secrets

package
v2.0.0+incompatible Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Apr 30, 2018 License: Apache-2.0 Imports: 8 Imported by: 13

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type CompactPKI

type CompactPKI struct {
	PrivateKeyPEM []byte
	PublicKeyPEM  []byte
	AuthorityPEM  []byte
	TokenKeyPEMs  [][]byte
	// contains filtered or unexported fields
}

CompactPKI holds all PKI information

func NewCompactPKI

func NewCompactPKI(keyPEM []byte, certPEM []byte, caPEM []byte, txKey []byte) (*CompactPKI, error)

NewCompactPKI creates new secrets for PKI implementation based on compact encoding

func NewCompactPKIWithTokenCA

func NewCompactPKIWithTokenCA(keyPEM []byte, certPEM []byte, caPEM []byte, tokenKeyPEMs [][]byte, txKey []byte) (*CompactPKI, error)

NewCompactPKIWithTokenCA creates new secrets for PKI implementation based on compact encoding

func (*CompactPKI) AckSize

func (p *CompactPKI) AckSize() uint32

AckSize returns the default size of an ACK packet

func (*CompactPKI) AuthPEM

func (p *CompactPKI) AuthPEM() []byte

AuthPEM returns the Certificate Authority PEM

func (*CompactPKI) DecodingKey

func (p *CompactPKI) DecodingKey(server string, ackKey interface{}, prevKey interface{}) (interface{}, error)

DecodingKey returns the public key

func (*CompactPKI) EncodingKey

func (p *CompactPKI) EncodingKey() interface{}

EncodingKey returns the private key

func (*CompactPKI) EncodingPEM

func (p *CompactPKI) EncodingPEM() []byte

EncodingPEM returns the certificate PEM that is used for encoding

func (*CompactPKI) PublicKey

func (p *CompactPKI) PublicKey() interface{}

PublicKey returns the public key

func (*CompactPKI) PublicSecrets

func (p *CompactPKI) PublicSecrets() PublicSecrets

PublicSecrets returns the secrets that are marshallable over the RPC interface.

func (*CompactPKI) TokenPEMs

func (p *CompactPKI) TokenPEMs() [][]byte

TokenPEMs returns the Token Certificate Authorities

func (*CompactPKI) TransmittedKey

func (p *CompactPKI) TransmittedKey() []byte

TransmittedKey returns the PEM of the public key in the case of PKI if there is no certificate cache configured

func (*CompactPKI) TransmittedPEM

func (p *CompactPKI) TransmittedPEM() []byte

TransmittedPEM returns the PEM certificate that is transmitted

func (*CompactPKI) Type

func (p *CompactPKI) Type() PrivateSecretsType

Type implements the interface Secrets

func (*CompactPKI) VerifyPublicKey

func (p *CompactPKI) VerifyPublicKey(pkey []byte) (interface{}, error)

VerifyPublicKey verifies if the inband public key is correct.

type CompactPKIPublicSecrets

type CompactPKIPublicSecrets struct {
	Type        PrivateSecretsType
	Key         []byte
	Certificate []byte
	CA          []byte
	TokenCAs    [][]byte
	Token       []byte
}

CompactPKIPublicSecrets includes all the secrets that can be transmitted over the RPC interface.

func (*CompactPKIPublicSecrets) CertAuthority

func (p *CompactPKIPublicSecrets) CertAuthority() []byte

CertAuthority returns the cert authority

func (*CompactPKIPublicSecrets) SecretsType

SecretsType returns the type of secrets.

type NullPKI

type NullPKI struct {
	PrivateKeyPEM []byte
	PublicKeyPEM  []byte
	AuthorityPEM  []byte
}

NullPKI holds all PKI information

func NewNullPKI

func NewNullPKI(keyPEM, certPEM, caPEM []byte) (*NullPKI, error)

NewNullPKI creates new secrets for PKI implementation based on compact encoding

func (*NullPKI) AckSize

func (p *NullPKI) AckSize() uint32

AckSize returns the default size of an ACK packet

func (*NullPKI) AuthPEM

func (p *NullPKI) AuthPEM() []byte

AuthPEM returns the Certificate Authority PEM

func (*NullPKI) DecodingKey

func (p *NullPKI) DecodingKey(server string, ackKey interface{}, prevKey interface{}) (interface{}, error)

DecodingKey returns the public key

func (*NullPKI) EncodingKey

func (p *NullPKI) EncodingKey() interface{}

EncodingKey returns the private key

func (*NullPKI) EncodingPEM

func (p *NullPKI) EncodingPEM() []byte

EncodingPEM returns the certificate PEM that is used for encoding

func (*NullPKI) PublicKey

func (p *NullPKI) PublicKey() interface{}

PublicKey returns nil in this case

func (*NullPKI) PublicSecrets

func (p *NullPKI) PublicSecrets() PublicSecrets

PublicSecrets returns the secrets that are marshallable over the RPC interface.

func (*NullPKI) TransmittedKey

func (p *NullPKI) TransmittedKey() []byte

TransmittedKey returns the PEM of the public key in the case of PKI if there is no certificate cache configured

func (*NullPKI) TransmittedPEM

func (p *NullPKI) TransmittedPEM() []byte

TransmittedPEM returns the PEM certificate that is transmitted

func (*NullPKI) Type

func (p *NullPKI) Type() PrivateSecretsType

Type implements the interface Secrets

func (*NullPKI) VerifyPublicKey

func (p *NullPKI) VerifyPublicKey(pkey []byte) (interface{}, error)

VerifyPublicKey verifies if the inband public key is correct.

type NullPublicSecrets

type NullPublicSecrets struct {
	Type PrivateSecretsType
}

NullPublicSecrets includes all the secrets that can be transmitted over the RPC interface.

func (*NullPublicSecrets) CertAuthority

func (p *NullPublicSecrets) CertAuthority() []byte

CertAuthority returns the cert authority - N/A to PSK

func (*NullPublicSecrets) SecretsType

func (p *NullPublicSecrets) SecretsType() PrivateSecretsType

SecretsType returns the type of secrets.

type PKIPublicSecrets

type PKIPublicSecrets struct {
	Type        PrivateSecretsType
	Key         []byte
	Certificate []byte
	CA          []byte
}

PKIPublicSecrets includes all the secrets that can be transmitted over the RPC interface.

func (*PKIPublicSecrets) CertAuthority

func (p *PKIPublicSecrets) CertAuthority() []byte

CertAuthority returns the cert authority

func (*PKIPublicSecrets) SecretsType

func (p *PKIPublicSecrets) SecretsType() PrivateSecretsType

SecretsType returns the type of secrets.

type PKISecrets

type PKISecrets struct {
	PrivateKeyPEM    []byte
	PublicKeyPEM     []byte
	AuthorityPEM     []byte
	CertificateCache map[string]*ecdsa.PublicKey
	// contains filtered or unexported fields
}

PKISecrets holds all PKI information

func NewPKISecrets

func NewPKISecrets(keyPEM, certPEM, caPEM []byte, certCache map[string]*ecdsa.PublicKey) (*PKISecrets, error)

NewPKISecrets creates new secrets for PKI implementations

func (*PKISecrets) AckSize

func (p *PKISecrets) AckSize() uint32

AckSize returns the default size of an ACK packet

func (*PKISecrets) AuthPEM

func (p *PKISecrets) AuthPEM() []byte

AuthPEM returns the Certificate Authority PEM

func (*PKISecrets) DecodingKey

func (p *PKISecrets) DecodingKey(server string, ackCert interface{}, prevCert interface{}) (interface{}, error)

DecodingKey returns the public key

func (*PKISecrets) EncodingKey

func (p *PKISecrets) EncodingKey() interface{}

EncodingKey returns the private key

func (*PKISecrets) EncodingPEM

func (p *PKISecrets) EncodingPEM() []byte

EncodingPEM returns the certificate PEM that is used for encoding

func (*PKISecrets) PublicKey

func (p *PKISecrets) PublicKey() interface{}

PublicKey returns the public key

func (*PKISecrets) PublicKeyAdd

func (p *PKISecrets) PublicKeyAdd(host string, newCert []byte) error

PublicKeyAdd validates the parameter certificate. If valid, the corresponding key is added in the PublicKeyCache. If Invalid, an error is returned.

func (*PKISecrets) PublicSecrets

func (p *PKISecrets) PublicSecrets() PublicSecrets

PublicSecrets returns the secrets that are marshallable over the RPC interface.

func (*PKISecrets) TransmittedKey

func (p *PKISecrets) TransmittedKey() []byte

TransmittedKey returns the PEM of the public key in the case of PKI if there is no certificate cache configured

func (*PKISecrets) TransmittedPEM

func (p *PKISecrets) TransmittedPEM() []byte

TransmittedPEM returns the PEM certificate that is transmitted

func (*PKISecrets) Type

func (p *PKISecrets) Type() PrivateSecretsType

Type implements the interface Secrets

func (*PKISecrets) VerifyPublicKey

func (p *PKISecrets) VerifyPublicKey(pkey []byte) (interface{}, error)

VerifyPublicKey verifies if the inband public key is correct.

