keymanagerv1

package
v1.8.4 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Aug 16, 2023 License: Apache-2.0 Imports: 9 Imported by: 10

Documentation

Index

Constants

This section is empty.

Variables

View Source
var (
	KeyType_name = map[int32]string{
		0: "UNSPECIFIED_KEY_TYPE",
		1: "EC_P256",
		2: "EC_P384",
		3: "RSA_2048",
		4: "RSA_4096",
	}
	KeyType_value = map[string]int32{
		"UNSPECIFIED_KEY_TYPE": 0,
		"EC_P256":              1,
		"EC_P384":              2,
		"RSA_2048":             3,
		"RSA_4096":             4,
	}
)

Enum value maps for KeyType.

View Source
var (
	HashAlgorithm_name = map[int32]string{
		0:  "UNSPECIFIED_HASH_ALGORITHM",
		4:  "SHA224",
		5:  "SHA256",
		6:  "SHA384",
		7:  "SHA512",
		10: "SHA3_224",
		11: "SHA3_256",
		12: "SHA3_384",
		13: "SHA3_512",
		14: "SHA512_224",
		15: "SHA512_256",
	}
	HashAlgorithm_value = map[string]int32{
		"UNSPECIFIED_HASH_ALGORITHM": 0,
		"SHA224":                     4,
		"SHA256":                     5,
		"SHA384":                     6,
		"SHA512":                     7,
		"SHA3_224":                   10,
		"SHA3_256":                   11,
		"SHA3_384":                   12,
		"SHA3_512":                   13,
		"SHA512_224":                 14,
		"SHA512_256":                 15,
	}
)

Enum value maps for HashAlgorithm.

View Source
var File_spire_plugin_server_keymanager_v1_keymanager_proto protoreflect.FileDescriptor
View Source
var KeyManager_ServiceDesc = grpc.ServiceDesc{
	ServiceName: "spire.plugin.server.keymanager.v1.KeyManager",
	HandlerType: (*KeyManagerServer)(nil),
	Methods: []grpc.MethodDesc{
		{
			MethodName: "GenerateKey",
			Handler:    _KeyManager_GenerateKey_Handler,
		},
		{
			MethodName: "GetPublicKey",
			Handler:    _KeyManager_GetPublicKey_Handler,
		},
		{
			MethodName: "GetPublicKeys",
			Handler:    _KeyManager_GetPublicKeys_Handler,
		},
		{
			MethodName: "SignData",
			Handler:    _KeyManager_SignData_Handler,
		},
	},
	Streams:  []grpc.StreamDesc{},
	Metadata: "spire/plugin/server/keymanager/v1/keymanager.proto",
}

KeyManager_ServiceDesc is the grpc.ServiceDesc for KeyManager service. It's only intended for direct use with grpc.RegisterService, and not to be introspected or modified (even as a copy)

Functions

func KeyManagerPluginServer

func KeyManagerPluginServer(server KeyManagerServer) pluginsdk.PluginServer

func RegisterKeyManagerServer

func RegisterKeyManagerServer(s grpc.ServiceRegistrar, srv KeyManagerServer)

Types

type GenerateKeyRequest

type GenerateKeyRequest struct {

	// Required. The ID to give the generated key (or to identify the existing
	// key to overwrite (see GenerateKey).
	KeyId string `protobuf:"bytes,1,opt,name=key_id,json=keyId,proto3" json:"key_id,omitempty"`
	// Required. The type of the key to generate.
	KeyType KeyType `` /* 130-byte string literal not displayed */
	// contains filtered or unexported fields
}

func (*GenerateKeyRequest) Descriptor deprecated

func (*GenerateKeyRequest) Descriptor() ([]byte, []int)

Deprecated: Use GenerateKeyRequest.ProtoReflect.Descriptor instead.

