conf

package
v0.5.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 30, 2020 License: Apache-2.0 Imports: 14 Imported by: 0

Documentation

Overview

Package conf defines the configuration files for the scion-pki tool.

Config files

The way scion-pki generates trust material, such as TRCs or certificates, can be configured through configuration files. There are four configuration file types:

TRC: For each TRC version, there is exactly one configuration file. The config specifies the contents of the TRC (e.g. the validity period, the voting ASes and which keys to use).

Keys: Each AS has a keys configuration file that specifies all keys with their version, validity and algorithm.

AS certificate: For each AS certificate version, there is exactly one configuration file. The config specifies the contents of the certificate (e.g. the validity period, the issuing AS, and which keys to use).

Issuer certificate: For each Issuer certificate version, there is exactly one configuration file. The config specifies the contents of the certificate (e.g. the validity period, the issuing AS, and which keys to use).

Directory Structure

The directory structure how config files are arranged and the file naming is rigid. A sample tree is shown below. This package exposes a set of helper functions to determine the correct file names. 

<root>/
├── ISD1
│   ├── ASff00_0_110
│   │   ├── as-v1.toml
│   │   ├── iss-v1.toml
│   │   ├── keys.toml
│   │   ...
│   ├── ASff00_0_120
│   │   ├── as-v1.toml
│   │   ├── as-v2.toml
│   │   ├── keys.toml
│   │   ...
│   ├── ASff00_0_130
│   │    ...
│   ├── trc-v1.toml
│   ...
├── ISD2
    ...

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func ASFile added in v0.5.0 

func ASFile(dir string, ia addr.IA, version scrypto.Version) string

ASFile returns the file where the AS certificate config is written to.

func AllASFiles added in v0.5.0 

func AllASFiles(dir string, ia addr.IA) string

AllASFiles returns a glob string that matches all AS files for the given IA.

func AllIssuerFiles added in v0.5.0 

func AllIssuerFiles(dir string, ia addr.IA) string

AllIssuerFiles returns a glob string that matches all issuer files for the given IA.

func AllTRCFiles added in v0.5.0 

func AllTRCFiles(dir string, isd addr.ISD) string

AllTRCFiles returns a glob string that matches all TRC files for the given isd.

func IssuerFile added in v0.5.0 

func IssuerFile(dir string, ia addr.IA, version scrypto.Version) string

IssuerFile returns the file where the issuer certificate config is written to.

func KeysFile added in v0.5.0 

func KeysFile(dir string, ia addr.IA) string

KeysFile returns the file where the keys config is written to.

func TRCFile added in v0.5.0 

func TRCFile(dir string, isd addr.ISD, version scrypto.Version) string

TRCFile returns the file where the TRC config is written to.

Types

type AS added in v0.5.0 

type AS struct {
	Description          string              `toml:"description"`
	Version              scrypto.Version     `toml:"version"`
	SigningKeyVersion    *scrypto.KeyVersion `toml:"signing_key_version"`
	EncryptionKeyVersion *scrypto.KeyVersion `toml:"encryption_key_version"`
	RevocationKeyVersion *scrypto.KeyVersion `toml:"revocation_key_version"`
	IssuerIA             addr.IA             `toml:"issuer_ia"`
	IssuerCertVersion    scrypto.Version     `toml:"issuer_cert_version"`
	OptDistPoints        []addr.IA           `toml:"optional_distribution_points"`
	Validity             Validity            `toml:"validity"`
}

AS holds the AS certificate configuration.

func LoadAS added in v0.5.0 

func LoadAS(file string) (AS, error)

LoadAS loads the AS certificate configuration from the provided file. The contents are already validated.

func (AS) Encode added in v0.5.0 

func (cfg AS) Encode(w io.Writer) error

Encode writes the encoded AS certificate config to the writer.

func (AS) Validate added in v0.5.0 

func (cfg AS) Validate() error

Validate checks all values are set.

type Issuer added in v0.5.0 

type Issuer struct {
	Description            string              `toml:"description"`
	Version                scrypto.Version     `toml:"version"`
	IssuingGrantKeyVersion *scrypto.KeyVersion `toml:"issuing_grant_key_version"`
	RevocationKeyVersion   *scrypto.KeyVersion `toml:"revocation_key_version"`
	TRCVersion             scrypto.Version     `toml:"trc_version"`
	OptDistPoints          []addr.IA           `toml:"optional_distribution_points"`
	Validity               Validity            `toml:"validity"`
}

Issuer holds the issuer certificate configuration.

func LoadIssuer added in v0.5.0 

func LoadIssuer(file string) (Issuer, error)

LoadIssuer loads the issuer certificate configuration from the provided file. The contents are already validated.

func (Issuer) Encode added in v0.5.0 

func (cfg Issuer) Encode(w io.Writer) error

Encode writes the encoded issuer certificate config to the writer.

func (Issuer) Validate added in v0.5.0 

func (cfg Issuer) Validate() error

Validate checks all values are set.

type KeyMeta added in v0.5.0 

type KeyMeta struct {
	Algorithm string   `toml:"algorithm"`
	Validity  Validity `toml:"validity"`
}

KeyMeta defines the key metadata.

func (KeyMeta) Validate added in v0.5.0 

func (m KeyMeta) Validate() error

Validate checks all values.

type Keys added in v0.5.0 

type Keys struct {
	Primary map[trc.KeyType]map[scrypto.KeyVersion]KeyMeta
	Issuer  map[cert.KeyType]map[scrypto.KeyVersion]KeyMeta
	AS      map[cert.KeyType]map[scrypto.KeyVersion]KeyMeta
}

Keys holds the key configuration.

func LoadKeys added in v0.5.0 

func LoadKeys(file string) (Keys, error)

LoadKeys loads the keys from the provided file. The contents are already validated.

func (Keys) Encode added in v0.5.0 

func (k Keys) Encode(w io.Writer) error

Encode writes the encoded keys config to the writer.

func (Keys) Validate added in v0.5.0 

func (k Keys) Validate() error

Validate checks all key metas.

type Primary added in v0.5.0 

type Primary struct {
	Attributes              trc.Attributes      `toml:"attributes"`
	IssuingGrantKeyVersion  *scrypto.KeyVersion `toml:"issuing_grant_key_version"`
	VotingOnlineKeyVersion  *scrypto.KeyVersion `toml:"voting_online_key_version"`
	VotingOfflineKeyVersion *scrypto.KeyVersion `toml:"voting_offline_key_version"`
}

Primary holds the primary AS configuration.

func (Primary) Validate added in v0.5.0 

func (p Primary) Validate() error

Validate checks the right keys are set.

type TRC added in v0.5.0 

type TRC struct {
	Description       string
	Version           scrypto.Version
	BaseVersion       scrypto.Version
	VotingQuorum      uint16
	GracePeriod       util.DurWrap
	TrustResetAllowed *bool
	Votes             []addr.AS
	Validity          Validity
	PrimaryASes       map[addr.AS]Primary
}

TRC holds the TRC configuration.

func LoadTRC added in v0.5.0 

func LoadTRC(file string) (TRC, error)

LoadTRC loads the TRC configuration from the provided file. The contents are already validated.

func (TRC) Encode added in v0.5.0 

func (cfg TRC) Encode(w io.Writer) error

Encode writes the encoded TRC config to the writer.

func (TRC) Validate added in v0.5.0 

func (cfg TRC) Validate() error

Validate checks all values are set.

type Validity added in v0.5.0 

type Validity struct {
	NotBefore uint32       `toml:"not_before"`
	Validity  util.DurWrap `toml:"validity"`
}

Validity defines a validity period.

func (Validity) Eval added in v0.5.0 

func (v Validity) Eval(notBefore time.Time) scrypto.Validity

Eval returns the validity period. The not before parameter is only used if the struct's not before field value is zero.

func (Validity) Validate added in v0.5.0 

func (v Validity) Validate() error

Validate checks that the validity is set.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.