data.RoleName, error)
- func (s *SQLKeyDBStore) HealthCheck() error
- func (s *SQLKeyDBStore) ListAllKeys() map[string]data.RoleName
- func (s *SQLKeyDBStore) ListKeys(role data.RoleName) []string
- func (s *SQLKeyDBStore) Name() string
- func (s *SQLKeyDBStore) RemoveKey(keyID string) error
- func (s *SQLKeyDBStore) RotateKeyPassphrase(keyID, newPassphraseAlias string) error
Constants ¶
const ( EncryptionAlg = jose.A256GCM KeywrapAlg = jose.PBES2_HS256_A128KW )
Constants
Variables ¶
var PrivateKeysRethinkTable = rethinkdb.Table{ Name: RDBPrivateKey{}.TableName(), PrimaryKey: "key_id", JSONUnmarshaller: rdbPrivateKeyFromJSON, }
PrivateKeysRethinkTable is the table definition for notary signer's key information
Functions ¶
func NewCachedKeyService ¶ added in v0.4.0
func NewCachedKeyService(baseKeyService signed.CryptoService) signed.CryptoService
NewCachedKeyService returns a new signed.CryptoService that includes caching
Types ¶
type GormPrivateKey ¶
type GormPrivateKey struct { gorm.Model KeyID string `sql:"type:varchar(255);not null;unique;index:key_id_idx"` EncryptionAlg string `sql:"type:varchar(255);not null"` KeywrapAlg string `sql:"type:varchar(255);not null"` Algorithm string `sql:"type:varchar(50);not null"` PassphraseAlias string `sql:"type:varchar(50);not null"` Gun string `sql:"type:varchar(255);not null"` Role string `sql:"type:varchar(255);not null"` Public string `sql:"type:blob;not null"` Private string `sql:"type:blob;not null"` LastUsed time.Time `sql:"type:datetime;null;default:null"` }
GormPrivateKey represents a PrivateKey in the database
func (GormPrivateKey) TableName ¶
func (g GormPrivateKey) TableName() string
TableName sets a specific table name for our GormPrivateKey
type RDBPrivateKey ¶ added in v0.3.0
type RDBPrivateKey struct { rethinkdb.Timing KeyID string `gorethink:"key_id"` EncryptionAlg string `gorethink:"encryption_alg"` KeywrapAlg string `gorethink:"keywrap_alg"` Algorithm string `gorethink:"algorithm"` PassphraseAlias string `gorethink:"passphrase_alias"` Gun data.GUN `gorethink:"gun"` Role data.RoleName `gorethink:"role"` // gorethink specifically supports binary types, and says to pass it in as // a byteslice. Currently our encryption method for the private key bytes // produces a base64-encoded string, but for future compatibility in case // we change how we encrypt, use a byteslace for the encrypted private key // too Public []byte `gorethink:"public"` Private []byte `gorethink:"private"` // whether this key is active or not LastUsed time.Time `gorethink:"last_used"` }
RDBPrivateKey represents a PrivateKey in the rethink database
func (RDBPrivateKey) TableName ¶ added in v0.3.0
func (g RDBPrivateKey) TableName() string
TableName sets a specific table name for our RDBPrivateKey
type RethinkDBKeyStore ¶ added in v0.3.0
type RethinkDBKeyStore struct {
// contains filtered or unexported fields
}
RethinkDBKeyStore persists and manages private keys on a RethinkDB database
func NewRethinkDBKeyStore ¶ added in v0.3.0
func NewRethinkDBKeyStore(dbName, username, password string, passphraseRetriever notary.PassRetriever, defaultPassAlias string, rethinkSession *gorethink.Session) *RethinkDBKeyStore
NewRethinkDBKeyStore returns a new RethinkDBKeyStore backed by a RethinkDB database
func (*RethinkDBKeyStore) AddKey ¶ added in v0.3.0
func (rdb *RethinkDBKeyStore) AddKey(role data.RoleName, gun data.GUN, privKey data.PrivateKey) error
AddKey stores the contents of a private key. Both role and gun are ignored, we always use Key IDs as name, and don't support aliases
func (RethinkDBKeyStore) Bootstrap ¶ added in v0.3.0
func (rdb RethinkDBKeyStore) Bootstrap() error
Bootstrap sets up the database and tables, also creating the notary signer user with appropriate db permission
func (RethinkDBKeyStore) CheckHealth ¶ added in v0.3.0
func (rdb RethinkDBKeyStore) CheckHealth() error
CheckHealth verifies that DB exists and is query-able
func (RethinkDBKeyStore) Create ¶ added in v0.4.0
func (rdb RethinkDBKeyStore) Create(role data.RoleName, gun data.GUN, algorithm string) (data.PublicKey, error)
Create will attempt to first re-use an inactive key for the same role, gun, and algorithm. If one isn't found, it will create a private key and add it to the DB as an inactive key
func (*RethinkDBKeyStore) GetKey ¶ added in v0.3.0
func (rdb *RethinkDBKeyStore) GetKey(keyID string) data.PublicKey
GetKey returns the PublicKey given a KeyID, and does not activate the key
func (*RethinkDBKeyStore) GetPrivateKey ¶ added in v0.4.0
func (rdb *RethinkDBKeyStore) GetPrivateKey(keyID string) (data.PrivateKey, data.RoleName, error)
GetPrivateKey returns the PrivateKey given a KeyID
func (RethinkDBKeyStore) ListAllKeys ¶ added in v0.4.0
func (rdb RethinkDBKeyStore) ListAllKeys() map[string]data.RoleName
ListAllKeys always returns nil. This method is here to satisfy the CryptoService interface
func (RethinkDBKeyStore) ListKeys ¶ added in v0.3.0
func (rdb RethinkDBKeyStore) ListKeys(role data.RoleName) []string
ListKeys always returns nil. This method is here to satisfy the CryptoService interface
func (*RethinkDBKeyStore) Name ¶ added in v0.3.0
func (rdb *RethinkDBKeyStore) Name() string
Name returns a user friendly name for the storage location
func (RethinkDBKeyStore) RemoveKey ¶ added in v0.3.0
func (rdb RethinkDBKeyStore) RemoveKey(keyID string) error
RemoveKey removes the key from the table
func (RethinkDBKeyStore) RotateKeyPassphrase ¶ added in v0.3.0
func (rdb RethinkDBKeyStore) RotateKeyPassphrase(keyID, newPassphraseAlias string) error
RotateKeyPassphrase rotates the key-encryption-key
type SQLKeyDBStore ¶ added in v0.4.0
type SQLKeyDBStore struct {
// contains filtered or unexported fields
}
SQLKeyDBStore persists and manages private keys on a SQL database
func NewSQLKeyDBStore ¶ added in v0.4.0
func NewSQLKeyDBStore(passphraseRetriever notary.PassRetriever, defaultPassAlias string, dbDialect string, dbArgs ...interface{}) (*SQLKeyDBStore, error)
NewSQLKeyDBStore returns a new SQLKeyDBStore backed by a SQL database
func (*SQLKeyDBStore) AddKey ¶ added in v0.4.0
func (s *SQLKeyDBStore) AddKey(role data.RoleName, gun data.GUN, privKey data.PrivateKey) error
AddKey stores the contents of a private key. Both role and gun are ignored, we always use Key IDs as name, and don't support aliases
func (*SQLKeyDBStore) Create ¶ added in v0.4.0
func (s *SQLKeyDBStore) Create(role data.RoleName, gun data.GUN, algorithm string) (data.PublicKey, error)
Create will attempt to first re-use an inactive key for the same role, gun, and algorithm. If one isn't found, it will create a private key and add it to the DB as an inactive key
func (*SQLKeyDBStore) GetKey ¶ added in v0.4.0
func (s *SQLKeyDBStore) GetKey(keyID string) data.PublicKey
GetKey performs the same get as GetPrivateKey, but does not mark the as active and only returns the public bytes
func (*SQLKeyDBStore) GetPrivateKey ¶ added in v0.4.0
func (s *SQLKeyDBStore) GetPrivateKey(keyID string) (data.PrivateKey, data.RoleName, error)
GetPrivateKey returns the PrivateKey given a KeyID
func (*SQLKeyDBStore) HealthCheck ¶ added in v0.4.0
func (s *SQLKeyDBStore) HealthCheck() error
HealthCheck verifies that DB exists and is query-able
func (*SQLKeyDBStore) ListAllKeys ¶ added in v0.4.0
func (s *SQLKeyDBStore) ListAllKeys() map[string]data.RoleName
ListAllKeys always returns nil. This method is here to satisfy the CryptoService interface
func (*SQLKeyDBStore) ListKeys ¶ added in v0.4.0
func (s *SQLKeyDBStore) ListKeys(role data.RoleName) []string
ListKeys always returns nil. This method is here to satisfy the CryptoService interface
func (*SQLKeyDBStore) Name ¶ added in v0.4.0
func (s *SQLKeyDBStore) Name() string
Name returns a user friendly name for the storage location
func (*SQLKeyDBStore) RemoveKey ¶ added in v0.4.0
func (s *SQLKeyDBStore) RemoveKey(keyID string) error
RemoveKey removes the key from the keyfilestore
func (*SQLKeyDBStore) RotateKeyPassphrase ¶ added in v0.4.0
func (s *SQLKeyDBStore) RotateKeyPassphrase(keyID, newPassphraseAlias string) error
RotateKeyPassphrase rotates the key-encryption-key