Documentation
¶
Index ¶
- type BatchSigningPublicKey
- type BatchSigningPublicKeys
- type DataShareProcessorSpecificManifest
- func (m DataShareProcessorSpecificManifest) Diff(o DataShareProcessorSpecificManifest) string
- func (m DataShareProcessorSpecificManifest) Equal(o DataShareProcessorSpecificManifest) bool
- func (m DataShareProcessorSpecificManifest) UpdateKeys(cfg UpdateKeysConfig) (DataShareProcessorSpecificManifest, error)
- type IngestorGlobalManifest
- type PacketEncryptionCertificate
- type PacketEncryptionKeyCSRs
- type ServerIdentity
- type UpdateKeysConfig
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type BatchSigningPublicKey ¶
type BatchSigningPublicKey struct {
// PublicKey is the PEM armored base64 encoding of the ASN.1 encoding of the
// PKIX SubjectPublicKeyInfo structure. It must be an ECDSA P256 key.
PublicKey string `json:"public-key"`
// Expiration is the ISO 8601 encoded UTC date at which this key expires.
Expiration string `json:"expiration"`
}
BatchSigningPublicKey represents a public key used for batch signing.
type BatchSigningPublicKeys ¶
type BatchSigningPublicKeys map[string]BatchSigningPublicKey
func (BatchSigningPublicKeys) Equal ¶
func (b BatchSigningPublicKeys) Equal(o BatchSigningPublicKeys) bool
type DataShareProcessorSpecificManifest ¶
type DataShareProcessorSpecificManifest struct {
Format int64 `json:"format"`
// when an aws s3 ingestion server is used
IngestionIdentity string `json:"ingestion-identity,omitempty"`
// processor which owns the manifest reads ingestion batches from.
IngestionBucket string `json:"ingestion-bucket"`
// assumed by peers to write to the PeerValidationBucket
PeerValidationIdentity string `json:"peer-validation-identity,omitempty"`
// processor which owns the manifest reads peer validation batches from.
PeerValidationBucket string `json:"peer-validation-bucket"`
// These are the keys that peers reading batches emitted by this data share
// processor use to verify signatures.
BatchSigningPublicKeys BatchSigningPublicKeys `json:"batch-signing-public-keys"`
// The values are PEM encoded PKCS#10 self signed certificate signing
// request, which contain the public key corresponding to the ECDSA P256
// private key that the data share processor which owns the manifest uses to
// decrypt ingestion share packets.
PacketEncryptionKeyCSRs PacketEncryptionKeyCSRs `json:"packet-encryption-keys"`
}
DataShareProcessorSpecificManifest represents the manifest file advertised by a data share processor. See the design document for the full specification. https://docs.google.com/document/d/1MdfM3QT63ISU70l63bwzTrxr93Z7Tv7EDjLfammzo6Q/edit#heading=h.3j8dgxqo5h68
func (DataShareProcessorSpecificManifest) Diff ¶
func (m DataShareProcessorSpecificManifest) Diff(o DataShareProcessorSpecificManifest) string
Diff returns a human-readable string describing the differences from the given `o` to this manifest, suitable for logging. Diff returns the empty string if and only if the two keys are equal.
func (DataShareProcessorSpecificManifest) Equal ¶
func (m DataShareProcessorSpecificManifest) Equal(o DataShareProcessorSpecificManifest) bool
Equal returns true if and only if this manifest is equal to the given manifest.
func (DataShareProcessorSpecificManifest) UpdateKeys ¶
func (m DataShareProcessorSpecificManifest) UpdateKeys(cfg UpdateKeysConfig) (DataShareProcessorSpecificManifest, error)
type IngestorGlobalManifest ¶
type IngestorGlobalManifest struct {
// Format is the version of the manifest.
Format int64 `json:"format"`
// ServerIdentity represents the server identity for the advertising party
// of the manifest.
ServerIdentity ServerIdentity `json:"server-identity"`
// BatchSigningPublicKeys maps key identifiers to batch signing public keys.
// These are the keys that will be used by the ingestion server advertising
// this manifest to sign ingestion batches.
BatchSigningPublicKeys BatchSigningPublicKeys `json:"batch-signing-public-keys"`
}
IngestorGlobalManifest represents the global manifest file for an ingestor.
type PacketEncryptionCertificate ¶
type PacketEncryptionCertificate struct {
// CertificateSigningRequest is the PEM armored PKCS#10 CSR
CertificateSigningRequest string `json:"certificate-signing-request"`
}
PacketEncryptionCertificate represents a certificate containing a public key used for packet encryption.
type PacketEncryptionKeyCSRs ¶
type PacketEncryptionKeyCSRs map[string]PacketEncryptionCertificate
func (PacketEncryptionKeyCSRs) Equal ¶
func (p PacketEncryptionKeyCSRs) Equal(o PacketEncryptionKeyCSRs) bool
type ServerIdentity ¶
type ServerIdentity struct {
// AWSIamEntity is ARN of user or role - apple only
AWSIamEntity string `json:"aws-iam-entity"`
// GCPServiceAccountID is the numeric unique service account ID
GCPServiceAccountID string `json:"gcp-service-account-id"`
// GCPServiceAccountEmail is the email address of the gcp service account
GCPServiceAccountEmail string `json:"gcp-service-account-email"`
}
ServerIdentity represents the server identity for the advertising party of the manifest.
type UpdateKeysConfig ¶
type UpdateKeysConfig struct {
BatchSigningKey key.Key // the key used for batch signing operations
BatchSigningKeyIDPrefix string // the key ID prefix to use for batch signing keys
PacketEncryptionKey key.Key // the key used for packet encryption operations
PacketEncryptionKeyIDPrefix string // the key ID prefix to use for packet encryption keys
PacketEncryptionKeyCSRFQDN string // the FQDN to specify for packet encryption key CSRs
SkipPreUpdateValidations bool // if set, do not perform pre-update validation checks
SkipPostUpdateValidations bool // if set, do not perform post-update validation checks
}
UpdateKeysConfig configures an UpdateKeys operation.
func (UpdateKeysConfig) Validate ¶
func (cfg UpdateKeysConfig) Validate() error
Source Files
Click to show internal directories.
Click to hide internal directories.