Documentation ¶
Index ¶
- type CompactPKI
- func (p *CompactPKI) AckSize() uint32
- func (p *CompactPKI) AuthPEM() []byte
- func (p *CompactPKI) DecodingKey(server string, ackKey interface{}, prevKey interface{}) (interface{}, error)
- func (p *CompactPKI) EncodingKey() interface{}
- func (p *CompactPKI) EncodingPEM() []byte
- func (p *CompactPKI) PublicKey() interface{}
- func (p *CompactPKI) PublicSecrets() PublicSecrets
- func (p *CompactPKI) TokenPEMs() [][]byte
- func (p *CompactPKI) TransmittedKey() []byte
- func (p *CompactPKI) TransmittedPEM() []byte
- func (p *CompactPKI) Type() PrivateSecretsType
- func (p *CompactPKI) VerifyPublicKey(pkey []byte) (interface{}, error)
- type CompactPKIPublicSecrets
- type NullPKI
- func (p *NullPKI) AckSize() uint32
- func (p *NullPKI) AuthPEM() []byte
- func (p *NullPKI) DecodingKey(server string, ackKey interface{}, prevKey interface{}) (interface{}, error)
- func (p *NullPKI) EncodingKey() interface{}
- func (p *NullPKI) EncodingPEM() []byte
- func (p *NullPKI) PublicKey() interface{}
- func (p *NullPKI) PublicSecrets() PublicSecrets
- func (p *NullPKI) TransmittedKey() []byte
- func (p *NullPKI) TransmittedPEM() []byte
- func (p *NullPKI) Type() PrivateSecretsType
- func (p *NullPKI) VerifyPublicKey(pkey []byte) (interface{}, error)
- type NullPublicSecrets
- type PKIPublicSecrets
- type PKISecrets
- func (p *PKISecrets) AckSize() uint32
- func (p *PKISecrets) AuthPEM() []byte
- func (p *PKISecrets) DecodingKey(server string, ackCert interface{}, prevCert interface{}) (interface{}, error)
- func (p *PKISecrets) EncodingKey() interface{}
- func (p *PKISecrets) EncodingPEM() []byte
- func (p *PKISecrets) PublicKey() interface{}
- func (p *PKISecrets) PublicKeyAdd(host string, newCert []byte) error
- func (p *PKISecrets) PublicSecrets() PublicSecrets
- func (p *PKISecrets) TransmittedKey() []byte
- func (p *PKISecrets) TransmittedPEM() []byte
- func (p *PKISecrets) Type() PrivateSecretsType
- func (p *PKISecrets) VerifyPublicKey(pkey []byte) (interface{}, error)
- type PSKPublicSecrets
- type PSKSecrets
- func (p *PSKSecrets) AckSize() uint32
- func (p *PSKSecrets) AuthPEM() []byte
- func (p *PSKSecrets) DecodingKey(server string, ackCert, prevCert interface{}) (interface{}, error)
- func (p *PSKSecrets) EncodingKey() interface{}
- func (p *PSKSecrets) EncodingPEM() []byte
- func (p *PSKSecrets) PublicKey() interface{}
- func (p *PSKSecrets) PublicSecrets() PublicSecrets
- func (p *PSKSecrets) TransmittedKey() []byte
- func (p *PSKSecrets) TransmittedPEM() []byte
- func (p *PSKSecrets) Type() PrivateSecretsType
- func (p *PSKSecrets) VerifyPublicKey(pkey []byte) (interface{}, error)
- type PrivateSecretsType
- type PublicKeyAdder
- type PublicSecrets
- type Secrets
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type CompactPKI ¶
type CompactPKI struct { PrivateKeyPEM []byte PublicKeyPEM []byte AuthorityPEM []byte TokenKeyPEMs [][]byte Compressed claimsheader.CompressionType // contains filtered or unexported fields }
CompactPKI holds all PKI information
func NewCompactPKI ¶
func NewCompactPKI(keyPEM []byte, certPEM []byte, caPEM []byte, txKey []byte, compress claimsheader.CompressionType) (*CompactPKI, error)
NewCompactPKI creates new secrets for PKI implementation based on compact encoding
func NewCompactPKIWithTokenCA ¶
func NewCompactPKIWithTokenCA(keyPEM []byte, certPEM []byte, caPEM []byte, tokenKeyPEMs [][]byte, txKey []byte, compress claimsheader.CompressionType) (*CompactPKI, error)
NewCompactPKIWithTokenCA creates new secrets for PKI implementation based on compact encoding
func (*CompactPKI) AckSize ¶
func (p *CompactPKI) AckSize() uint32
AckSize returns the default size of an ACK packet
func (*CompactPKI) AuthPEM ¶
func (p *CompactPKI) AuthPEM() []byte
AuthPEM returns the Certificate Authority PEM
func (*CompactPKI) DecodingKey ¶
func (p *CompactPKI) DecodingKey(server string, ackKey interface{}, prevKey interface{}) (interface{}, error)
DecodingKey returns the public key
func (*CompactPKI) EncodingKey ¶
func (p *CompactPKI) EncodingKey() interface{}
EncodingKey returns the private key
func (*CompactPKI) EncodingPEM ¶
func (p *CompactPKI) EncodingPEM() []byte
EncodingPEM returns the certificate PEM that is used for encoding
func (*CompactPKI) PublicKey ¶
func (p *CompactPKI) PublicKey() interface{}
PublicKey returns the public key
func (*CompactPKI) PublicSecrets ¶
func (p *CompactPKI) PublicSecrets() PublicSecrets
PublicSecrets returns the secrets that are marshallable over the RPC interface.
func (*CompactPKI) TokenPEMs ¶
func (p *CompactPKI) TokenPEMs() [][]byte
TokenPEMs returns the Token Certificate Authorities
func (*CompactPKI) TransmittedKey ¶
func (p *CompactPKI) TransmittedKey() []byte
TransmittedKey returns the PEM of the public key in the case of PKI if there is no certificate cache configured
func (*CompactPKI) TransmittedPEM ¶
func (p *CompactPKI) TransmittedPEM() []byte
TransmittedPEM returns the PEM certificate that is transmitted
func (*CompactPKI) Type ¶
func (p *CompactPKI) Type() PrivateSecretsType
Type implements the interface Secrets
func (*CompactPKI) VerifyPublicKey ¶
func (p *CompactPKI) VerifyPublicKey(pkey []byte) (interface{}, error)
VerifyPublicKey verifies if the inband public key is correct.
type CompactPKIPublicSecrets ¶
type CompactPKIPublicSecrets struct { Type PrivateSecretsType Key []byte Certificate []byte CA []byte TokenCAs [][]byte Token []byte Compressed claimsheader.CompressionType }
CompactPKIPublicSecrets includes all the secrets that can be transmitted over the RPC interface.
func (*CompactPKIPublicSecrets) CertAuthority ¶
func (p *CompactPKIPublicSecrets) CertAuthority() []byte
CertAuthority returns the cert authority
func (*CompactPKIPublicSecrets) SecretsType ¶
func (p *CompactPKIPublicSecrets) SecretsType() PrivateSecretsType
SecretsType returns the type of secrets.
type NullPKI ¶
NullPKI holds all PKI information
func NewNullPKI ¶
NewNullPKI creates new secrets for PKI implementation based on compact encoding
func (*NullPKI) DecodingKey ¶
func (p *NullPKI) DecodingKey(server string, ackKey interface{}, prevKey interface{}) (interface{}, error)
DecodingKey returns the public key
func (*NullPKI) EncodingKey ¶
func (p *NullPKI) EncodingKey() interface{}
EncodingKey returns the private key
func (*NullPKI) EncodingPEM ¶
EncodingPEM returns the certificate PEM that is used for encoding
func (*NullPKI) PublicKey ¶
func (p *NullPKI) PublicKey() interface{}
PublicKey returns nil in this case
func (*NullPKI) PublicSecrets ¶
func (p *NullPKI) PublicSecrets() PublicSecrets
PublicSecrets returns the secrets that are marshallable over the RPC interface.
func (*NullPKI) TransmittedKey ¶
TransmittedKey returns the PEM of the public key in the case of PKI if there is no certificate cache configured
func (*NullPKI) TransmittedPEM ¶
TransmittedPEM returns the PEM certificate that is transmitted
func (*NullPKI) Type ¶
func (p *NullPKI) Type() PrivateSecretsType
Type implements the interface Secrets
func (*NullPKI) VerifyPublicKey ¶
VerifyPublicKey verifies if the inband public key is correct.
type NullPublicSecrets ¶
type NullPublicSecrets struct {
Type PrivateSecretsType
}
NullPublicSecrets includes all the secrets that can be transmitted over the RPC interface.
func (*NullPublicSecrets) CertAuthority ¶
func (p *NullPublicSecrets) CertAuthority() []byte
CertAuthority returns the cert authority - N/A to PSK
func (*NullPublicSecrets) SecretsType ¶
func (p *NullPublicSecrets) SecretsType() PrivateSecretsType
SecretsType returns the type of secrets.
type PKIPublicSecrets ¶
type PKIPublicSecrets struct { Type PrivateSecretsType Key []byte Certificate []byte CA []byte }
PKIPublicSecrets includes all the secrets that can be transmitted over the RPC interface.
func (*PKIPublicSecrets) CertAuthority ¶
func (p *PKIPublicSecrets) CertAuthority() []byte
CertAuthority returns the cert authority
func (*PKIPublicSecrets) SecretsType ¶
func (p *PKIPublicSecrets) SecretsType() PrivateSecretsType
SecretsType returns the type of secrets.
type PKISecrets ¶
type PKISecrets struct { PrivateKeyPEM []byte PublicKeyPEM []byte AuthorityPEM []byte CertificateCache map[string]*ecdsa.PublicKey // contains filtered or unexported fields }
PKISecrets holds all PKI information
func NewPKISecrets ¶
func NewPKISecrets(keyPEM, certPEM, caPEM []byte, certCache map[string]*ecdsa.PublicKey) (*PKISecrets, error)
NewPKISecrets creates new secrets for PKI implementations
func (*PKISecrets) AckSize ¶
func (p *PKISecrets) AckSize() uint32
AckSize returns the default size of an ACK packet
func (*PKISecrets) AuthPEM ¶
func (p *PKISecrets) AuthPEM() []byte
AuthPEM returns the Certificate Authority PEM
func (*PKISecrets) DecodingKey ¶
func (p *PKISecrets) DecodingKey(server string, ackCert interface{}, prevCert interface{}) (interface{}, error)
DecodingKey returns the public key
func (*PKISecrets) EncodingKey ¶
func (p *PKISecrets) EncodingKey() interface{}
EncodingKey returns the private key
func (*PKISecrets) EncodingPEM ¶
func (p *PKISecrets) EncodingPEM() []byte
EncodingPEM returns the certificate PEM that is used for encoding
func (*PKISecrets) PublicKey ¶
func (p *PKISecrets) PublicKey() interface{}
PublicKey returns the public key
func (*PKISecrets) PublicKeyAdd ¶
func (p *PKISecrets) PublicKeyAdd(host string, newCert []byte) error
PublicKeyAdd validates the parameter certificate. If valid, the corresponding key is added in the PublicKeyCache. If Invalid, an error is returned.
func (*PKISecrets) PublicSecrets ¶
func (p *PKISecrets) PublicSecrets() PublicSecrets
PublicSecrets returns the secrets that are marshallable over the RPC interface.
func (*PKISecrets) TransmittedKey ¶
func (p *PKISecrets) TransmittedKey() []byte
TransmittedKey returns the PEM of the public key in the case of PKI if there is no certificate cache configured
func (*PKISecrets) TransmittedPEM ¶
func (p *PKISecrets) TransmittedPEM() []byte
TransmittedPEM returns the PEM certificate that is transmitted
func (*PKISecrets) Type ¶
func (p *PKISecrets) Type() PrivateSecretsType
Type implements the interface Secrets
func (*PKISecrets) VerifyPublicKey ¶
func (p *PKISecrets) VerifyPublicKey(pkey []byte) (interface{}, error)
VerifyPublicKey verifies if the inband public key is correct.
type PSKPublicSecrets ¶
type PSKPublicSecrets struct { Type PrivateSecretsType }
PSKPublicSecrets includes all the secrets that can be transmitted over the RPC interface.
func (*PSKPublicSecrets) CertAuthority ¶
func (p *PSKPublicSecrets) CertAuthority() []byte
CertAuthority returns the cert authority - N/A to PSK
func (*PSKPublicSecrets) SecretsType ¶
func (p *PSKPublicSecrets) SecretsType() PrivateSecretsType
SecretsType returns the type of secrets.
type PSKSecrets ¶
type PSKSecrets struct {
}PSKSecrets holds the shared key.
func NewPSKSecrets ¶
func NewPSKSecrets(psk []byte) *PSKSecrets
NewPSKSecrets creates new PSK Secrets.
func (*PSKSecrets) AckSize ¶
func (p *PSKSecrets) AckSize() uint32
AckSize returns the expected size of ack packets.
func (*PSKSecrets) AuthPEM ¶
func (p *PSKSecrets) AuthPEM() []byte
AuthPEM returns the Certificate Authority PEM.
func (*PSKSecrets) DecodingKey ¶
func (p *PSKSecrets) DecodingKey(server string, ackCert, prevCert interface{}) (interface{}, error)
DecodingKey returns the preshared key.
func (*PSKSecrets) EncodingKey ¶
func (p *PSKSecrets) EncodingKey() interface{}
EncodingKey returns the pre-shared key.
func (*PSKSecrets) EncodingPEM ¶
func (p *PSKSecrets) EncodingPEM() []byte
EncodingPEM returns the certificate PEM that is used for encoding.
func (*PSKSecrets) PublicKey ¶
func (p *PSKSecrets) PublicKey() interface{}
PublicKey returns the public key
func (*PSKSecrets) PublicSecrets ¶
func (p *PSKSecrets) PublicSecrets() PublicSecrets
PublicSecrets returns the secrets that are marshallable over the RPC interface.
func (*PSKSecrets) TransmittedKey ¶
func (p *PSKSecrets) TransmittedKey() []byte
TransmittedKey returns nil in the case of pre-shared key.
func (*PSKSecrets) TransmittedPEM ¶
func (p *PSKSecrets) TransmittedPEM() []byte
TransmittedPEM returns the PEM certificate that is transmitted.
func (*PSKSecrets) Type ¶
func (p *PSKSecrets) Type() PrivateSecretsType
Type implements the Secrets interface.
func (*PSKSecrets) VerifyPublicKey ¶
func (p *PSKSecrets) VerifyPublicKey(pkey []byte) (interface{}, error)
VerifyPublicKey always returns nil for pre-shared secrets.
type PrivateSecretsType ¶
type PrivateSecretsType int
PrivateSecretsType identifies the different secrets that are supported
const ( // PKIType for asymmetric signing PKIType PrivateSecretsType = iota // PSKType for symetric signing PSKType // PKICompactType is for asymetric signing using compact JWTs on the wire PKICompactType // PKINull is for debugging PKINull )
type PublicKeyAdder ¶
type PublicKeyAdder interface { // PublicKeyAdd adds the given cert for the given host. PublicKeyAdd(host string, cert []byte) error }
PublicKeyAdder register a publicKey for a Node.
type PublicSecrets ¶
type PublicSecrets interface { SecretsType() PrivateSecretsType CertAuthority() []byte }
PublicSecrets is an interface of the data structures of the secrets that can be transmitted over the RPC interface to the remotes.
type Secrets ¶
type Secrets interface { // Type must return the type of the secrets as defined in the PrivateSecretsType Type() PrivateSecretsType // EncodingKey returns the key used to encode the tokens. EncodingKey() interface{} // DecodingKey is the key used to decode the tokens. DecodingKey(server string, ackCert, prevCert interface{}) (interface{}, error) // PublicKey returns the public ket of the secrets. PublicKey() interface{} // TransmittedKey returns the public key as a byte slice and as it is transmitted // on the wire. TransmittedKey() []byte // VerifyPublicKey will verify a public key and whether it is signed by a trusted // authority. VerifyPublicKey(pkey []byte) (interface{}, error) // AckSize calculates the size of the ACK packet based on the keys. AckSize() uint32 // PublicSecrets returns the PEM formated secrets to be transmitted over the RPC interface. PublicSecrets() PublicSecrets }
Secrets is an interface implementing secrets
func NewSecrets ¶
func NewSecrets(s PublicSecrets) (Secrets, error)
NewSecrets creates a new set of secrets based on the type.