Documentation ¶
Index ¶
- Constants
- Variables
- type Authorization
- type AuthorizationDB
- func (authDB *AuthorizationDB) Claim(opts *ClaimOpts) error
- func (authDB *AuthorizationDB) Close() error
- func (authDB *AuthorizationDB) Create(userID string, count int) (Authorizations, error)
- func (authDB *AuthorizationDB) Get(userID string) (Authorizations, error)
- func (authDB *AuthorizationDB) List() (auths Authorizations, err error)
- func (authDB *AuthorizationDB) Unclaim(authToken string) error
- func (authDB *AuthorizationDB) UserIDs() (userIDs []string, err error)
- type Authorizations
- type CertClientConfig
- type CertServerConfig
- type CertificateSigner
- type Claim
- type ClaimOpts
- type Client
- type Token
Constants ¶
const ( // AuthorizationsBucket is the bucket used with a bolt-backed authorizations DB. AuthorizationsBucket = "authorizations" // MaxClaimDelaySeconds is the max duration in seconds in the past or // future that a claim timestamp is allowed to have and still be valid. MaxClaimDelaySeconds = 15 )
Variables ¶
var ( // ErrAuthorization is used when an error occurs involving an authorization. ErrAuthorization = errs.Class("authorization error") // ErrAuthorizationDB is used when an error occurs involving the authorization database. ErrAuthorizationDB = errs.Class("authorization db error") // ErrInvalidToken is used when a token is invalid ErrInvalidToken = errs.Class("invalid token error") // ErrAuthorizationCount is used when attempting to create an invalid number of authorizations. ErrAuthorizationCount = ErrAuthorizationDB.New("cannot add less than one authorizations") )
Functions ¶
This section is empty.
Types ¶
type Authorization ¶
Authorization represents a single-use authorization token and its status
func NewAuthorization ¶
func NewAuthorization(userID string) (*Authorization, error)
NewAuthorization creates a new, unclaimed authorization with a random token value
func (Authorization) String ¶
func (a Authorization) String() string
String implements the stringer interface and prevents authorization data from completely leaking into logs and errors.
type AuthorizationDB ¶
type AuthorizationDB struct {
DB storage.KeyValueStore
}
AuthorizationDB stores authorizations which may be claimed in exchange for a certificate signature.
func (*AuthorizationDB) Claim ¶
func (authDB *AuthorizationDB) Claim(opts *ClaimOpts) error
Claim marks an authorization as claimed and records claim information.
func (*AuthorizationDB) Close ¶
func (authDB *AuthorizationDB) Close() error
Close closes the authorization database's underlying store.
func (*AuthorizationDB) Create ¶
func (authDB *AuthorizationDB) Create(userID string, count int) (Authorizations, error)
Create creates a new authorization and adds it to the authorization database.
func (*AuthorizationDB) Get ¶
func (authDB *AuthorizationDB) Get(userID string) (Authorizations, error)
Get retrieves authorizations by user ID.
func (*AuthorizationDB) List ¶
func (authDB *AuthorizationDB) List() (auths Authorizations, err error)
List returns all authorizations in the database.
func (*AuthorizationDB) Unclaim ¶
func (authDB *AuthorizationDB) Unclaim(authToken string) error
Unclaim removes a claim from an authorization.
func (*AuthorizationDB) UserIDs ¶
func (authDB *AuthorizationDB) UserIDs() (userIDs []string, err error)
UserIDs returns a list of all userIDs present in the authorization database.
type Authorizations ¶
type Authorizations []*Authorization
Authorizations is a slice of authorizations for convenient de/serialization and grouping.
func (Authorizations) Group ¶
func (a Authorizations) Group() (claimed, open Authorizations)
Group separates a set of authorizations into a set of claimed and a set of open authorizations.
func (Authorizations) Marshal ¶
func (a Authorizations) Marshal() ([]byte, error)
Marshal serializes a set of authorizations
func (*Authorizations) Unmarshal ¶
func (a *Authorizations) Unmarshal(data []byte) error
Unmarshal deserializes a set of authorizations
type CertClientConfig ¶
type CertClientConfig struct { Address string `help:"address of the certificate signing rpc service"` TLS tlsopts.Config }
CertClientConfig is a config struct for use with a certificate signing service client
func (CertClientConfig) Sign ¶
func (c CertClientConfig) Sign(ctx context.Context, ident *identity.FullIdentity, authToken string) ([][]byte, error)
Sign submits a certificate signing request given the config
type CertServerConfig ¶
type CertServerConfig struct { Overwrite bool `default:"false" help:"if true, overwrites config AND authorization db is truncated" setup:"true"` AuthorizationDBURL string `default:"bolt://$CONFDIR/authorizations.db" help:"url to the certificate signing authorization database"` MinDifficulty uint `default:"30" help:"minimum difficulty of the requester's identity required to claim an authorization"` CA identity.FullCAConfig }
CertServerConfig is a config struct for use with a certificate signing service server
func (CertServerConfig) NewAuthDB ¶
func (c CertServerConfig) NewAuthDB() (*AuthorizationDB, error)
NewAuthDB creates or opens the authorization database specified by the config
type CertificateSigner ¶
type CertificateSigner struct {
// contains filtered or unexported fields
}
CertificateSigner implements pb.CertificatesServer
func NewServer ¶
func NewServer(log *zap.Logger, signer *identity.FullCertificateAuthority, authDB *AuthorizationDB, minDifficulty uint16) *CertificateSigner
NewServer creates a new certificate signing grpc server
func (CertificateSigner) Sign ¶
func (c CertificateSigner) Sign(ctx context.Context, req *pb.SigningRequest) (*pb.SigningResponse, error)
Sign signs the CA certificate of the remote peer's identity with the signer's certificate. Returns a certificate chain consisting of the remote peer's CA followed by the signer's chain.
type Claim ¶
type Claim struct { Addr string Timestamp int64 Identity *identity.PeerIdentity SignedChainBytes [][]byte }
Claim holds information about the circumstances under which an authorization token was claimed.
type ClaimOpts ¶
type ClaimOpts struct { Req *pb.SigningRequest Peer *peer.Peer ChainBytes [][]byte MinDifficulty uint16 }
ClaimOpts hold parameters for claiming an authorization
type Client ¶
type Client struct {
// contains filtered or unexported fields
}
Client implements pb.CertificateClient
func NewClientFrom ¶
func NewClientFrom(client pb.CertificatesClient) (*Client, error)
NewClientFrom creates a new certificate signing grpc client from an existing grpc cert signing client
type Token ¶
type Token struct { // NB: currently email address for convenience UserID string Data [tokenDataLength]byte }
Token is a userID and a random byte array, when serialized, can be used like a pre-shared key for claiming certificate signatures.
func ParseToken ¶
ParseToken splits the token string on the delimiter to get a userID and data for a token and base58 decodes the data.