Documentation ¶
Overview ¶
Package secure contains the security types common to WebPA applications
Deprecated: secure is no longer planned to be used by future WebPA/XMiDT services.
This package is frozen and no new functionality will be added.
Index ¶
Constants ¶
const ( JWTValidationReasonCounter = "jwt_validation_reason" NBFHistogram = "jwt_from_nbf_seconds" EXPHistogram = "jwt_from_exp_seconds" )
Names for our metrics
Variables ¶
var ( ErrorNoProtectedHeader = errors.New("Missing protected header") ErrorNoSigningMethod = errors.New("Signing method (alg) is missing or unrecognized") )
Functions ¶
Types ¶
type ExactMatchValidator ¶
type ExactMatchValidator string
ExactMatchValidator simply matches a token's value (exluding the prefix, such as "Basic"), to a string.
type JWSParser ¶
JWSParser parses raw Tokens into JWS objects
var DefaultJWSParser JWSParser = defaultJWSParser(0)
DefaultJWSParser is the parser implementation that simply delegates to the SermoDigital library's jws.ParseJWT function.
type JWSValidator ¶
type JWSValidator struct { DefaultKeyId string Resolver key.Resolver Parser JWSParser JWTValidators []*jwt.Validator // contains filtered or unexported fields }
JWSValidator provides validation for JWT tokens encoded as JWS.
func (*JWSValidator) DefineMeasures ¶
func (v *JWSValidator) DefineMeasures(m *JWTValidationMeasures)
DefineMeasures defines the metrics tool used by JWSValidator
type JWTValidationMeasures ¶
type JWTValidationMeasures struct { NBFHistogram *gokitprometheus.Histogram ExpHistogram *gokitprometheus.Histogram ValidationReason metrics.Counter }
JWTValidationMeasures describes the defined metrics that will be used by clients
func NewJWTValidationMeasures ¶
func NewJWTValidationMeasures(r xmetrics.Registry) *JWTValidationMeasures
NewJWTValidationMeasures realizes desired metrics
type JWTValidatorFactory ¶
type JWTValidatorFactory struct { Expected jwt.Claims `json:"expected"` ExpLeeway int `json:"expLeeway"` NbfLeeway int `json:"nbfLeeway"` // contains filtered or unexported fields }
JWTValidatorFactory is a configurable factory for *jwt.Validator instances
func (*JWTValidatorFactory) DefineMeasures ¶
func (f *JWTValidatorFactory) DefineMeasures(m *JWTValidationMeasures)
DefineMeasures helps establish the metrics tools
func (*JWTValidatorFactory) New ¶
func (f *JWTValidatorFactory) New(custom ...jwt.ValidateFunc) *jwt.Validator
New returns a jwt.Validator using the configuration expected claims (if any) and a validator function that checks the exp and nbf claims.
The SermoDigital library doesn't appear to do anything with the EXP and NBF members of jwt.Validator, but this Factory Method populates them anyway.
type MockValidator ¶
MockValidator is a stretchr mock, exposed for use by other packages
type Token ¶
type Token struct {
// contains filtered or unexported fields
}
Token is the result of parsing an authorization string
func NewToken ¶
NewToken extracts the Authorization from the request and returns the Token that results from parsing that header's value. If no Authorization header exists, this function returns nil with no error.
func ParseAuthorization ¶
ParseAuthorization parses the raw Authorization string and returns a Token.
func (*Token) String ¶
String returns an on-the-wire representation of this token, suitable for placing into an Authorization header.
type TokenType ¶
type TokenType string
TokenType is a discriminator for the contents of a secure token.
func ParseTokenType ¶
ParseTokenType returns the TokenType corresponding to a string. This function is case-insensitive.
type Validator ¶
type Validator interface { // Validate asserts that the given token is valid, most often verifying // the credentials in the token. A separate error is returned to indicate // any problems during validation, such as the inability to access a network resource. // In general, the contract of this method is that a Token passes validation // if and only if it returns BOTH true and a nil error. Validate(context.Context, *Token) (bool, error) }
Validator describes the behavior of a type which can validate tokens
type ValidatorFunc ¶
ValidatorFunc is a function type that implements Validator
type Validators ¶
type Validators []Validator
Validators is an aggregate Validator. A Validators instance considers a token valid if any of its validators considers it valid. An empty Validators rejects all tokens.
Source Files ¶
Directories ¶
Path | Synopsis |
---|---|
Package key provides a simple API for loading public and private keys from resources.
|
Package key provides a simple API for loading public and private keys from resources. |
tools
|
|