type PSKPublicSecrets

type PSKPublicSecrets struct {
	Type      PrivateSecretsType
	SharedKey []byte
}

PSKPublicSecrets includes all the secrets that can be transmitted over the RPC interface.

func (*PSKPublicSecrets) CertAuthority

func (p *PSKPublicSecrets) CertAuthority() []byte

CertAuthority returns the cert authority - N/A to PSK

func (*PSKPublicSecrets) SecretsType

func (p *PSKPublicSecrets) SecretsType() PrivateSecretsType

SecretsType returns the type of secrets.

type PSKSecrets

type PSKSecrets struct {
	SharedKey []byte
}

PSKSecrets holds the shared key.

func NewPSKSecrets

func NewPSKSecrets(psk []byte) *PSKSecrets

NewPSKSecrets creates new PSK Secrets.

func (*PSKSecrets) AckSize

func (p *PSKSecrets) AckSize() uint32

AckSize returns the expected size of ack packets.

func (*PSKSecrets) AuthPEM

func (p *PSKSecrets) AuthPEM() []byte

AuthPEM returns the Certificate Authority PEM.

func (*PSKSecrets) DecodingKey

func (p *PSKSecrets) DecodingKey(server string, ackCert, prevCert interface{}) (interface{}, error)

DecodingKey returns the preshared key.

func (*PSKSecrets) EncodingKey

func (p *PSKSecrets) EncodingKey() interface{}

EncodingKey returns the pre-shared key.

func (*PSKSecrets) EncodingPEM

func (p *PSKSecrets) EncodingPEM() []byte

EncodingPEM returns the certificate PEM that is used for encoding.

func (*PSKSecrets) PublicKey

func (p *PSKSecrets) PublicKey() interface{}

PublicKey returns the public key

func (*PSKSecrets) PublicSecrets

func (p *PSKSecrets) PublicSecrets() PublicSecrets

PublicSecrets returns the secrets that are marshallable over the RPC interface.

func (*PSKSecrets) TransmittedKey

func (p *PSKSecrets) TransmittedKey() []byte

TransmittedKey returns nil in the case of pre-shared key.

func (*PSKSecrets) TransmittedPEM

func (p *PSKSecrets) TransmittedPEM() []byte

TransmittedPEM returns the PEM certificate that is transmitted.

func (*PSKSecrets) Type

func (p *PSKSecrets) Type() PrivateSecretsType

Type implements the Secrets interface.

func (*PSKSecrets) VerifyPublicKey

func (p *PSKSecrets) VerifyPublicKey(pkey []byte) (interface{}, error)

VerifyPublicKey always returns nil for pre-shared secrets.

type PrivateSecretsType

type PrivateSecretsType int

PrivateSecretsType identifies the different secrets that are supported

const (
	// PKIType  for asymmetric signing
	PKIType PrivateSecretsType = iota
	// PSKType  for symetric signing
	PSKType
	// PKICompactType is for asymetric signing using compact JWTs on the wire
	PKICompactType
	// PKINull is for debugging
	PKINull
)

type PublicKeyAdder

type PublicKeyAdder interface {

	// PublicKeyAdd adds the given cert for the given host.
	PublicKeyAdd(host string, cert []byte) error
}

PublicKeyAdder register a publicKey for a Node.

type PublicSecrets

type PublicSecrets interface {
	SecretsType() PrivateSecretsType
	CertAuthority() []byte
}

PublicSecrets is an interface of the data structures of the secrets that can be transmitted over the RPC interface to the remotes.

type Secrets

type Secrets interface {
	// Type must return the type of the secrets as defined in the PrivateSecretsType
	Type() PrivateSecretsType
	// EncodingKey returns the key used to encode the tokens.
	EncodingKey() interface{}
	// DecodingKey is the key used to decode the tokens.
	DecodingKey(server string, ackCert, prevCert interface{}) (interface{}, error)
	// PublicKey returns the public ket of the secrets.
	PublicKey() interface{}
	// TransmittedKey returns the public key as a byte slice and as it is transmitted
	// on the wire.
	TransmittedKey() []byte
	// VerifyPublicKey will verify a public key and whether it is signed by a trusted
	// authority.
	VerifyPublicKey(pkey []byte) (interface{}, error)
	// AckSize calculates the size of the ACK packet based on the keys.
	AckSize() uint32
	// PublicSecrets returns the PEM formated secrets to be transmitted over the RPC interface.
	PublicSecrets() PublicSecrets
}

Secrets is an interface implementing secrets

func NewSecrets

func NewSecrets(s PublicSecrets) (Secrets, error)

NewSecrets creates a new set of secrets based on the type.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL