Documentation ¶
Index ¶
- Variables
- func CreateTxtToken() []byte
- type CompactPKI
- func (p *CompactPKI) AckSize() uint32
- func (p *CompactPKI) EncodingKey() interface{}
- func (p *CompactPKI) KeyAndClaims(pkey []byte) (interface{}, []string, time.Time, *pkiverifier.PKIControllerInfo, error)
- func (p *CompactPKI) PublicKey() interface{}
- func (p *CompactPKI) PublicSecrets() PublicSecrets
- func (p *CompactPKI) TransmittedKey() []byte
- func (p *CompactPKI) Type() PrivateSecretsType
- type CompactPKIPublicKey
- type CompactPKIPublicSecrets
- type LockedSecrets
- type NullPKI
- func (p *NullPKI) AckSize() uint32
- func (p *NullPKI) EncodingKey() interface{}
- func (p *NullPKI) KeyAndClaims(pkey []byte) (interface{}, []string, time.Time, *pkiverifier.PKIControllerInfo, error)
- func (p *NullPKI) PublicKey() interface{}
- func (p *NullPKI) PublicSecrets() PublicSecrets
- func (p *NullPKI) TransmittedKey() []byte
- func (p *NullPKI) Type() PrivateSecretsType
- type NullPublicSecrets
- type PrivateSecretsType
- type PublicKeyAdder
- type PublicSecrets
- type Secrets
Constants ¶
This section is empty.
Variables ¶
var ( CAPEM = `` /* 618-byte string literal not displayed */ CAKeyPEM = `` /* 226-byte string literal not displayed */ PrivateKeyPEM = `` /* 226-byte string literal not displayed */ PublicPEM = `` /* 647-byte string literal not displayed */ )
Certs
Functions ¶
Types ¶
type CompactPKI ¶
type CompactPKI struct { PrivateKeyPEM []byte PublicKeyPEM []byte AuthorityPEM []byte TokenKeyPEMs []*CompactPKIPublicKey Compressed claimsheader.CompressionType // contains filtered or unexported fields }
CompactPKI holds all PKI information
func NewCompactPKI ¶
func NewCompactPKI(keyPEM []byte, certPEM []byte, caPEM []byte, txKey []byte, compress claimsheader.CompressionType) (*CompactPKI, error)
NewCompactPKI creates new secrets for PKI implementation based on compact encoding
func NewCompactPKIWithTokenCA ¶
func NewCompactPKIWithTokenCA(keyPEM []byte, certPEM []byte, caPEM []byte, tokenKeyPEMs []*CompactPKIPublicKey, txKey []byte, compress claimsheader.CompressionType) (*CompactPKI, error)
NewCompactPKIWithTokenCA creates new secrets for PKI implementation based on compact encoding.
keyPEM: is the private key that will be used for signing tokens formated as a PEM file. certPEM: is the public key that will be used formated as a PEM file. tokenKeyPEMs: is a list of public keys that can be used to verify the public token that that is transmitted over the wire. These are essentially the public CA PEMs that were used to sign the txtKey txKey: is the public key that is send over the wire. compressionType: is packed with the secrets to indicate compression.
func (*CompactPKI) AckSize ¶
func (p *CompactPKI) AckSize() uint32
AckSize returns the default size of an ACK packet
func (*CompactPKI) EncodingKey ¶
func (p *CompactPKI) EncodingKey() interface{}
EncodingKey returns the private key
func (*CompactPKI) KeyAndClaims ¶
func (p *CompactPKI) KeyAndClaims(pkey []byte) (interface{}, []string, time.Time, *pkiverifier.PKIControllerInfo, error)
KeyAndClaims returns both the key and any attributes associated with the public key.
func (*CompactPKI) PublicKey ¶
func (p *CompactPKI) PublicKey() interface{}
PublicKey returns the public key
func (*CompactPKI) PublicSecrets ¶
func (p *CompactPKI) PublicSecrets() PublicSecrets
PublicSecrets returns the secrets that are marshallable over the RPC interface.
func (*CompactPKI) TransmittedKey ¶
func (p *CompactPKI) TransmittedKey() []byte
TransmittedKey returns the PEM of the public key in the case of PKI if there is no certificate cache configured
func (*CompactPKI) Type ¶
func (p *CompactPKI) Type() PrivateSecretsType
Type implements the interface Secrets
type CompactPKIPublicKey ¶
type CompactPKIPublicKey struct { PublicKey []byte Controller *pkiverifier.PKIControllerInfo }
CompactPKIPublicKey holds information about public keys
type CompactPKIPublicSecrets ¶
type CompactPKIPublicSecrets struct { Type PrivateSecretsType Key []byte Certificate []byte CA []byte TokenCAs []*CompactPKIPublicKey Token []byte Compressed claimsheader.CompressionType }
CompactPKIPublicSecrets includes all the secrets that can be transmitted over the RPC interface.
func (*CompactPKIPublicSecrets) CertAuthority ¶
func (p *CompactPKIPublicSecrets) CertAuthority() []byte
CertAuthority returns the cert authority
func (*CompactPKIPublicSecrets) SecretsType ¶
func (p *CompactPKIPublicSecrets) SecretsType() PrivateSecretsType
SecretsType returns the type of secrets.
type LockedSecrets ¶
type LockedSecrets interface {
Secrets() (Secrets, func())
}
LockedSecrets provides a way to use secrets where shared read access is required. The user becomes responsible for unlocking when done using them. The implementation should lock the access to secrets for reading, and pass down the function for unlocking.
type NullPKI ¶
NullPKI holds all PKI information
func NewNullPKI ¶
NewNullPKI creates new secrets for PKI implementation based on compact encoding
func (*NullPKI) EncodingKey ¶
func (p *NullPKI) EncodingKey() interface{}
EncodingKey returns the private key
func (*NullPKI) KeyAndClaims ¶
func (p *NullPKI) KeyAndClaims(pkey []byte) (interface{}, []string, time.Time, *pkiverifier.PKIControllerInfo, error)
KeyAndClaims returns both the key and any attributes associated with the public key.
func (*NullPKI) PublicKey ¶
func (p *NullPKI) PublicKey() interface{}
PublicKey returns nil in this case
func (*NullPKI) PublicSecrets ¶
func (p *NullPKI) PublicSecrets() PublicSecrets
PublicSecrets returns the secrets that are marshallable over the RPC interface.
func (*NullPKI) TransmittedKey ¶
TransmittedKey returns the PEM of the public key in the case of PKI if there is no certificate cache configured
func (*NullPKI) Type ¶
func (p *NullPKI) Type() PrivateSecretsType
Type implements the interface Secrets
type NullPublicSecrets ¶
type NullPublicSecrets struct {
Type PrivateSecretsType
}
NullPublicSecrets includes all the secrets that can be transmitted over the RPC interface.
func (*NullPublicSecrets) CertAuthority ¶
func (p *NullPublicSecrets) CertAuthority() []byte
CertAuthority returns the cert authority - N/A to PSK
func (*NullPublicSecrets) SecretsType ¶
func (p *NullPublicSecrets) SecretsType() PrivateSecretsType
SecretsType returns the type of secrets.
type PrivateSecretsType ¶
type PrivateSecretsType int
PrivateSecretsType identifies the different secrets that are supported
const ( // PKICompactType is for asymetric signing using compact JWTs on the wire PKICompactType PrivateSecretsType = iota // PKINull is for debugging PKINull )
type PublicKeyAdder ¶
type PublicKeyAdder interface { // PublicKeyAdd adds the given cert for the given host. PublicKeyAdd(host string, cert []byte) error }
PublicKeyAdder register a publicKey for a Node.
type PublicSecrets ¶
type PublicSecrets interface { SecretsType() PrivateSecretsType CertAuthority() []byte }
PublicSecrets is an interface of the data structures of the secrets that can be transmitted over the RPC interface to the remotes.
type Secrets ¶
type Secrets interface { // Type must return the type of the secrets as defined in the PrivateSecretsType Type() PrivateSecretsType // EncodingKey returns the key used to encode the tokens. EncodingKey() interface{} // PublicKey returns the public ket of the secrets. PublicKey() interface{} // TransmittedKey returns the public key as a byte slice and as it is transmitted // on the wire. TransmittedKey() []byte // KeyAndClaims will verify the public key and return any claims that are part of the key. KeyAndClaims(pkey []byte) (interface{}, []string, time.Time, *pkiverifier.PKIControllerInfo, error) // AckSize calculates the size of the ACK packet based on the keys. AckSize() uint32 // PublicSecrets returns the PEM formated secrets to be transmitted over the RPC interface. PublicSecrets() PublicSecrets }
Secrets is an interface implementing secrets
func CreateCompactPKITestSecrets ¶
func CreateCompactPKITestSecrets() (*x509.Certificate, Secrets, error)
CreateCompactPKITestSecrets creates test secrets
func NewSecrets ¶
func NewSecrets(s PublicSecrets) (Secrets, error)
NewSecrets creates a new set of secrets based on the type.