Documentation ¶
Overview ¶
SPDX-FileCopyrightText: 2017 Comcast Cable Communications Management, LLC SPDX-License-Identifier: Apache-2.0
SPDX-FileCopyrightText: 2017 Comcast Cable Communications Management, LLC SPDX-License-Identifier: Apache-2.0
SPDX-FileCopyrightText: 2017 Comcast Cable Communications Management, LLC SPDX-License-Identifier: Apache-2.0
SPDX-FileCopyrightText: 2017 Comcast Cable Communications Management, LLC SPDX-License-Identifier: Apache-2.0
SPDX-FileCopyrightText: 2017 Comcast Cable Communications Management, LLC SPDX-License-Identifier: Apache-2.0
Index ¶
- Constants
- Variables
- func MarshalPKIXPublicKeyToPEM(key interface{}) ([]byte, error)
- func NewEndpoint(r Registry) endpoint.Endpoint
- type Descriptor
- type Handler
- type HandlerJWK
- type KeyIn
- type KeyNotFoundError
- type KeyOut
- type Pair
- func GenerateECDSAPair(kid string, random io.Reader, bits int) (Pair, error)
- func GenerateRSAPair(kid string, random io.Reader, bits int) (Pair, error)
- func GenerateSecretPair(kid string, random io.Reader, bits int) (Pair, error)
- func NewPair(kid string, key interface{}) (Pair, error)
- func ReadPair(kid string, file string) (Pair, error)
- func ReadPairBytes(kid string, data []byte) (Pair, error)
- type Registry
Constants ¶
const ( ContentTypePEM = "application/x-pem-file" ContentTypeJWK = "application/json" )
const ( DefaultRSABits = 512 DefaultSecretBits = 512 )
const ( KeyTypeRSA = "rsa" KeyTypeECDSA = "ecdsa" KeyTypeSecret = "secret" )
Variables ¶
var ( ErrUnrecognizedKeyData = errors.New("Unable to read key data") DefaultCurve = elliptic.P384() )
var (
ErrNoKidVariable = errors.New("No kid variable in URI definition")
)
Functions ¶
func MarshalPKIXPublicKeyToPEM ¶
MarshalPKIXPublicKeyToPEM handles marshaling a public key in PKIX format which is then encoded as a PEM block
func NewEndpoint ¶
Types ¶
type Descriptor ¶
type Descriptor struct { // Kid is the key id to use initially. If unset, the name of the key is used. Note that the kid can // change is the key is rotated or updated during application execution. Kid string // Type indicates the type of key. This field dictates both how the key File is read or how the key // is generated. The default is "rsa". Type string // Bits indicates the bit size for a generated key Bits int // File is the system path to a file where the key is stored. If set, this file must exist and contain // either a secret or a PEM-encoded key pair. If this field is not set, a key is generated. File string }
Descriptor holds the configurable options for a key Pair
type HandlerJWK ¶ added in v0.4.4
type KeyIn ¶
type KeyIn struct { fx.In // Random is the optional source of randomness. If not present in the container, // crypto/rand.Reader is used. Random io.Reader `optional:"true"` }
KeyIn is the set of dependencies for this package's components
type KeyNotFoundError ¶
type KeyNotFoundError struct {
Kid string
}
func (KeyNotFoundError) Error ¶
func (knfe KeyNotFoundError) Error() string
func (KeyNotFoundError) StatusCode ¶
func (knfe KeyNotFoundError) StatusCode() int
type KeyOut ¶
type KeyOut struct { fx.Out // Registry is the fully configured token Registry Registry Registry // Handler is the http.Handler which can serve key requests to the Registry Handler Handler HandlerJWK HandlerJWK }
KeyOut is the set of components emitted by this package
type Pair ¶
type Pair interface { // KID is the key identifier for this Pair KID() string // Sign returns the signing key for generating signed JWT tokens. Sign() interface{} // WriteVerifyPEMto writes the PEM-encoded verify key to an arbitrary output sink. WriteVerifyPEMTo(io.Writer) (int64, error) WriteJWK(io.Writer) (int64, error) }
func GenerateECDSAPair ¶
func GenerateSecretPair ¶
type Registry ¶
type Registry interface { // Get returns the Pair associated with a given key identifier Get(kid string) (Pair, bool) // Register creates a new Pair from a Descriptor and stores it in this registry Register(Descriptor) (Pair, error) }
Registry holds zero or more key Pairs
func NewRegistry ¶
NewRegistry creates a new key Registry backed by a given source of randomness for generation. If random is nil, crypto/rand.Reader is used.