keymanagerv1

package
v1.0.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jul 28, 2021 License: Apache-2.0 Imports: 9 Imported by: 10

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var (
	KeyType_name = map[int32]string{
		0: "UNSPECIFIED_KEY_TYPE",
		1: "EC_P256",
		2: "EC_P384",
		3: "RSA_2048",
		4: "RSA_4096",
	}
	KeyType_value = map[string]int32{
		"UNSPECIFIED_KEY_TYPE": 0,
		"EC_P256":              1,
		"EC_P384":              2,
		"RSA_2048":             3,
		"RSA_4096":             4,
	}
)

Enum value maps for KeyType.

View Source 
var (
	HashAlgorithm_name = map[int32]string{
		0:  "UNSPECIFIED_HASH_ALGORITHM",
		4:  "SHA224",
		5:  "SHA256",
		6:  "SHA384",
		7:  "SHA512",
		10: "SHA3_224",
		11: "SHA3_256",
		12: "SHA3_384",
		13: "SHA3_512",
		14: "SHA512_224",
		15: "SHA512_256",
	}
	HashAlgorithm_value = map[string]int32{
		"UNSPECIFIED_HASH_ALGORITHM": 0,
		"SHA224":                     4,
		"SHA256":                     5,
		"SHA384":                     6,
		"SHA512":                     7,
		"SHA3_224":                   10,
		"SHA3_256":                   11,
		"SHA3_384":                   12,
		"SHA3_512":                   13,
		"SHA512_224":                 14,
		"SHA512_256":                 15,
	}
)

Enum value maps for HashAlgorithm.

View Source 
var File_spire_plugin_server_keymanager_v1_keymanager_proto protoreflect.FileDescriptor
View Source 
var KeyManager_ServiceDesc = grpc.ServiceDesc{
	ServiceName: "spire.plugin.server.keymanager.v1.KeyManager",
	HandlerType: (*KeyManagerServer)(nil),
	Methods: []grpc.MethodDesc{
		{
			MethodName: "GenerateKey",
			Handler:    _KeyManager_GenerateKey_Handler,
		},
		{
			MethodName: "GetPublicKey",
			Handler:    _KeyManager_GetPublicKey_Handler,
		},
		{
			MethodName: "GetPublicKeys",
			Handler:    _KeyManager_GetPublicKeys_Handler,
		},
		{
			MethodName: "SignData",
			Handler:    _KeyManager_SignData_Handler,
		},
	},
	Streams:  []grpc.StreamDesc{},
	Metadata: "spire/plugin/server/keymanager/v1/keymanager.proto",
}

KeyManager_ServiceDesc is the grpc.ServiceDesc for KeyManager service. It's only intended for direct use with grpc.RegisterService, and not to be introspected or modified (even as a copy)

Functions

func KeyManagerPluginServer 

func KeyManagerPluginServer(server KeyManagerServer) pluginsdk.PluginServer

func RegisterKeyManagerServer 

func RegisterKeyManagerServer(s grpc.ServiceRegistrar, srv KeyManagerServer)

Types

type GenerateKeyRequest 

type GenerateKeyRequest struct {

	// Required. The ID to give the generated key (or to identify the existing
	// key to overwrite (see GenerateKey).
	KeyId string `protobuf:"bytes,1,opt,name=key_id,json=keyId,proto3" json:"key_id,omitempty"`
	// Required. The type of the key to generate.
	KeyType KeyType `` /* 130-byte string literal not displayed */
	// contains filtered or unexported fields
}

func (*GenerateKeyRequest) Descriptor deprecated 

func (*GenerateKeyRequest) Descriptor() ([]byte, []int)

Deprecated: Use GenerateKeyRequest.ProtoReflect.Descriptor instead.

func (*GenerateKeyRequest) GetKeyId 

func (x *GenerateKeyRequest) GetKeyId() string

func (*GenerateKeyRequest) GetKeyType 

func (x *GenerateKeyRequest) GetKeyType() KeyType

func (*GenerateKeyRequest) ProtoMessage 

func (*GenerateKeyRequest) ProtoMessage()

func (*GenerateKeyRequest) ProtoReflect 

func (x *GenerateKeyRequest) ProtoReflect() protoreflect.Message

func (*GenerateKeyRequest) Reset 

func (x *GenerateKeyRequest) Reset()

func (*GenerateKeyRequest) String 

func (x *GenerateKeyRequest) String() string

type GenerateKeyResponse 

type GenerateKeyResponse struct {

	// Required. The generated key.
	PublicKey *PublicKey `protobuf:"bytes,1,opt,name=public_key,json=publicKey,proto3" json:"public_key,omitempty"`
	// contains filtered or unexported fields
}

func (*GenerateKeyResponse) Descriptor deprecated 

func (*GenerateKeyResponse) Descriptor() ([]byte, []int)

Deprecated: Use GenerateKeyResponse.ProtoReflect.Descriptor instead.

func (*GenerateKeyResponse) GetPublicKey 

func (x *GenerateKeyResponse) GetPublicKey() *PublicKey

func (*GenerateKeyResponse) ProtoMessage 

func (*GenerateKeyResponse) ProtoMessage()

func (*GenerateKeyResponse) ProtoReflect 

func (x *GenerateKeyResponse) ProtoReflect() protoreflect.Message

func (*GenerateKeyResponse) Reset 

func (x *GenerateKeyResponse) Reset()

func (*GenerateKeyResponse) String 

func (x *GenerateKeyResponse) String() string

type GetPublicKeyRequest 

type GetPublicKeyRequest struct {

	// Required. The ID of the key to retrieve.
	KeyId string `protobuf:"bytes,1,opt,name=key_id,json=keyId,proto3" json:"key_id,omitempty"`
	// contains filtered or unexported fields
}

func (*GetPublicKeyRequest) Descriptor deprecated 

func (*GetPublicKeyRequest) Descriptor() ([]byte, []int)

Deprecated: Use GetPublicKeyRequest.ProtoReflect.Descriptor instead.

func (*GetPublicKeyRequest) GetKeyId 

func (x *GetPublicKeyRequest) GetKeyId() string

func (*GetPublicKeyRequest) ProtoMessage 

func (*GetPublicKeyRequest) ProtoMessage()

func (*GetPublicKeyRequest) ProtoReflect 

func (x *GetPublicKeyRequest) ProtoReflect() protoreflect.Message

func (*GetPublicKeyRequest) Reset 

func (x *GetPublicKeyRequest) Reset()

func (*GetPublicKeyRequest) String 

func (x *GetPublicKeyRequest) String() string

type GetPublicKeyResponse 

type GetPublicKeyResponse struct {

	// Required. The public key to return.
	PublicKey *PublicKey `protobuf:"bytes,1,opt,name=public_key,json=publicKey,proto3" json:"public_key,omitempty"`
	// contains filtered or unexported fields
}

func (*GetPublicKeyResponse) Descriptor deprecated 

func (*GetPublicKeyResponse) Descriptor() ([]byte, []int)

Deprecated: Use GetPublicKeyResponse.ProtoReflect.Descriptor instead.

func (*GetPublicKeyResponse) GetPublicKey 

func (x *GetPublicKeyResponse) GetPublicKey() *PublicKey

func (*GetPublicKeyResponse) ProtoMessage 

func (*GetPublicKeyResponse) ProtoMessage()

func (*GetPublicKeyResponse) ProtoReflect 

func (x *GetPublicKeyResponse) ProtoReflect() protoreflect.Message

func (*GetPublicKeyResponse) Reset 

func (x *GetPublicKeyResponse) Reset()

func (*GetPublicKeyResponse) String 

func (x *GetPublicKeyResponse) String() string

type GetPublicKeysRequest 

type GetPublicKeysRequest struct {
	// contains filtered or unexported fields
}

func (*GetPublicKeysRequest) Descriptor deprecated 

func (*GetPublicKeysRequest) Descriptor() ([]byte, []int)

Deprecated: Use GetPublicKeysRequest.ProtoReflect.Descriptor instead.

func (*GetPublicKeysRequest) ProtoMessage 

func (*GetPublicKeysRequest) ProtoMessage()

func (*GetPublicKeysRequest) ProtoReflect 

func (x *GetPublicKeysRequest) ProtoReflect() protoreflect.Message

func (*GetPublicKeysRequest) Reset 

func (x *GetPublicKeysRequest) Reset()

func (*GetPublicKeysRequest) String 

func (x *GetPublicKeysRequest) String() string

type GetPublicKeysResponse 

type GetPublicKeysResponse struct {

	// Required. The public keys managed by the KeyManager. May be empty.
	PublicKeys []*PublicKey `protobuf:"bytes,1,rep,name=public_keys,json=publicKeys,proto3" json:"public_keys,omitempty"`
	// contains filtered or unexported fields
}

func (*GetPublicKeysResponse) Descriptor deprecated 

func (*GetPublicKeysResponse) Descriptor() ([]byte, []int)

Deprecated: Use GetPublicKeysResponse.ProtoReflect.Descriptor instead.

func (*GetPublicKeysResponse) GetPublicKeys 

func (x *GetPublicKeysResponse) GetPublicKeys() []*PublicKey

func (*GetPublicKeysResponse) ProtoMessage 

func (*GetPublicKeysResponse) ProtoMessage()

func (*GetPublicKeysResponse) ProtoReflect 

func (x *GetPublicKeysResponse) ProtoReflect() protoreflect.Message

func (*GetPublicKeysResponse) Reset 

func (x *GetPublicKeysResponse) Reset()

func (*GetPublicKeysResponse) String 

func (x *GetPublicKeysResponse) String() string

type HashAlgorithm 

type HashAlgorithm int32
const (
	HashAlgorithm_UNSPECIFIED_HASH_ALGORITHM HashAlgorithm = 0
	// These entries (and their values) line up with a subset of the go
	// crypto.Hash constants.
	HashAlgorithm_SHA224     HashAlgorithm = 4
	HashAlgorithm_SHA256     HashAlgorithm = 5
	HashAlgorithm_SHA384     HashAlgorithm = 6
	HashAlgorithm_SHA512     HashAlgorithm = 7
	HashAlgorithm_SHA3_224   HashAlgorithm = 10
	HashAlgorithm_SHA3_256   HashAlgorithm = 11
	HashAlgorithm_SHA3_384   HashAlgorithm = 12
	HashAlgorithm_SHA3_512   HashAlgorithm = 13
	HashAlgorithm_SHA512_224 HashAlgorithm = 14
	HashAlgorithm_SHA512_256 HashAlgorithm = 15
)

func (HashAlgorithm) Descriptor 

func (HashAlgorithm) Descriptor() protoreflect.EnumDescriptor

func (HashAlgorithm) Enum 

func (x HashAlgorithm) Enum() *HashAlgorithm

func (HashAlgorithm) EnumDescriptor deprecated 

func (HashAlgorithm) EnumDescriptor() ([]byte, []int)

Deprecated: Use HashAlgorithm.Descriptor instead.

func (HashAlgorithm) Number 

func (x HashAlgorithm) Number() protoreflect.EnumNumber

func (HashAlgorithm) String 

func (x HashAlgorithm) String() string

func (HashAlgorithm) Type 

func (HashAlgorithm) Type() protoreflect.EnumType

type KeyManagerClient 

type KeyManagerClient interface {
	// Generates a new private key with the given ID. If a key already exists
	// under that ID, it is overwritten and given a different fingerprint. See
	// the PublicKey message for more details on the role of the fingerprint.
	GenerateKey(ctx context.Context, in *GenerateKeyRequest, opts ...grpc.CallOption) (*GenerateKeyResponse, error)
	// Gets the public key information for the private key managed by the
	// plugin with the given ID. If a key with the given ID does not exist,
	// NOT_FOUND is returned.
	GetPublicKey(ctx context.Context, in *GetPublicKeyRequest, opts ...grpc.CallOption) (*GetPublicKeyResponse, error)
	// Gets all public key information for the private keys managed by the
	// plugin.
	GetPublicKeys(ctx context.Context, in *GetPublicKeysRequest, opts ...grpc.CallOption) (*GetPublicKeysResponse, error)
	// Signs data with the private key identified by the given ID. If a key
	// with the given ID does not exist, NOT_FOUND is returned. The response
	// contains the signed data and the fingerprint of the key used to sign the
	// data. See the PublicKey message for more details on the role of the
	// fingerprint.
	SignData(ctx context.Context, in *SignDataRequest, opts ...grpc.CallOption) (*SignDataResponse, error)
}

KeyManagerClient is the client API for KeyManager service.

For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream.

func NewKeyManagerClient 

func NewKeyManagerClient(cc grpc.ClientConnInterface) KeyManagerClient

type KeyManagerPluginClient 

type KeyManagerPluginClient struct {
	KeyManagerClient
}

func (*KeyManagerPluginClient) GRPCServiceName 

func (c *KeyManagerPluginClient) GRPCServiceName() string

func (*KeyManagerPluginClient) InitClient 

func (c *KeyManagerPluginClient) InitClient(conn grpc.ClientConnInterface) interface{}

func (*KeyManagerPluginClient) IsInitialized 

func (c *KeyManagerPluginClient) IsInitialized() bool

func (KeyManagerPluginClient) Type 

func (s KeyManagerPluginClient) Type() string

type KeyManagerServer 

type KeyManagerServer interface {
	// Generates a new private key with the given ID. If a key already exists
	// under that ID, it is overwritten and given a different fingerprint. See
	// the PublicKey message for more details on the role of the fingerprint.
	GenerateKey(context.Context, *GenerateKeyRequest) (*GenerateKeyResponse, error)
	// Gets the public key information for the private key managed by the
	// plugin with the given ID. If a key with the given ID does not exist,
	// NOT_FOUND is returned.
	GetPublicKey(context.Context, *GetPublicKeyRequest) (*GetPublicKeyResponse, error)
	// Gets all public key information for the private keys managed by the
	// plugin.
	GetPublicKeys(context.Context, *GetPublicKeysRequest) (*GetPublicKeysResponse, error)
	// Signs data with the private key identified by the given ID. If a key
	// with the given ID does not exist, NOT_FOUND is returned. The response
	// contains the signed data and the fingerprint of the key used to sign the
	// data. See the PublicKey message for more details on the role of the
	// fingerprint.
	SignData(context.Context, *SignDataRequest) (*SignDataResponse, error)
	// contains filtered or unexported methods
}

KeyManagerServer is the server API for KeyManager service. All implementations must embed UnimplementedKeyManagerServer for forward compatibility

type KeyType 

type KeyType int32
const (
	KeyType_UNSPECIFIED_KEY_TYPE KeyType = 0
	KeyType_EC_P256              KeyType = 1
	KeyType_EC_P384              KeyType = 2
	KeyType_RSA_2048             KeyType = 3
	KeyType_RSA_4096             KeyType = 4
)

func (KeyType) Descriptor 

func (KeyType) Descriptor() protoreflect.EnumDescriptor

func (KeyType) Enum 

func (x KeyType) Enum() *KeyType

func (KeyType) EnumDescriptor deprecated 

func (KeyType) EnumDescriptor() ([]byte, []int)

Deprecated: Use KeyType.Descriptor instead.

func (KeyType) Number 

func (x KeyType) Number() protoreflect.EnumNumber

func (KeyType) String 

func (x KeyType) String() string

func (KeyType) Type 

func (KeyType) Type() protoreflect.EnumType

type PublicKey 

type PublicKey struct {

	// Required. The ID of the key, as provided when the key was created.
	Id string `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
	// Required. The type of the key.
	Type KeyType `protobuf:"varint,2,opt,name=type,proto3,enum=spire.plugin.server.keymanager.v1.KeyType" json:"type,omitempty"`
	// Required. The public key data (PKIX encoded).
	PkixData []byte `protobuf:"bytes,3,opt,name=pkix_data,json=pkixData,proto3" json:"pkix_data,omitempty"`
	// Required. Fingerprint of the public key. The (id,fingerprint) tuple
	// uniquely identifies an "instance" of the key. When a key is overwritten
	// the fingerprint changes, indicating a different "instance" of that key
	// under the given ID.
	//
	// Proper key rotation requires that SPIRE not overwrite a key while it is
	// actively being used to sign data so that if the rotation operation
	// fails, SPIRE still has a valid key to use. SPIRE compares the
	// fingerprint returned from signing operations with the fingerprint it
	// expected for the key as a way to detect when it has mismanaged keys.
	// This is a mitigating measure and not expected to fail under normal
	// circumstances.
	//
	// There is no requirement that plugins persist the fingerprint. It can be
	// newly generated as long as it remains consistent for a given "instance"
	// of the key during runtime.
	//
	// The fingerprinting algorithm is also left to plugin implementations. A
	// native implementation is a non-cryptographic hash over the PKIX data.
	Fingerprint string `protobuf:"bytes,4,opt,name=fingerprint,proto3" json:"fingerprint,omitempty"`
	// contains filtered or unexported fields
}

func (*PublicKey) Descriptor deprecated 

func (*PublicKey) Descriptor() ([]byte, []int)

Deprecated: Use PublicKey.ProtoReflect.Descriptor instead.

func (*PublicKey) GetFingerprint 

func (x *PublicKey) GetFingerprint() string

func (*PublicKey) GetId 

func (x *PublicKey) GetId() string

func (*PublicKey) GetPkixData 

func (x *PublicKey) GetPkixData() []byte

func (*PublicKey) GetType 

func (x *PublicKey) GetType() KeyType

func (*PublicKey) ProtoMessage 

func (*PublicKey) ProtoMessage()

func (*PublicKey) ProtoReflect 

func (x *PublicKey) ProtoReflect() protoreflect.Message

func (*PublicKey) Reset 

func (x *PublicKey) Reset()

func (*PublicKey) String 

func (x *PublicKey) String() string

type SignDataRequest 

type SignDataRequest struct {

	// Required. The ID of the key to use to sign the data.
	KeyId string `protobuf:"bytes,1,opt,name=key_id,json=keyId,proto3" json:"key_id,omitempty"`
	// Required. The data to sign.
	Data []byte `protobuf:"bytes,2,opt,name=data,proto3" json:"data,omitempty"`
	// Required. The signature options. The PSS options are only valid
	// for RSA keys.
	//
	// Types that are assignable to SignerOpts:
	//	*SignDataRequest_HashAlgorithm
	//	*SignDataRequest_PssOptions
	SignerOpts isSignDataRequest_SignerOpts `protobuf_oneof:"signer_opts"`
	// contains filtered or unexported fields
}

func (*SignDataRequest) Descriptor deprecated 

func (*SignDataRequest) Descriptor() ([]byte, []int)

Deprecated: Use SignDataRequest.ProtoReflect.Descriptor instead.

func (*SignDataRequest) GetData 

func (x *SignDataRequest) GetData() []byte

func (*SignDataRequest) GetHashAlgorithm 

func (x *SignDataRequest) GetHashAlgorithm() HashAlgorithm

func (*SignDataRequest) GetKeyId 

func (x *SignDataRequest) GetKeyId() string

func (*SignDataRequest) GetPssOptions 

func (x *SignDataRequest) GetPssOptions() *SignDataRequest_PSSOptions

func (*SignDataRequest) GetSignerOpts 

func (m *SignDataRequest) GetSignerOpts() isSignDataRequest_SignerOpts

func (*SignDataRequest) ProtoMessage 

func (*SignDataRequest) ProtoMessage()

func (*SignDataRequest) ProtoReflect 

func (x *SignDataRequest) ProtoReflect() protoreflect.Message

func (*SignDataRequest) Reset 

func (x *SignDataRequest) Reset()

func (*SignDataRequest) String 

func (x *SignDataRequest) String() string

type SignDataRequest_HashAlgorithm 

type SignDataRequest_HashAlgorithm struct {
	HashAlgorithm HashAlgorithm `` /* 128-byte string literal not displayed */
}

type SignDataRequest_PSSOptions 

type SignDataRequest_PSSOptions struct {

	// Required. The salt length.
	SaltLength int32 `protobuf:"varint,1,opt,name=salt_length,json=saltLength,proto3" json:"salt_length,omitempty"`
	// Required. The hash algorithm.
	HashAlgorithm HashAlgorithm `` /* 154-byte string literal not displayed */
	// contains filtered or unexported fields
}

func (*SignDataRequest_PSSOptions) Descriptor deprecated 

func (*SignDataRequest_PSSOptions) Descriptor() ([]byte, []int)

Deprecated: Use SignDataRequest_PSSOptions.ProtoReflect.Descriptor instead.

func (*SignDataRequest_PSSOptions) GetHashAlgorithm 

func (x *SignDataRequest_PSSOptions) GetHashAlgorithm() HashAlgorithm

func (*SignDataRequest_PSSOptions) GetSaltLength 

func (x *SignDataRequest_PSSOptions) GetSaltLength() int32

func (*SignDataRequest_PSSOptions) ProtoMessage 

func (*SignDataRequest_PSSOptions) ProtoMessage()

func (*SignDataRequest_PSSOptions) ProtoReflect 

func (x *SignDataRequest_PSSOptions) ProtoReflect() protoreflect.Message

func (*SignDataRequest_PSSOptions) Reset 

func (x *SignDataRequest_PSSOptions) Reset()

func (*SignDataRequest_PSSOptions) String 

func (x *SignDataRequest_PSSOptions) String() string

type SignDataRequest_PssOptions 

type SignDataRequest_PssOptions struct {
	PssOptions *SignDataRequest_PSSOptions `protobuf:"bytes,4,opt,name=pss_options,json=pssOptions,proto3,oneof"`
}

type SignDataResponse 

type SignDataResponse struct {

	// Required. The signature of the data.
	Signature []byte `protobuf:"bytes,1,opt,name=signature,proto3" json:"signature,omitempty"`
	// Required. The fingerprint of the key used to sign the data.
	KeyFingerprint string `protobuf:"bytes,2,opt,name=key_fingerprint,json=keyFingerprint,proto3" json:"key_fingerprint,omitempty"`
	// contains filtered or unexported fields
}

func (*SignDataResponse) Descriptor deprecated 

func (*SignDataResponse) Descriptor() ([]byte, []int)

Deprecated: Use SignDataResponse.ProtoReflect.Descriptor instead.

func (*SignDataResponse) GetKeyFingerprint 

func (x *SignDataResponse) GetKeyFingerprint() string

func (*SignDataResponse) GetSignature 

func (x *SignDataResponse) GetSignature() []byte

func (*SignDataResponse) ProtoMessage 

func (*SignDataResponse) ProtoMessage()

func (*SignDataResponse) ProtoReflect 

func (x *SignDataResponse) ProtoReflect() protoreflect.Message

func (*SignDataResponse) Reset 

func (x *SignDataResponse) Reset()

func (*SignDataResponse) String 

func (x *SignDataResponse) String() string

type UnimplementedKeyManagerServer 

type UnimplementedKeyManagerServer struct {
}

UnimplementedKeyManagerServer must be embedded to have forward compatible implementations.

func (UnimplementedKeyManagerServer) GenerateKey 

func (UnimplementedKeyManagerServer) GenerateKey(context.Context, *GenerateKeyRequest) (*GenerateKeyResponse, error)

func (UnimplementedKeyManagerServer) GetPublicKey 

func (UnimplementedKeyManagerServer) GetPublicKey(context.Context, *GetPublicKeyRequest) (*GetPublicKeyResponse, error)

func (UnimplementedKeyManagerServer) GetPublicKeys 

func (UnimplementedKeyManagerServer) GetPublicKeys(context.Context, *GetPublicKeysRequest) (*GetPublicKeysResponse, error)

func (UnimplementedKeyManagerServer) SignData 

func (UnimplementedKeyManagerServer) SignData(context.Context, *SignDataRequest) (*SignDataResponse, error)

type UnsafeKeyManagerServer 

type UnsafeKeyManagerServer interface {
	// contains filtered or unexported methods
}

UnsafeKeyManagerServer may be embedded to opt out of forward compatibility for this service. Use of this interface is not recommended, as added methods to KeyManagerServer will result in compilation errors.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.