func (*GenerateKeyRequest) GetKeyId

func (x *GenerateKeyRequest) GetKeyId() string

func (*GenerateKeyRequest) GetKeyType

func (x *GenerateKeyRequest) GetKeyType() KeyType

func (*GenerateKeyRequest) ProtoMessage

func (*GenerateKeyRequest) ProtoMessage()

func (*GenerateKeyRequest) ProtoReflect

func (x *GenerateKeyRequest) ProtoReflect() protoreflect.Message

func (*GenerateKeyRequest) Reset

func (x *GenerateKeyRequest) Reset()

func (*GenerateKeyRequest) String

func (x *GenerateKeyRequest) String() string

type GenerateKeyResponse

type GenerateKeyResponse struct {

	// Required. The generated key.
	PublicKey *PublicKey `protobuf:"bytes,1,opt,name=public_key,json=publicKey,proto3" json:"public_key,omitempty"`
	// contains filtered or unexported fields
}

func (*GenerateKeyResponse) Descriptor deprecated

func (*GenerateKeyResponse) Descriptor() ([]byte, []int)

Deprecated: Use GenerateKeyResponse.ProtoReflect.Descriptor instead.

func (*GenerateKeyResponse) GetPublicKey

func (x *GenerateKeyResponse) GetPublicKey() *PublicKey

func (*GenerateKeyResponse) ProtoMessage

func (*GenerateKeyResponse) ProtoMessage()

func (*GenerateKeyResponse) ProtoReflect

func (x *GenerateKeyResponse) ProtoReflect() protoreflect.Message

func (*GenerateKeyResponse) Reset

func (x *GenerateKeyResponse) Reset()

func (*GenerateKeyResponse) String

func (x *GenerateKeyResponse) String() string

type GetPublicKeyRequest

type GetPublicKeyRequest struct {

	// Required. The ID of the key to retrieve.
	KeyId string `protobuf:"bytes,1,opt,name=key_id,json=keyId,proto3" json:"key_id,omitempty"`
	// contains filtered or unexported fields
}

func (*GetPublicKeyRequest) Descriptor deprecated

func (*GetPublicKeyRequest) Descriptor() ([]byte, []int)

Deprecated: Use GetPublicKeyRequest.ProtoReflect.Descriptor instead.

func (*GetPublicKeyRequest) GetKeyId

func (x *GetPublicKeyRequest) GetKeyId() string

func (*GetPublicKeyRequest) ProtoMessage

func (*GetPublicKeyRequest) ProtoMessage()

func (*GetPublicKeyRequest) ProtoReflect

func (x *GetPublicKeyRequest) ProtoReflect() protoreflect.Message

func (*GetPublicKeyRequest) Reset

func (x *GetPublicKeyRequest) Reset()

func (*GetPublicKeyRequest) String

func (x *GetPublicKeyRequest) String() string

type GetPublicKeyResponse

type GetPublicKeyResponse struct {

	// Required. The public key to return.
	PublicKey *PublicKey `protobuf:"bytes,1,opt,name=public_key,json=publicKey,proto3" json:"public_key,omitempty"`
	// contains filtered or unexported fields
}

func (*GetPublicKeyResponse) Descriptor deprecated

func (*GetPublicKeyResponse) Descriptor() ([]byte, []int)

Deprecated: Use GetPublicKeyResponse.ProtoReflect.Descriptor instead.

func (*GetPublicKeyResponse) GetPublicKey

func (x *GetPublicKeyResponse) GetPublicKey() *PublicKey

func (*GetPublicKeyResponse) ProtoMessage

func (*GetPublicKeyResponse) ProtoMessage()

func (*GetPublicKeyResponse) ProtoReflect

func (x *GetPublicKeyResponse) ProtoReflect() protoreflect.Message

func (*GetPublicKeyResponse) Reset

func (x *GetPublicKeyResponse) Reset()

func (*GetPublicKeyResponse) String

func (x *GetPublicKeyResponse) String() string

type GetPublicKeysRequest

type GetPublicKeysRequest struct {
	// contains filtered or unexported fields
}

func (*GetPublicKeysRequest) Descriptor deprecated

func (*GetPublicKeysRequest) Descriptor() ([]byte, []int)

Deprecated: Use GetPublicKeysRequest.ProtoReflect.Descriptor instead.

func (*GetPublicKeysRequest) ProtoMessage

func (*GetPublicKeysRequest) ProtoMessage()

func (*GetPublicKeysRequest) ProtoReflect

func (x *GetPublicKeysRequest) ProtoReflect() protoreflect.Message

func (*GetPublicKeysRequest) Reset

func (x *GetPublicKeysRequest) Reset()

func (*GetPublicKeysRequest) String

func (x *GetPublicKeysRequest) String() string

type GetPublicKeysResponse

type GetPublicKeysResponse struct {

	// Required. The public keys managed by the KeyManager. May be empty.
	PublicKeys []*PublicKey `protobuf:"bytes,1,rep,name=public_keys,json=publicKeys,proto3" json:"public_keys,omitempty"`
	// contains filtered or unexported fields
}

func (*GetPublicKeysResponse) Descriptor deprecated

func (*GetPublicKeysResponse) Descriptor() ([]byte, []int)

Deprecated: Use GetPublicKeysResponse.ProtoReflect.Descriptor instead.

func (*GetPublicKeysResponse) GetPublicKeys

func (x *GetPublicKeysResponse) GetPublicKeys() []*PublicKey

func (*GetPublicKeysResponse) ProtoMessage

func (*GetPublicKeysResponse) ProtoMessage()

func (*GetPublicKeysResponse) ProtoReflect

func (x *GetPublicKeysResponse) ProtoReflect() protoreflect.Message

func (*GetPublicKeysResponse) Reset

func (x *GetPublicKeysResponse) Reset()

func (*GetPublicKeysResponse) String

func (x *GetPublicKeysResponse) String() string

type HashAlgorithm

type HashAlgorithm int32
const (
	HashAlgorithm_UNSPECIFIED_HASH_ALGORITHM HashAlgorithm = 0
	// These entries (and their values) line up with a subset of the go
	// crypto.Hash constants.
	HashAlgorithm_SHA224     HashAlgorithm = 4
	HashAlgorithm_SHA256     HashAlgorithm = 5
	HashAlgorithm_SHA384     HashAlgorithm = 6
	HashAlgorithm_SHA512     HashAlgorithm = 7
	HashAlgorithm_SHA3_224   HashAlgorithm = 10
	HashAlgorithm_SHA3_256   HashAlgorithm = 11
	HashAlgorithm_SHA3_384   HashAlgorithm = 12
	HashAlgorithm_SHA3_512   HashAlgorithm = 13
	HashAlgorithm_SHA512_224 HashAlgorithm = 14
	HashAlgorithm_SHA512_256 HashAlgorithm = 15
)

func (HashAlgorithm) Descriptor

func (HashAlgorithm) Enum

func (x HashAlgorithm) Enum() *HashAlgorithm

func (HashAlgorithm) EnumDescriptor deprecated

func (HashAlgorithm) EnumDescriptor() ([]byte, []int)

Deprecated: Use HashAlgorithm.Descriptor instead.

