Documentation ¶
Index ¶
- Variables
- func CreateTxtToken() []byte
- type CompactPKI
- func (p *CompactPKI) AckSize() uint32
- func (p *CompactPKI) EncodingKey() interface{}
- func (p *CompactPKI) KeyAndClaims(pkey []byte) (interface{}, []string, time.Time, error)
- func (p *CompactPKI) PublicKey() interface{}
- func (p *CompactPKI) PublicSecrets() PublicSecrets
- func (p *CompactPKI) TransmittedKey() []byte
- func (p *CompactPKI) Type() PrivateSecretsType
- type CompactPKIPublicSecrets
- type ControllerInfo
- type LockedSecrets
- type NullPKI
- func (p *NullPKI) AckSize() uint32
- func (p *NullPKI) EncodingKey() interface{}
- func (p *NullPKI) KeyAndClaims(pkey []byte) (interface{}, []string, time.Time, error)
- func (p *NullPKI) PublicKey() interface{}
- func (p *NullPKI) PublicSecrets() PublicSecrets
- func (p *NullPKI) TransmittedKey() []byte
- func (p *NullPKI) Type() PrivateSecretsType
- type NullPublicSecrets
- type PublicKeyAdder
- type RPCSecrets
- type Secrets
Constants ¶
This section is empty.
Variables ¶
var ( CAPEM = `` /* 618-byte string literal not displayed */ CAKeyPEM = `` /* 226-byte string literal not displayed */ PrivateKeyPEM = `` /* 226-byte string literal not displayed */ PublicPEM = `` /* 647-byte string literal not displayed */ )
Certs
Functions ¶
Types ¶
type CompactPKI ¶
type CompactPKI struct { PrivateKeyPEM []byte PublicKeyPEM []byte AuthorityPEM []byte TokenKeyPEMs [][]byte Compressed claimsheader.CompressionType // contains filtered or unexported fields }
CompactPKI holds all PKI information
func NewCompactPKI ¶
func NewCompactPKI(keyPEM []byte, certPEM []byte, caPEM []byte, txKey []byte, compress claimsheader.CompressionType) (*CompactPKI, error)
NewCompactPKI creates new secrets for PKI implementation based on compact encoding
func NewCompactPKIWithTokenCA ¶
func NewCompactPKIWithTokenCA(keyPEM []byte, certPEM []byte, caPEM []byte, tokenKeyPEMs [][]byte, txKey []byte, compress claimsheader.CompressionType) (*CompactPKI, error)
NewCompactPKIWithTokenCA creates new secrets for PKI implementation based on compact encoding.
keyPEM: is the private key that will be used for signing tokens formated as a PEM file. certPEM: is the public key that will be used formated as a PEM file. tokenKeyPEMs: is a list of public keys that can be used to verify the public token that that is transmitted over the wire. These are essentially the public CA PEMs that were used to sign the txtKey txKey: is the public key that is send over the wire. compressionType: is packed with the secrets to indicate compression.
func (*CompactPKI) AckSize ¶
func (p *CompactPKI) AckSize() uint32
AckSize returns the default size of an ACK packet
func (*CompactPKI) EncodingKey ¶
func (p *CompactPKI) EncodingKey() interface{}
EncodingKey returns the private key
func (*CompactPKI) KeyAndClaims ¶
KeyAndClaims returns both the key and any attributes associated with the public key.
func (*CompactPKI) PublicKey ¶
func (p *CompactPKI) PublicKey() interface{}
PublicKey returns the public key
func (*CompactPKI) PublicSecrets ¶
func (p *CompactPKI) PublicSecrets() PublicSecrets
PublicSecrets returns the secrets that are marshallable over the RPC interface.
func (*CompactPKI) TransmittedKey ¶
func (p *CompactPKI) TransmittedKey() []byte
TransmittedKey returns the PEM of the public key in the case of PKI if there is no certificate cache configured
func (*CompactPKI) Type ¶
func (p *CompactPKI) Type() PrivateSecretsType
Type implements the interface Secrets
type CompactPKIPublicSecrets ¶
type CompactPKIPublicSecrets struct { Type PrivateSecretsType Key []byte Certificate []byte CA []byte TokenCAs [][]byte Token []byte Compressed claimsheader.CompressionType }
CompactPKIPublicSecrets includes all the secrets that can be transmitted over the RPC interface.
func (*CompactPKIPublicSecrets) CertAuthority ¶
func (p *CompactPKIPublicSecrets) CertAuthority() []byte
CertAuthority returns the cert authority
func (*CompactPKIPublicSecrets) SecretsType ¶
func (p *CompactPKIPublicSecrets) SecretsType() PrivateSecretsType
SecretsType returns the type of secrets.
type ControllerInfo ¶
type ControllerInfo struct { // PublicKey is the public key for a controller which is used to verify the public token // that that is transmitted over the wire. These were used to sign the txtKey. PublicKey []byte // Controller is information for a given controller. Controller *pkiverifier.PKIControllerInfo }
ControllerInfo holds information about public keys
type LockedSecrets ¶
type LockedSecrets interface {
Secrets() (Secrets, func())
}
LockedSecrets provides a way to use secrets where shared read access is required. The user becomes responsible for unlocking when done using them. The implementation should lock the access to secrets for reading, and pass down the function for unlocking.
type NullPKI ¶
NullPKI holds all PKI information
func NewNullPKI ¶
NewNullPKI creates new secrets for PKI implementation based on compact encoding
func (*NullPKI) EncodingKey ¶
func (p *NullPKI) EncodingKey() interface{}
EncodingKey returns the private key
func (*NullPKI) KeyAndClaims ¶
KeyAndClaims returns both the key and any attributes associated with the public key.
func (*NullPKI) PublicKey ¶
func (p *NullPKI) PublicKey() interface{}
PublicKey returns nil in this case
func (*NullPKI) PublicSecrets ¶
func (p *NullPKI) PublicSecrets() PublicSecrets
PublicSecrets returns the secrets that are marshallable over the RPC interface.
func (*NullPKI) TransmittedKey ¶
TransmittedKey returns the PEM of the public key in the case of PKI if there is no certificate cache configured
type NullPublicSecrets ¶
type NullPublicSecrets struct {
Type PrivateSecretsType
}
NullPublicSecrets includes all the secrets that can be transmitted over the RPC interface.
func (*NullPublicSecrets) CertAuthority ¶
func (p *NullPublicSecrets) CertAuthority() []byte
CertAuthority returns the cert authority - N/A to PSK
func (*NullPublicSecrets) SecretsType ¶
func (p *NullPublicSecrets) SecretsType() PrivateSecretsType
SecretsType returns the type of secrets.
type PublicKeyAdder ¶
type PublicKeyAdder interface { // PublicKeyAdd adds the given cert for the given host. PublicKeyAdd(host string, cert []byte) error }
PublicKeyAdder register a publicKey for a Node.
type RPCSecrets ¶
type RPCSecrets struct { Key []byte Certificate []byte CA []byte TrustedControllers []*ControllerInfo Token []byte Compressed claimsheader.CompressionType }
RPCSecrets includes all the secrets that can be transmitted over the RPC interface.
type Secrets ¶
type Secrets interface { // EncodingKey returns the key used to encode the tokens. EncodingKey() interface{} // PublicKey returns the public ket of the secrets. PublicKey() interface{} // CertAuthority returns the CA CertAuthority() []byte // TransmittedKey returns the public key as a byte slice and as it is transmitted // on the wire. TransmittedKey() []byte // KeyAndClaims will verify the public key and return any claims that are part of the key. KeyAndClaims(pkey []byte) (interface{}, []string, time.Time, *pkiverifier.PKIControllerInfo, error) // AckSize calculates the size of the ACK packet based on the keys. AckSize() uint32 // RPCSecrets returns the PEM formated secrets to be transmitted over the RPC interface. RPCSecrets() RPCSecrets }
Secrets is an interface implementing secrets
func CreateCompactPKITestSecrets ¶
func CreateCompactPKITestSecrets() (*x509.Certificate, Secrets, error)
CreateCompactPKITestSecrets creates test secrets
Directories ¶
Path | Synopsis |
---|---|
Package mocksecrets is a generated GoMock package.
|
Package mocksecrets is a generated GoMock package. |