Documentation ¶
Index ¶
- Constants
- Variables
- func ContainsString(list []string, value string) bool
- func EncodeToString(src []byte) string
- func EncodeUint64ToString(v uint64) string
- func GenerateRSAKeyPair(keySize ...int) ([]byte, []byte, error)
- func GetJwtFromRequest(r *http.Request, cookieName string) (string, error)
- func ParseRS256(publicKeyPEM []byte, tokenString string) (*jwt.Token, error)
- func SignRS256WithClaims(privateKeyPEM []byte, claims jwt.MapClaims, header map[string]interface{}) (string, error)
- func UniqueStringList(list []string) []string
- type JSONWebKey
- type JSONWebKeySet
- type LogFunc
- type Node
- func (c *Node) BreakTrust(grantorAddr string) error
- func (c *Node) EnsureKeyPair(issuer string, rotate bool) (*types.KeyPair, error)
- func (c *Node) GenerateJWKS() (*JSONWebKeySet, error)
- func (c *Node) ListKeyPairs() ([]*types.KeyPair, error)
- func (c *Node) ListTrustGrantTokens() ([]*types.TrustGrantToken, error)
- func (c *Node) ListTrusts() ([]*types.Trust, error)
- func (c *Node) NewGrantToken(issuer string) (*types.TrustGrantToken, error)
- func (c *Node) NewKeyPair(issuer string, rotateIfExists bool) (*types.KeyPair, error)
- func (c *Node) NewNotification(topic, event, data string) *types.Notification
- func (c *Node) RefreshAllTrusts() error
- func (c *Node) RequestTrust(issuer, grantorAddr, grantToken string) error
- func (c *Node) RotateKeyPair(issuer string) error
- func (c *Node) Serve() error
- func (c *Node) Sign(claims jwt.MapClaims, ttl ...int) (string, error)
- func (c *Node) Verify(tokenString string) (*jwt.Token, error)
- type NodeOptions
- type NodeRPC
- func (c *NodeRPC) BreakTrust(tokenString *string, reply *bool) error
- func (c *NodeRPC) GetJWK(keyID *string, reply *JSONWebKey) error
- func (c *NodeRPC) GrantTrust(request *types.TrustRequest, reply *bool) error
- func (c *NodeRPC) IssueGrantToken(tokenString *string, reply *types.TrustGrantToken) error
- func (c *NodeRPC) OnNotify(notification *types.Notification, reply *bool) error
- type NotifyFunc
Constants ¶
const ( DefaultJwtTTL = 60 // 1 minute NotificationTTL = 600 // 10 minutes MaxJwtTTL = 1800 // 30 minutes, maximum time a Jwt can live. Not configurable DefaultBitSize = 2048 DefaultRequestTokenTTL = 1800 LogLevelDebug = "debug" LogLevelError = "error" LogLevelInfo = "info" LogLevelWarn = "warn" JwtIssuerClaim = "iss" JwtExpiresAtClaim = "exp" JwtKeyIDHeader = "kid" TopicTrustChange = "trust_change" TopicKeyPairChange = "key_pair_change" TopicGrantTokenChange = "grant_token_change" EventTrustPut = "trust_put" EventTrustDelete = "trust_delete" EventKeyPairPut = "keypair_put" EventKeyPairDelete = "keypair_delete" EventGrantTokenPut = "grant_token_put" EventGrantTokenDelete = "grant_token_delete" EventGrantTokenBulkDelete = "grant_token_bulk_delete" )
keys
const (
JwkUseSig = "sig"
)
JWK constants
Variables ¶
var ( ErrNoClientStore = errors.New("no client store configured") ErrNoClientKeyPair = errors.New("no client key pair found in the store") ErrNotFound = errors.New("not found") )
vars
Functions ¶
func ContainsString ¶
ContainsString returns trust if the list contains the string
func GenerateRSAKeyPair ¶
GenerateRSAKeyPair generates a key pair
func GetJwtFromRequest ¶
GetJwtFromRequest gets a jwt from the request accepts Authroization headers for Bearer and JWT also accepts Cookie with JWT
func ParseRS256 ¶
ParseRS256 parses an RS256 tokenString
func SignRS256WithClaims ¶
func SignRS256WithClaims(privateKeyPEM []byte, claims jwt.MapClaims, header map[string]interface{}) (string, error)
SignRS256WithClaims signs claims with RS256
func UniqueStringList ¶
UniqueStringList creates a unique list of strings
Types ¶
type JSONWebKey ¶
type JSONWebKey struct { Alg string `json:"alg,omitempty"` Kty string `json:"kty,omitempty"` Use string `json:"use,omitempty"` X5c []string `json:"x5c,omitempty"` N string `json:"n,omitempty"` E string `json:"e,omitempty"` Kid string `json:"kid,omitempty"` X5t string `json:"x5t,omitempty"` X5t256 string `json:"x5t#S256,omitempty"` Subject string `json:"sub,omitempty"` Audience string `json:"aud,omitempty"` Issuer string `json:"iss,omitempty"` }
JSONWebKey a JSON web key
func NewRS256JSONWebKey ¶
func NewRS256JSONWebKey(publicKey *rsa.PublicKey, kid, use, issuer string) (*JSONWebKey, error)
NewRS256JSONWebKey creates a new RS256 JSON web key
func (*JSONWebKey) PublicKey ¶
func (c *JSONWebKey) PublicKey() (interface{}, error)
PublicKey returns the public key
type JSONWebKeySet ¶
type JSONWebKeySet struct {
Keys []*JSONWebKey `json:"keys"`
}
JSONWebKeySet a JSON web key set
func (*JSONWebKeySet) GetKey ¶
func (c *JSONWebKeySet) GetKey(kid string) *JSONWebKey
GetKey gets a specific key from the JWKS
type Node ¶
type Node struct {
// contains filtered or unexported fields
}
Node a circle of trust node
func (*Node) BreakTrust ¶
BreakTrust requests a trust break
func (*Node) EnsureKeyPair ¶
EnsureKeyPair creates a keypair if it does not exist and returns it once it does
func (*Node) GenerateJWKS ¶
func (c *Node) GenerateJWKS() (*JSONWebKeySet, error)
GenerateJWKS generates a JWKS
func (*Node) ListKeyPairs ¶
ListKeyPairs lists all trusts
func (*Node) ListTrustGrantTokens ¶
func (c *Node) ListTrustGrantTokens() ([]*types.TrustGrantToken, error)
ListTrustGrantTokens lists all trusts
func (*Node) ListTrusts ¶
ListTrusts lists all trusts
func (*Node) NewGrantToken ¶
func (c *Node) NewGrantToken(issuer string) (*types.TrustGrantToken, error)
NewGrantToken creates and stores a grant token
func (*Node) NewKeyPair ¶
NewKeyPair creates a new key pair for the issuer if the issuer key pair exists it rotates the key pair
func (*Node) NewNotification ¶
func (c *Node) NewNotification(topic, event, data string) *types.Notification
NewNotification creates a new notification
func (*Node) RefreshAllTrusts ¶
RefreshAllTrusts refresh the trust cache
func (*Node) RequestTrust ¶
RequestTrust requests a trust from the grantor using a grant token
func (*Node) RotateKeyPair ¶
RotateKeyPair rotates the trustee keypair
type NodeOptions ¶
type NodeOptions struct { KeySize int RequestTimeout int RegistrationTokenTTL int Insecure bool CLIMode bool RPCAddr string JWTCookieName string EncryptionKey string Peers []string LogFunc LogFunc NotifyFunc NotifyFunc Store store.Store AdditionalJWKFunc func() []*JSONWebKey ContentEncryption jose.ContentEncryption KeyAlgorithm jose.KeyAlgorithm }
NodeOptions options for a node
type NodeRPC ¶
type NodeRPC struct {
// contains filtered or unexported fields
}
NodeRPC node rpc server
func (*NodeRPC) BreakTrust ¶
BreakTrust breaks the trust by removing it
func (*NodeRPC) GetJWK ¶
func (c *NodeRPC) GetJWK(keyID *string, reply *JSONWebKey) error
GetJWK gets a jwk for the specified key id
func (*NodeRPC) GrantTrust ¶
func (c *NodeRPC) GrantTrust(request *types.TrustRequest, reply *bool) error
GrantTrust grants a trust request if it is valid
func (*NodeRPC) IssueGrantToken ¶
func (c *NodeRPC) IssueGrantToken(tokenString *string, reply *types.TrustGrantToken) error
IssueGrantToken issues a grant token the token is automatically assigned the same issuer as the requesting token
type NotifyFunc ¶
type NotifyFunc func(node *Node, notification *types.Notification)
NotifyFunc a function called to notify other nodes of an update