secure

package
v1.11.9 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jul 26, 2021 License: Apache-2.0 Imports: 14 Imported by: 2

Documentation

Overview

Package secure contains the security types common to WebPA applications

Deprecated: secure is no longer planned to be used by future WebPA/XMiDT services.

This package is frozen and no new functionality will be added.

Index

Constants

View Source
const (
	JWTValidationReasonCounter = "jwt_validation_reason"
	NBFHistogram               = "jwt_from_nbf_seconds"
	EXPHistogram               = "jwt_from_exp_seconds"
)

Names for our metrics

View Source
const (
	AuthorizationHeader string    = "Authorization"
	Invalid             TokenType = "!! INVALID !!"
	Basic               TokenType = "Basic"
	Bearer              TokenType = "Bearer"
	Digest              TokenType = "Digest"

	Untrusted = "0"
)

Variables

View Source
var (
	ErrorNoProtectedHeader = errors.New("Missing protected header")
	ErrorNoSigningMethod   = errors.New("Signing method (alg) is missing or unrecognized")
)

Functions

func Metrics

func Metrics() []xmetrics.Metric

Metrics returns the Metrics relevant to this package

Types

type ExactMatchValidator

type ExactMatchValidator string

ExactMatchValidator simply matches a token's value (exluding the prefix, such as "Basic"), to a string.

func (ExactMatchValidator) Validate

func (v ExactMatchValidator) Validate(ctx context.Context, token *Token) (bool, error)

type JWSParser

type JWSParser interface {
	ParseJWS(*Token) (jws.JWS, error)
}

JWSParser parses raw Tokens into JWS objects

var DefaultJWSParser JWSParser = defaultJWSParser(0)

DefaultJWSParser is the parser implementation that simply delegates to the SermoDigital library's jws.ParseJWT function.

type JWSValidator

type JWSValidator struct {
	DefaultKeyId  string
	Resolver      key.Resolver
	Parser        JWSParser
	JWTValidators []*jwt.Validator
	// contains filtered or unexported fields
}

JWSValidator provides validation for JWT tokens encoded as JWS.

func (*JWSValidator) DefineMeasures

func (v *JWSValidator) DefineMeasures(m *JWTValidationMeasures)

DefineMeasures defines the metrics tool used by JWSValidator

func (JWSValidator) Validate

func (v JWSValidator) Validate(ctx context.Context, token *Token) (valid bool, err error)

type JWTValidationMeasures

type JWTValidationMeasures struct {
	NBFHistogram     *gokitprometheus.Histogram
	ExpHistogram     *gokitprometheus.Histogram
	ValidationReason metrics.Counter
}

JWTValidationMeasures describes the defined metrics that will be used by clients

func NewJWTValidationMeasures

func NewJWTValidationMeasures(r xmetrics.Registry) *JWTValidationMeasures

NewJWTValidationMeasures realizes desired metrics

type JWTValidatorFactory

type JWTValidatorFactory struct {
	Expected  jwt.Claims `json:"expected"`
	ExpLeeway int        `json:"expLeeway"`
	NbfLeeway int        `json:"nbfLeeway"`
	// contains filtered or unexported fields
}

JWTValidatorFactory is a configurable factory for *jwt.Validator instances

func (*JWTValidatorFactory) DefineMeasures

func (f *JWTValidatorFactory) DefineMeasures(m *JWTValidationMeasures)

DefineMeasures helps establish the metrics tools

func (*JWTValidatorFactory) New

func (f *JWTValidatorFactory) New(custom ...jwt.ValidateFunc) *jwt.Validator

New returns a jwt.Validator using the configuration expected claims (if any) and a validator function that checks the exp and nbf claims.

The SermoDigital library doesn't appear to do anything with the EXP and NBF members of jwt.Validator, but this Factory Method populates them anyway.

type MockValidator

type MockValidator struct {
	mock.Mock
}

MockValidator is a stretchr mock, exposed for use by other packages

func (*MockValidator) Validate

func (v *MockValidator) Validate(ctx context.Context, token *Token) (bool, error)

type Token

type Token struct {
	// contains filtered or unexported fields
}

Token is the result of parsing an authorization string

func NewToken

func NewToken(request *http.Request) (*Token, error)

NewToken extracts the Authorization from the request and returns the Token that results from parsing that header's value. If no Authorization header exists, this function returns nil with no error.

func ParseAuthorization

func ParseAuthorization(value string) (*Token, error)

ParseAuthorization parses the raw Authorization string and returns a Token.

func (*Token) Bytes

func (t *Token) Bytes() []byte

func (*Token) String

func (t *Token) String() string

String returns an on-the-wire representation of this token, suitable for placing into an Authorization header.

func (*Token) Trust

func (t *Token) Trust() string

func (*Token) Type

func (t *Token) Type() TokenType

Type returns the type discriminator for this token. Note that the functions in this package will never create a Token with an Invalid type.

func (*Token) Value

func (t *Token) Value() string

type TokenType

type TokenType string

TokenType is a discriminator for the contents of a secure token.

func ParseTokenType

func ParseTokenType(value string) (TokenType, error)

ParseTokenType returns the TokenType corresponding to a string. This function is case-insensitive.

type Validator

type Validator interface {
	// Validate asserts that the given token is valid, most often verifying
	// the credentials in the token.  A separate error is returned to indicate
	// any problems during validation, such as the inability to access a network resource.
	// In general, the contract of this method is that a Token passes validation
	// if and only if it returns BOTH true and a nil error.
	Validate(context.Context, *Token) (bool, error)
}

Validator describes the behavior of a type which can validate tokens

type ValidatorFunc

type ValidatorFunc func(context.Context, *Token) (bool, error)

ValidatorFunc is a function type that implements Validator

func (ValidatorFunc) Validate

func (v ValidatorFunc) Validate(ctx context.Context, token *Token) (bool, error)

type Validators

type Validators []Validator

Validators is an aggregate Validator. A Validators instance considers a token valid if any of its validators considers it valid. An empty Validators rejects all tokens.

func (Validators) Validate

func (v Validators) Validate(ctx context.Context, token *Token) (valid bool, err error)

Directories

Path Synopsis
Package key provides a simple API for loading public and private keys from resources.
Package key provides a simple API for loading public and private keys from resources.
tools

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL