keymanagement

package

v0.4.2 Latest Latest Go to latest Published: Jul 23, 2021 License: Apache-2.0 Imports: 21 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

gitlab.com/ponci-berlin/ponci

Links

Open Source Insights

Documentation ¶

Index ¶

func GenerateBundle(logger *zap.Logger, keySets []KeySet) (cborBundle []byte, err error)
func GenerateSignedBundle(logger *zap.Logger, keySets []KeySet, signKey *ecdsa.PrivateKey, kid []byte) (signedBundle []byte, err error)
func NewKeyID(pub *ecdsa.PublicKey) []byte
func NewRandomString() []byte
func RollKeys(logger *zap.Logger, writeDebugFiles bool, debugFilePath string, ...) ([]byte, *ecdsa.PrivateKey, []byte, error)
func WriteHexFile(key []byte, target string) error
type Bundle
type KeyManager
- func New(logger *zap.Logger, keyPath string, certPath string) (*KeyManager, error)
type KeyRecord
- func (KeyRecord) TableName() string
type KeySet
- func (ks *KeySet) MarshalCBOR() ([]byte, error)
- func (ks *KeySet) Save(db *gorm.DB) error
type SubmitKeysRequest

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func GenerateBundle ¶

func GenerateBundle(logger *zap.Logger, keySets []KeySet) (cborBundle []byte, err error)

GenerateBundle generates an unsigned bundle.

func GenerateSignedBundle ¶

func GenerateSignedBundle(
	logger *zap.Logger,
	keySets []KeySet,
	signKey *ecdsa.PrivateKey,
	kid []byte,
) (signedBundle []byte, err error)

GenerateSignedBundle creates a SignMessage containing the bundle, signed with signKey.

func NewKeyID ¶

func NewKeyID(pub *ecdsa.PublicKey) []byte

func NewRandomString ¶

func NewRandomString() []byte

func RollKeys ¶

func RollKeys(
	logger *zap.Logger,
	writeDebugFiles bool,
	debugFilePath string,
	debugFilePrefix string,
) ([]byte, *ecdsa.PrivateKey, []byte, error)

func WriteHexFile ¶

func WriteHexFile(key []byte, target string) error

Types ¶

type Bundle ¶

type Bundle struct {
	Version int16
	Date    time.Time // utc unix timestamp
	Keys    []cborKeySet
}

type KeyManager ¶

type KeyManager struct {
	// contains filtered or unexported fields
}

func New ¶

func New(logger *zap.Logger, keyPath string, certPath string) (*KeyManager, error)

func (*KeyManager) GenerateSignedBundle ¶

func (km *KeyManager) GenerateSignedBundle(logger *zap.Logger, dbHandle *gorm.DB) ([]byte, error)

func (*KeyManager) GetKeyID ¶

func (km *KeyManager) GetKeyID() []byte

func (*KeyManager) GetRawCert ¶

func (km *KeyManager) GetRawCert() []byte

func (*KeyManager) GetSigningKey ¶

func (km *KeyManager) GetSigningKey() *ecdsa.PrivateKey

func (*KeyManager) SetKeyID ¶

func (km *KeyManager) SetKeyID(id []byte)

type KeyRecord ¶

type KeyRecord struct {
	gorm.Model
	CredType  credential.Type
	AESKey    []byte
	ECCKey    []byte
	OrgID     string
	ValidFrom time.Time
	ValidTo   time.Time
}

KeyRecord represents a keyset in the database. This is only for use with GORM. Use the KeySet type instead TODO replace this with a better solution.

func (KeyRecord) TableName ¶

func (KeyRecord) TableName() string

type KeySet ¶

type KeySet struct {
	CredType  credential.Type
	AESKey    []byte
	ECCKey    *ecdsa.PublicKey `gorm:"type:bytes"`
	OrgID     string
	ValidFrom time.Time `cbor:"-"`
	ValidTo   time.Time `cbor:"-"`
}

func GetValidKeySets ¶

func GetValidKeySets(logger *zap.Logger, dbHandle *gorm.DB) ([]KeySet, error)

func KeySetFromCBOR ¶ added in v0.2.6

func KeySetFromCBOR(marshalledKeySet []byte) (KeySet, error)

func ParseSubmitKeysRequest ¶

func ParseSubmitKeysRequest(reqBytes []byte, orgID string) (KeySet, error)

func (*KeySet) MarshalCBOR ¶

func (ks *KeySet) MarshalCBOR() ([]byte, error)

func (*KeySet) Save ¶

func (ks *KeySet) Save(db *gorm.DB) error

type SubmitKeysRequest ¶

type SubmitKeysRequest struct {
	CredType credential.Type
	AesKey   cbor.RawMessage
	ECCKey   cbor.RawMessage
}

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL