secure

package
v1.3.2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Sep 5, 2019 License: Apache-2.0 Imports: 14 Imported by: 0

Documentation

Overview

Package secure contains the security types common to WebPA applications

Index

Constants

View Source 
const (
	JWTValidationReasonCounter = "jwt_validation_reason"
	NBFHistogram               = "jwt_from_nbf_seconds"
	EXPHistogram               = "jwt_from_exp_seconds"
)

Names for our metrics

View Source 
const (
	AuthorizationHeader string    = "Authorization"
	Invalid             TokenType = "!! INVALID !!"
	Basic               TokenType = "Basic"
	Bearer              TokenType = "Bearer"
	Digest              TokenType = "Digest"

	Untrusted = "0"
)

Variables

View Source 
var (
	ErrorNoProtectedHeader = errors.New("Missing protected header")
	ErrorNoSigningMethod   = errors.New("Signing method (alg) is missing or unrecognized")
)

Functions

func Metrics 

func Metrics() []xmetrics.Metric

Metrics returns the Metrics relevant to this package

Types

type ExactMatchValidator 

type ExactMatchValidator string

ExactMatchValidator simply matches a token's value (exluding the prefix, such as "Basic"), to a string.

func (ExactMatchValidator) Validate 

func (v ExactMatchValidator) Validate(ctx context.Context, token *Token) (bool, error)

type JWSParser 

type JWSParser interface {
	ParseJWS(*Token) (jws.JWS, error)
}

JWSParser parses raw Tokens into JWS objects 

var DefaultJWSParser JWSParser = defaultJWSParser(0)

DefaultJWSParser is the parser implementation that simply delegates to the SermoDigital library's jws.ParseJWT function.

type JWSValidator 

type JWSValidator struct {
	DefaultKeyId  string
	Resolver      key.Resolver
	Parser        JWSParser
	JWTValidators []*jwt.Validator
	// contains filtered or unexported fields
}

JWSValidator provides validation for JWT tokens encoded as JWS.

func (*JWSValidator) DefineMeasures 

func (v *JWSValidator) DefineMeasures(m *JWTValidationMeasures)

DefineMeasures defines the metrics tool used by JWSValidator

func (JWSValidator) Validate 

func (v JWSValidator) Validate(ctx context.Context, token *Token) (valid bool, err error)

type JWTValidationMeasures 

type JWTValidationMeasures struct {
	NBFHistogram     *gokitprometheus.Histogram
	ExpHistogram     *gokitprometheus.Histogram
	ValidationReason metrics.Counter
}

JWTValidationMeasures describes the defined metrics that will be used by clients

func NewJWTValidationMeasures 

func NewJWTValidationMeasures(r xmetrics.Registry) *JWTValidationMeasures

NewJWTValidationMeasures realizes desired metrics

type JWTValidatorFactory 

type JWTValidatorFactory struct {
	Expected  jwt.Claims `json:"expected"`
	ExpLeeway int        `json:"expLeeway"`
	NbfLeeway int        `json:"nbfLeeway"`
	// contains filtered or unexported fields
}

JWTValidatorFactory is a configurable factory for *jwt.Validator instances

func (*JWTValidatorFactory) DefineMeasures 

func (f *JWTValidatorFactory) DefineMeasures(m *JWTValidationMeasures)

DefineMeasures helps establish the metrics tools

func (*JWTValidatorFactory) New 

func (f *JWTValidatorFactory) New(custom ...jwt.ValidateFunc) *jwt.Validator

New returns a jwt.Validator using the configuration expected claims (if any) and a validator function that checks the exp and nbf claims.

The SermoDigital library doesn't appear to do anything with the EXP and NBF members of jwt.Validator, but this Factory Method populates them anyway.

type MockValidator 

type MockValidator struct {
	mock.Mock
}

MockValidator is a stretchr mock, exposed for use by other packages

func (*MockValidator) Validate 

func (v *MockValidator) Validate(ctx context.Context, token *Token) (bool, error)

type Token 

type Token struct {
	// contains filtered or unexported fields
}

Token is the result of parsing an authorization string

func NewToken 

func NewToken(request *http.Request) (*Token, error)

NewToken extracts the Authorization from the request and returns the Token that results from parsing that header's value. If no Authorization header exists, this function returns nil with no error.

func ParseAuthorization 

func ParseAuthorization(value string) (*Token, error)

ParseAuthorization parses the raw Authorization string and returns a Token.

func (*Token) Bytes 

func (t *Token) Bytes() []byte

func (*Token) String 

func (t *Token) String() string

String returns an on-the-wire representation of this token, suitable for placing into an Authorization header.

func (*Token) Trust 

func (t *Token) Trust() string

func (*Token) Type 

func (t *Token) Type() TokenType

Type returns the type discriminator for this token. Note that the functions in this package will never create a Token with an Invalid type.

func (*Token) Value 

func (t *Token) Value() string

type TokenType 

type TokenType string

TokenType is a discriminator for the contents of a secure token.

func ParseTokenType 

func ParseTokenType(value string) (TokenType, error)

ParseTokenType returns the TokenType corresponding to a string. This function is case-insensitive.

type Validator 

type Validator interface {
	// Validate asserts that the given token is valid, most often verifying
	// the credentials in the token.  A separate error is returned to indicate
	// any problems during validation, such as the inability to access a network resource.
	// In general, the contract of this method is that a Token passes validation
	// if and only if it returns BOTH true and a nil error.
	Validate(context.Context, *Token) (bool, error)
}

Validator describes the behavior of a type which can validate tokens

type ValidatorFunc 

type ValidatorFunc func(context.Context, *Token) (bool, error)

ValidatorFunc is a function type that implements Validator

func (ValidatorFunc) Validate 

func (v ValidatorFunc) Validate(ctx context.Context, token *Token) (bool, error)

type Validators 

type Validators []Validator

Validators is an aggregate Validator. A Validators instance considers a token valid if any of its validators considers it valid. An empty Validators rejects all tokens.

func (Validators) Validate 

func (v Validators) Validate(ctx context.Context, token *Token) (valid bool, err error)

Source Files

View all Source files

Directories

Path Synopsis
Package key provides a simple API for loading public and private keys from resources.
 Package key provides a simple API for loading public and private keys from resources.
tools
cmd/jwt
cmd/keyserver

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.