keydbstore

package
v0.7.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jan 14, 2021 License: Apache-2.0 Imports: 17 Imported by: 17

Documentation

Index

Constants

View Source
const (
	EncryptionAlg = jose.A256GCM
	KeywrapAlg    = jose.PBES2_HS256_A128KW
)

Constants

Variables

View Source
var PrivateKeysRethinkTable = rethinkdb.Table{
	Name:             RDBPrivateKey{}.TableName(),
	PrimaryKey:       "key_id",
	JSONUnmarshaller: rdbPrivateKeyFromJSON,
}

PrivateKeysRethinkTable is the table definition for notary signer's key information

Functions

func NewCachedKeyService added in v0.4.0

func NewCachedKeyService(baseKeyService signed.CryptoService) signed.CryptoService

NewCachedKeyService returns a new signed.CryptoService that includes caching

Types

type GormPrivateKey

type GormPrivateKey struct {
	gorm.Model
	KeyID           string    `sql:"type:varchar(255);not null;unique;index:key_id_idx"`
	EncryptionAlg   string    `sql:"type:varchar(255);not null"`
	KeywrapAlg      string    `sql:"type:varchar(255);not null"`
	Algorithm       string    `sql:"type:varchar(50);not null"`
	PassphraseAlias string    `sql:"type:varchar(50);not null"`
	Gun             string    `sql:"type:varchar(255);not null"`
	Role            string    `sql:"type:varchar(255);not null"`
	Public          string    `sql:"type:blob;not null"`
	Private         string    `sql:"type:blob;not null"`
	LastUsed        time.Time `sql:"type:datetime;null;default:null"`
}

GormPrivateKey represents a PrivateKey in the database

func (GormPrivateKey) TableName

func (g GormPrivateKey) TableName() string

TableName sets a specific table name for our GormPrivateKey

type RDBPrivateKey added in v0.3.0

type RDBPrivateKey struct {
	rethinkdb.Timing
	KeyID           string        `gorethink:"key_id"`
	EncryptionAlg   string        `gorethink:"encryption_alg"`
	KeywrapAlg      string        `gorethink:"keywrap_alg"`
	Algorithm       string        `gorethink:"algorithm"`
	PassphraseAlias string        `gorethink:"passphrase_alias"`
	Gun             data.GUN      `gorethink:"gun"`
	Role            data.RoleName `gorethink:"role"`

	// gorethink specifically supports binary types, and says to pass it in as
	// a byteslice.  Currently our encryption method for the private key bytes
	// produces a base64-encoded string, but for future compatibility in case
	// we change how we encrypt, use a byteslace for the encrypted private key
	// too
	Public  []byte `gorethink:"public"`
	Private []byte `gorethink:"private"`

	// whether this key is active or not
	LastUsed time.Time `gorethink:"last_used"`
}

RDBPrivateKey represents a PrivateKey in the rethink database

func (RDBPrivateKey) TableName added in v0.3.0

func (g RDBPrivateKey) TableName() string

TableName sets a specific table name for our RDBPrivateKey

type RethinkDBKeyStore added in v0.3.0

type RethinkDBKeyStore struct {
	// contains filtered or unexported fields
}

RethinkDBKeyStore persists and manages private keys on a RethinkDB database

func NewRethinkDBKeyStore added in v0.3.0

func NewRethinkDBKeyStore(dbName, username, password string, passphraseRetriever notary.PassRetriever, defaultPassAlias string, rethinkSession *gorethink.Session) *RethinkDBKeyStore

NewRethinkDBKeyStore returns a new RethinkDBKeyStore backed by a RethinkDB database

func (*RethinkDBKeyStore) AddKey added in v0.3.0

func (rdb *RethinkDBKeyStore) AddKey(role data.RoleName, gun data.GUN, privKey data.PrivateKey) error

AddKey stores the contents of a private key. Both role and gun are ignored, we always use Key IDs as name, and don't support aliases

func (RethinkDBKeyStore) Bootstrap added in v0.3.0

func (rdb RethinkDBKeyStore) Bootstrap() error

Bootstrap sets up the database and tables, also creating the notary signer user with appropriate db permission

func (RethinkDBKeyStore) CheckHealth added in v0.3.0

func (rdb RethinkDBKeyStore) CheckHealth() error

CheckHealth verifies that DB exists and is query-able

func (RethinkDBKeyStore) Create added in v0.4.0

func (rdb RethinkDBKeyStore) Create(role data.RoleName, gun data.GUN, algorithm string) (data.PublicKey, error)

Create will attempt to first re-use an inactive key for the same role, gun, and algorithm. If one isn't found, it will create a private key and add it to the DB as an inactive key

func (*RethinkDBKeyStore) GetKey added in v0.3.0

func (rdb *RethinkDBKeyStore) GetKey(keyID string) data.PublicKey

GetKey returns the PublicKey given a KeyID, and does not activate the key

func (*RethinkDBKeyStore) GetPrivateKey added in v0.4.0

func (rdb *RethinkDBKeyStore) GetPrivateKey(keyID string) (data.PrivateKey, data.RoleName, error)

GetPrivateKey returns the PrivateKey given a KeyID

func (RethinkDBKeyStore) ListAllKeys added in v0.4.0

func (rdb RethinkDBKeyStore) ListAllKeys() map[string]data.RoleName

ListAllKeys always returns nil. This method is here to satisfy the CryptoService interface

func (RethinkDBKeyStore) ListKeys added in v0.3.0

func (rdb RethinkDBKeyStore) ListKeys(role data.RoleName) []string

ListKeys always returns nil. This method is here to satisfy the CryptoService interface

func (*RethinkDBKeyStore) Name added in v0.3.0

func (rdb *RethinkDBKeyStore) Name() string

Name returns a user friendly name for the storage location

func (RethinkDBKeyStore) RemoveKey added in v0.3.0

func (rdb RethinkDBKeyStore) RemoveKey(keyID string) error

RemoveKey removes the key from the table

func (RethinkDBKeyStore) RotateKeyPassphrase added in v0.3.0

func (rdb RethinkDBKeyStore) RotateKeyPassphrase(keyID, newPassphraseAlias string) error

RotateKeyPassphrase rotates the key-encryption-key

type SQLKeyDBStore added in v0.4.0

type SQLKeyDBStore struct {
	// contains filtered or unexported fields
}

SQLKeyDBStore persists and manages private keys on a SQL database

func NewSQLKeyDBStore added in v0.4.0

func NewSQLKeyDBStore(passphraseRetriever notary.PassRetriever, defaultPassAlias string,
	dbDialect string, dbArgs ...interface{}) (*SQLKeyDBStore, error)

NewSQLKeyDBStore returns a new SQLKeyDBStore backed by a SQL database

func (*SQLKeyDBStore) AddKey added in v0.4.0

func (s *SQLKeyDBStore) AddKey(role data.RoleName, gun data.GUN, privKey data.PrivateKey) error

AddKey stores the contents of a private key. Both role and gun are ignored, we always use Key IDs as name, and don't support aliases

func (*SQLKeyDBStore) Create added in v0.4.0

func (s *SQLKeyDBStore) Create(role data.RoleName, gun data.GUN, algorithm string) (data.PublicKey, error)

Create will attempt to first re-use an inactive key for the same role, gun, and algorithm. If one isn't found, it will create a private key and add it to the DB as an inactive key

func (*SQLKeyDBStore) GetKey added in v0.4.0

func (s *SQLKeyDBStore) GetKey(keyID string) data.PublicKey

GetKey performs the same get as GetPrivateKey, but does not mark the as active and only returns the public bytes

func (*SQLKeyDBStore) GetPrivateKey added in v0.4.0

func (s *SQLKeyDBStore) GetPrivateKey(keyID string) (data.PrivateKey, data.RoleName, error)

GetPrivateKey returns the PrivateKey given a KeyID

func (*SQLKeyDBStore) HealthCheck added in v0.4.0

func (s *SQLKeyDBStore) HealthCheck() error

HealthCheck verifies that DB exists and is query-able

func (*SQLKeyDBStore) ListAllKeys added in v0.4.0

func (s *SQLKeyDBStore) ListAllKeys() map[string]data.RoleName

ListAllKeys always returns nil. This method is here to satisfy the CryptoService interface

func (*SQLKeyDBStore) ListKeys added in v0.4.0

func (s *SQLKeyDBStore) ListKeys(role data.RoleName) []string

ListKeys always returns nil. This method is here to satisfy the CryptoService interface

func (*SQLKeyDBStore) Name added in v0.4.0

func (s *SQLKeyDBStore) Name() string

Name returns a user friendly name for the storage location

func (*SQLKeyDBStore) RemoveKey added in v0.4.0

func (s *SQLKeyDBStore) RemoveKey(keyID string) error

RemoveKey removes the key from the keyfilestore

func (*SQLKeyDBStore) RotateKeyPassphrase added in v0.4.0

func (s *SQLKeyDBStore) RotateKeyPassphrase(keyID, newPassphraseAlias string) error

RotateKeyPassphrase rotates the key-encryption-key

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL