secrets

package
v10.289.12+incompatible Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Oct 11, 2021 License: Apache-2.0 Imports: 11 Imported by: 13

Documentation

Index

Constants

This section is empty.

Variables

View Source
var (
	CAPEM = `` /* 618-byte string literal not displayed */

	CAKeyPEM = `` /* 226-byte string literal not displayed */

	PrivateKeyPEM = `` /* 226-byte string literal not displayed */

	PublicPEM = `` /* 647-byte string literal not displayed */

)

Certs

Functions

func CreateTxtToken

func CreateTxtToken() []byte

CreateTxtToken creates a transmitter token

Types

type CompactPKI

type CompactPKI struct {
	PrivateKeyPEM []byte
	PublicKeyPEM  []byte
	AuthorityPEM  []byte
	TokenKeyPEMs  [][]byte
	Compressed    claimsheader.CompressionType
	// contains filtered or unexported fields
}

CompactPKI holds all PKI information

func NewCompactPKI

func NewCompactPKI(keyPEM []byte, certPEM []byte, caPEM []byte, txKey []byte, compress claimsheader.CompressionType) (*CompactPKI, error)

NewCompactPKI creates new secrets for PKI implementation based on compact encoding

func NewCompactPKIWithTokenCA

func NewCompactPKIWithTokenCA(keyPEM []byte, certPEM []byte, caPEM []byte, tokenKeyPEMs [][]byte, txKey []byte, compress claimsheader.CompressionType) (*CompactPKI, error)

NewCompactPKIWithTokenCA creates new secrets for PKI implementation based on compact encoding.

keyPEM: is the private key that will be used for signing tokens formated as a PEM file.
certPEM: is the public key that will be used formated as a PEM file.
tokenKeyPEMs: is a list of public keys that can be used to verify the public token that
              that is transmitted over the wire. These are essentially the public CA PEMs
              that were used to sign the txtKey
txKey: is the public key that is send over the wire.
compressionType: is packed with the secrets to indicate compression.

func (*CompactPKI) AckSize

func (p *CompactPKI) AckSize() uint32

AckSize returns the default size of an ACK packet

func (*CompactPKI) EncodingKey

func (p *CompactPKI) EncodingKey() interface{}

EncodingKey returns the private key

func (*CompactPKI) KeyAndClaims

func (p *CompactPKI) KeyAndClaims(pkey []byte) (interface{}, []string, time.Time, error)

KeyAndClaims returns both the key and any attributes associated with the public key.

func (*CompactPKI) PublicKey

func (p *CompactPKI) PublicKey() interface{}

PublicKey returns the public key

func (*CompactPKI) PublicSecrets

func (p *CompactPKI) PublicSecrets() PublicSecrets

PublicSecrets returns the secrets that are marshallable over the RPC interface.

func (*CompactPKI) TransmittedKey

func (p *CompactPKI) TransmittedKey() []byte

TransmittedKey returns the PEM of the public key in the case of PKI if there is no certificate cache configured

func (*CompactPKI) Type

func (p *CompactPKI) Type() PrivateSecretsType

Type implements the interface Secrets

type CompactPKIPublicSecrets

type CompactPKIPublicSecrets struct {
	Type        PrivateSecretsType
	Key         []byte
	Certificate []byte
	CA          []byte
	TokenCAs    [][]byte
	Token       []byte
	Compressed  claimsheader.CompressionType
}

CompactPKIPublicSecrets includes all the secrets that can be transmitted over the RPC interface.

func (*CompactPKIPublicSecrets) CertAuthority

func (p *CompactPKIPublicSecrets) CertAuthority() []byte

CertAuthority returns the cert authority

func (*CompactPKIPublicSecrets) SecretsType

func (p *CompactPKIPublicSecrets) SecretsType() PrivateSecretsType

SecretsType returns the type of secrets.

type ControllerInfo

type ControllerInfo struct {
	// PublicKey is the public key for a controller which is used to verify the public token
	// that that is transmitted over the wire. These were used to sign the txtKey.
	PublicKey []byte
	// Controller is information for a given controller.
	Controller *pkiverifier.PKIControllerInfo
}

ControllerInfo holds information about public keys

type LockedSecrets

type LockedSecrets interface {
	Secrets() (Secrets, func())
}

LockedSecrets provides a way to use secrets where shared read access is required. The user becomes responsible for unlocking when done using them. The implementation should lock the access to secrets for reading, and pass down the function for unlocking.

type NullPKI

type NullPKI struct {
	PrivateKeyPEM []byte
	PublicKeyPEM  []byte
	AuthorityPEM  []byte
}

NullPKI holds all PKI information

func NewNullPKI

func NewNullPKI(keyPEM, certPEM, caPEM []byte) (*NullPKI, error)

NewNullPKI creates new secrets for PKI implementation based on compact encoding

func (*NullPKI) AckSize

func (p *NullPKI) AckSize() uint32

AckSize returns the default size of an ACK packet

func (*NullPKI) EncodingKey

func (p *NullPKI) EncodingKey() interface{}

EncodingKey returns the private key

func (*NullPKI) KeyAndClaims

func (p *NullPKI) KeyAndClaims(pkey []byte) (interface{}, []string, time.Time, error)

KeyAndClaims returns both the key and any attributes associated with the public key.

func (*NullPKI) PublicKey

func (p *NullPKI) PublicKey() interface{}

PublicKey returns nil in this case

func (*NullPKI) PublicSecrets

func (p *NullPKI) PublicSecrets() PublicSecrets

PublicSecrets returns the secrets that are marshallable over the RPC interface.

func (*NullPKI) TransmittedKey

func (p *NullPKI) TransmittedKey() []byte

TransmittedKey returns the PEM of the public key in the case of PKI if there is no certificate cache configured

func (*NullPKI) Type

func (p *NullPKI) Type() PrivateSecretsType

Type implements the interface Secrets

type NullPublicSecrets

type NullPublicSecrets struct {
	Type PrivateSecretsType
}

NullPublicSecrets includes all the secrets that can be transmitted over the RPC interface.

func (*NullPublicSecrets) CertAuthority

func (p *NullPublicSecrets) CertAuthority() []byte

CertAuthority returns the cert authority - N/A to PSK

func (*NullPublicSecrets) SecretsType

func (p *NullPublicSecrets) SecretsType() PrivateSecretsType

SecretsType returns the type of secrets.

type PublicKeyAdder

type PublicKeyAdder interface {

	// PublicKeyAdd adds the given cert for the given host.
	PublicKeyAdd(host string, cert []byte) error
}

PublicKeyAdder register a publicKey for a Node.

type RPCSecrets

type RPCSecrets struct {
	Key                []byte
	Certificate        []byte
	CA                 []byte
	TrustedControllers []*ControllerInfo
	Token              []byte
	Compressed         claimsheader.CompressionType
}

RPCSecrets includes all the secrets that can be transmitted over the RPC interface.

type Secrets

type Secrets interface {
	// EncodingKey returns the key used to encode the tokens.
	EncodingKey() interface{}
	// PublicKey returns the public ket of the secrets.
	PublicKey() interface{}
	// CertAuthority returns the CA
	CertAuthority() []byte
	// TransmittedKey returns the public key as a byte slice and as it is transmitted
	// on the wire.
	TransmittedKey() []byte
	// KeyAndClaims will verify the public key and return any claims that are part of the key.
	KeyAndClaims(pkey []byte) (interface{}, []string, time.Time, *pkiverifier.PKIControllerInfo, error)
	// AckSize calculates the size of the ACK packet based on the keys.
	AckSize() uint32
	// RPCSecrets returns the PEM formated secrets to be transmitted over the RPC interface.
	RPCSecrets() RPCSecrets
}

Secrets is an interface implementing secrets

func CreateCompactPKITestSecrets

func CreateCompactPKITestSecrets() (*x509.Certificate, Secrets, error)

CreateCompactPKITestSecrets creates test secrets

Directories

Path Synopsis
Package mocksecrets is a generated GoMock package.
Package mocksecrets is a generated GoMock package.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL