Documentation
¶
Index ¶
- Constants
- Variables
- func MarshalPKIXPublicKeyToPEM(key interface{}) ([]byte, error)
- func NewEndpoint(r Registry) endpoint.Endpoint
- type Descriptor
- type Handler
- type HandlerJWK
- type KeyIn
- type KeyNotFoundError
- type KeyOut
- type Pair
- func GenerateECDSAPair(kid string, random io.Reader, bits int) (Pair, error)
- func GenerateRSAPair(kid string, random io.Reader, bits int) (Pair, error)
- func GenerateSecretPair(kid string, random io.Reader, bits int) (Pair, error)
- func NewPair(kid string, key interface{}) (Pair, error)
- func ReadPair(kid string, file string) (Pair, error)
- func ReadPairBytes(kid string, data []byte) (Pair, error)
- type Registry
Constants ¶
View Source
const ( ContentTypePEM = "application/x-pem-file" ContentTypeJWK = "application/json" )
View Source
const ( DefaultRSABits = 512 DefaultSecretBits = 512 )
View Source
const ( KeyTypeRSA = "rsa" KeyTypeECDSA = "ecdsa" KeyTypeSecret = "secret" )
Variables ¶
View Source
var ( ErrUnrecognizedKeyData = errors.New("Unable to read key data") DefaultCurve = elliptic.P384() )
View Source
var (
ErrNoKidVariable = errors.New("No kid variable in URI definition")
)
Functions ¶
func MarshalPKIXPublicKeyToPEM ¶
MarshalPKIXPublicKeyToPEM handles marshaling a public key in PKIX format which is then encoded as a PEM block
func NewEndpoint ¶
Types ¶
type Descriptor ¶
type Descriptor struct {
// Kid is the key id to use initially. If unset, the name of the key is used. Note that the kid can
// change is the key is rotated or updated during application execution.
Kid string
// Type indicates the type of key. This field dictates both how the key File is read or how the key
// is generated. The default is "rsa".
Type string
// Bits indicates the bit size for a generated key
Bits int
// File is the system path to a file where the key is stored. If set, this file must exist and contain
// either a secret or a PEM-encoded key pair. If this field is not set, a key is generated.
File string
}
Descriptor holds the configurable options for a key Pair
type HandlerJWK ¶ added in v0.4.4
type KeyIn ¶
type KeyIn struct {
fx.In
// Random is the optional source of randomness. If not present in the container,
// crypto/rand.Reader is used.
Random io.Reader `optional:"true"`
}
KeyIn is the set of dependencies for this package's components
type KeyNotFoundError ¶
type KeyNotFoundError struct {
Kid string
}
func (KeyNotFoundError) Error ¶
func (knfe KeyNotFoundError) Error() string
func (KeyNotFoundError) StatusCode ¶
func (knfe KeyNotFoundError) StatusCode() int
type KeyOut ¶
type KeyOut struct {
fx.Out
// Registry is the fully configured token Registry
Registry Registry
// Handler is the http.Handler which can serve key requests to the Registry
Handler Handler
HandlerJWK HandlerJWK
}
KeyOut is the set of components emitted by this package
type Pair ¶
type Pair interface {
// KID is the key identifier for this Pair
KID() string
// Sign returns the signing key for generating signed JWT tokens.
Sign() interface{}
// WriteVerifyPEMto writes the PEM-encoded verify key to an arbitrary output sink.
WriteVerifyPEMTo(io.Writer) (int64, error)
WriteJWK(io.Writer) (int64, error)
}
func GenerateECDSAPair ¶
func GenerateSecretPair ¶
type Registry ¶
type Registry interface {
// Get returns the Pair associated with a given key identifier
Get(kid string) (Pair, bool)
// Register creates a new Pair from a Descriptor and stores it in this registry
Register(Descriptor) (Pair, error)
}
Registry holds zero or more key Pairs
func NewRegistry ¶
NewRegistry creates a new key Registry backed by a given source of randomness for generation. If random is nil, crypto/rand.Reader is used.
Source Files
Click to show internal directories.
Click to hide internal directories.