func (HashAlgorithm) Number

func (HashAlgorithm) String

func (x HashAlgorithm) String() string

func (HashAlgorithm) Type

type KeyManagerClient

type KeyManagerClient interface {
	// Generates a new private key with the given ID. If a key already exists
	// under that ID, it is overwritten and given a different fingerprint. See
	// the PublicKey message for more details on the role of the fingerprint.
	GenerateKey(ctx context.Context, in *GenerateKeyRequest, opts ...grpc.CallOption) (*GenerateKeyResponse, error)
	// Gets the public key information for the private key managed by the
	// plugin with the given ID. If a key with the given ID does not exist,
	// NOT_FOUND is returned.
	GetPublicKey(ctx context.Context, in *GetPublicKeyRequest, opts ...grpc.CallOption) (*GetPublicKeyResponse, error)
	// Gets all public key information for the private keys managed by the
	// plugin.
	GetPublicKeys(ctx context.Context, in *GetPublicKeysRequest, opts ...grpc.CallOption) (*GetPublicKeysResponse, error)
	// Signs data with the private key identified by the given ID. If a key
	// with the given ID does not exist, NOT_FOUND is returned. The response
	// contains the signed data and the fingerprint of the key used to sign the
	// data. See the PublicKey message for more details on the role of the
	// fingerprint.
	SignData(ctx context.Context, in *SignDataRequest, opts ...grpc.CallOption) (*SignDataResponse, error)
}

KeyManagerClient is the client API for KeyManager service.

For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream.

func NewKeyManagerClient

func NewKeyManagerClient(cc grpc.ClientConnInterface) KeyManagerClient

type KeyManagerPluginClient

type KeyManagerPluginClient struct {
	KeyManagerClient
}

func (*KeyManagerPluginClient) GRPCServiceName

func (c *KeyManagerPluginClient) GRPCServiceName() string

func (*KeyManagerPluginClient) InitClient

func (c *KeyManagerPluginClient) InitClient(conn grpc.ClientConnInterface) interface{}

func (*KeyManagerPluginClient) IsInitialized

func (c *KeyManagerPluginClient) IsInitialized() bool

func (KeyManagerPluginClient) Type

func (s KeyManagerPluginClient) Type() string

type KeyManagerServer

type KeyManagerServer interface {
	// Generates a new private key with the given ID. If a key already exists
	// under that ID, it is overwritten and given a different fingerprint. See
	// the PublicKey message for more details on the role of the fingerprint.
	GenerateKey(context.Context, *GenerateKeyRequest) (*GenerateKeyResponse, error)
	// Gets the public key information for the private key managed by the
	// plugin with the given ID. If a key with the given ID does not exist,
	// NOT_FOUND is returned.
	GetPublicKey(context.Context, *GetPublicKeyRequest) (*GetPublicKeyResponse, error)
	// Gets all public key information for the private keys managed by the
	// plugin.
	GetPublicKeys(context.Context, *GetPublicKeysRequest) (*GetPublicKeysResponse, error)
	// Signs data with the private key identified by the given ID. If a key
	// with the given ID does not exist, NOT_FOUND is returned. The response
	// contains the signed data and the fingerprint of the key used to sign the
	// data. See the PublicKey message for more details on the role of the
	// fingerprint.
	SignData(context.Context, *SignDataRequest) (*SignDataResponse, error)
	// contains filtered or unexported methods
}

KeyManagerServer is the server API for KeyManager service. All implementations must embed UnimplementedKeyManagerServer for forward compatibility

type KeyType

type KeyType int32
const (
	KeyType_UNSPECIFIED_KEY_TYPE KeyType = 0
	KeyType_EC_P256              KeyType = 1
	KeyType_EC_P384              KeyType = 2
	KeyType_RSA_2048             KeyType = 3
	KeyType_RSA_4096             KeyType = 4
)

func (KeyType) Descriptor

func (KeyType) Descriptor() protoreflect.EnumDescriptor

func (KeyType) Enum

func (x KeyType) Enum() *KeyType

func (KeyType) EnumDescriptor deprecated

func (KeyType) EnumDescriptor() ([]byte, []int)

Deprecated: Use KeyType.Descriptor instead.

func (KeyType) Number

func (x KeyType) Number() protoreflect.EnumNumber

func (KeyType) String

func (x KeyType) String() string

func (KeyType) Type

func (KeyType) Type() protoreflect.EnumType

type PublicKey

type PublicKey struct {

	// Required. The ID of the key, as provided when the key was created.
	Id string `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
	// Required. The type of the key.
	Type KeyType `protobuf:"varint,2,opt,name=type,proto3,enum=spire.plugin.server.keymanager.v1.KeyType" json:"type,omitempty"`
	// Required. The public key data (PKIX encoded).
	PkixData []byte `protobuf:"bytes,3,opt,name=pkix_data,json=pkixData,proto3" json:"pkix_data,omitempty"`
	// Required. Fingerprint of the public key. The (id,fingerprint) tuple
	// uniquely identifies an "instance" of the key. When a key is overwritten
	// the fingerprint changes, indicating a different "instance" of that key
	// under the given ID.
	//
	// Proper key rotation requires that SPIRE not overwrite a key while it is
	// actively being used to sign data so that if the rotation operation
	// fails, SPIRE still has a valid key to use. SPIRE compares the
	// fingerprint returned from signing operations with the fingerprint it
	// expected for the key as a way to detect when it has mismanaged keys.
	// This is a mitigating measure and not expected to fail under normal
	// circumstances.
	//
	// There is no requirement that plugins persist the fingerprint. It can be
	// newly generated as long as it remains consistent for a given "instance"
	// of the key during runtime.
	//
	// The fingerprinting algorithm is also left to plugin implementations. A
	// native implementation is a non-cryptographic hash over the PKIX data.
	Fingerprint string `protobuf:"bytes,4,opt,name=fingerprint,proto3" json:"fingerprint,omitempty"`
	// contains filtered or unexported fields
}

func (*PublicKey) Descriptor deprecated

func (*PublicKey) Descriptor() ([]byte, []int)

Deprecated: Use PublicKey.ProtoReflect.Descriptor instead.

func (*PublicKey) GetFingerprint

func (x *PublicKey) GetFingerprint() string

func (*PublicKey) GetId

func (x *PublicKey) GetId() string

func (*PublicKey) GetPkixData

func (x *PublicKey) GetPkixData() []byte

func (*PublicKey) GetType

func (x *PublicKey) GetType() KeyType

func (*PublicKey) ProtoMessage

func (*PublicKey) ProtoMessage()

func (*PublicKey) ProtoReflect

func (x *PublicKey) ProtoReflect() protoreflect.Message

func (*PublicKey) Reset

func (x *PublicKey) Reset()

func (*PublicKey) String

func (x *PublicKey) String() string

type SignDataRequest

type SignDataRequest struct {

	// Required. The ID of the key to use to sign the data.
	KeyId string `protobuf:"bytes,1,opt,name=key_id,json=keyId,proto3" json:"key_id,omitempty"`
	// Required. The data to sign.
	Data []byte `protobuf:"bytes,2,opt,name=data,proto3" json:"data,omitempty"`
	// Required. The signature options. The PSS options are only valid
	// for RSA keys.
	//
	// Types that are assignable to SignerOpts:
	//	*SignDataRequest_HashAlgorithm
	//	*SignDataRequest_PssOptions
	SignerOpts isSignDataRequest_SignerOpts `protobuf_oneof:"signer_opts"`
	// contains filtered or unexported fields
}

func (*SignDataRequest) Descriptor deprecated

func (*SignDataRequest) Descriptor() ([]byte, []int)

Deprecated: Use SignDataRequest.ProtoReflect.Descriptor instead.

func (*SignDataRequest) GetData

func (x *SignDataRequest) GetData() []byte

func (*SignDataRequest) GetHashAlgorithm

func (x *SignDataRequest) GetHashAlgorithm() HashAlgorithm

func (*SignDataRequest) GetKeyId

func (x *SignDataRequest) GetKeyId() string

func (*SignDataRequest) GetPssOptions

func (x *SignDataRequest) GetPssOptions() *SignDataRequest_PSSOptions

func (*SignDataRequest) GetSignerOpts

func (m *SignDataRequest) GetSignerOpts() isSignDataRequest_SignerOpts

func (*SignDataRequest) ProtoMessage

func (*SignDataRequest) ProtoMessage()

func (*SignDataRequest) ProtoReflect

func (x *SignDataRequest) ProtoReflect() protoreflect.Message

func (*SignDataRequest) Reset

func (x *SignDataRequest) Reset()

func (*SignDataRequest) String

func (x *SignDataRequest) String() string

type SignDataRequest_HashAlgorithm

type SignDataRequest_HashAlgorithm struct {
	HashAlgorithm HashAlgorithm `` /* 128-byte string literal not displayed */
}

type SignDataRequest_PSSOptions

type SignDataRequest_PSSOptions struct {

	// Required. The salt length.
	SaltLength int32 `protobuf:"varint,1,opt,name=salt_length,json=saltLength,proto3" json:"salt_length,omitempty"`
	// Required. The hash algorithm.
	HashAlgorithm HashAlgorithm `` /* 154-byte string literal not displayed */
	// contains filtered or unexported fields
}

func (*SignDataRequest_PSSOptions) Descriptor deprecated

func (*SignDataRequest_PSSOptions) Descriptor() ([]byte, []int)

Deprecated: Use SignDataRequest_PSSOptions.ProtoReflect.Descriptor instead.

func (*SignDataRequest_PSSOptions) GetHashAlgorithm

func (x *SignDataRequest_PSSOptions) GetHashAlgorithm() HashAlgorithm

func (*SignDataRequest_PSSOptions) GetSaltLength

func (x *SignDataRequest_PSSOptions) GetSaltLength() int32

func (*SignDataRequest_PSSOptions) ProtoMessage

func (*SignDataRequest_PSSOptions) ProtoMessage()

func (*SignDataRequest_PSSOptions) ProtoReflect

func (*SignDataRequest_PSSOptions) Reset

func (x *SignDataRequest_PSSOptions) Reset()

func (*SignDataRequest_PSSOptions) String

func (x *SignDataRequest_PSSOptions) String() string

type SignDataRequest_PssOptions

type SignDataRequest_PssOptions struct {
	PssOptions *SignDataRequest_PSSOptions `protobuf:"bytes,4,opt,name=pss_options,json=pssOptions,proto3,oneof"`
}

type SignDataResponse

type SignDataResponse struct {

	// Required. The signature of the data.
	Signature []byte `protobuf:"bytes,1,opt,name=signature,proto3" json:"signature,omitempty"`
	// Required. The fingerprint of the key used to sign the data.
	KeyFingerprint string `protobuf:"bytes,2,opt,name=key_fingerprint,json=keyFingerprint,proto3" json:"key_fingerprint,omitempty"`
	// contains filtered or unexported fields
}

func (*SignDataResponse) Descriptor deprecated

func (*SignDataResponse) Descriptor() ([]byte, []int)

Deprecated: Use SignDataResponse.ProtoReflect.Descriptor instead.

func (*SignDataResponse) GetKeyFingerprint

func (x *SignDataResponse) GetKeyFingerprint() string

func (*SignDataResponse) GetSignature

func (x *SignDataResponse) GetSignature() []byte

func (*SignDataResponse) ProtoMessage

func (*SignDataResponse) ProtoMessage()

func (*SignDataResponse) ProtoReflect

func (x *SignDataResponse) ProtoReflect() protoreflect.Message

func (*SignDataResponse) Reset

func (x *SignDataResponse) Reset()

func (*SignDataResponse) String

func (x *SignDataResponse) String() string

type UnimplementedKeyManagerServer

type UnimplementedKeyManagerServer struct {
}

UnimplementedKeyManagerServer must be embedded to have forward compatible implementations.

func (UnimplementedKeyManagerServer) GenerateKey

func (UnimplementedKeyManagerServer) GetPublicKey

func (UnimplementedKeyManagerServer) GetPublicKeys

func (UnimplementedKeyManagerServer) SignData

type UnsafeKeyManagerServer

type UnsafeKeyManagerServer interface {
	// contains filtered or unexported methods
}

UnsafeKeyManagerServer may be embedded to opt out of forward compatibility for this service. Use of this interface is not recommended, as added methods to KeyManagerServer will result in compilation errors.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL