filesystem

package
v0.0.0-...-982e07a Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 19, 2023 License: Apache-2.0 Imports: 33 Imported by: 0

Documentation

Overview

Package filesystem implements keystores that write and reads keys from file system. Each keystore is responsible for generating keys for specific service, writing them to provided file path, reading and decrypting them. Server keystore generates AcraServer transport key pair and AcraStorage encryption keypair used for creating/decrypting AcraStructs. Connector keystore generates AcraConnector transport key pair. Translator keystore generates AcraTranslator transport key pair.

https://github.com/cossacklabs/acra/wiki/Key-Management

Index

Constants

View Source 
const HistoricalFileNameTimeFormat = "2006-01-02T15:04:05.999999999"

HistoricalFileNameTimeFormat format used as filename for rotated keys

View Source 
const (
	PoisonKeyFilename = ".poison_key/poison_key"
)

Default key folders' filenames

View Source 
const PrivateFileMode = os.FileMode(0600)

PrivateFileMode used for all created files with private data

View Source 
const SecureLogKeyFilename = "secure_log_key"

SecureLogKeyFilename represent context for secure log key

Variables

View Source 
var ErrInvalidIndex = errors.New("invalid index value provided")

ErrInvalidIndex represent invalid key index for destroying

View Source 
var ErrUnrecognizedKeyPurpose = errors.New("key purpose not recognized")

ErrUnrecognizedKeyPurpose describe key mismatch error

Functions

func DescribeKeyFile 

func DescribeKeyFile(fileName string) (*keystore.KeyDescription, error)

DescribeKeyFile describes key by its purpose path for V1 and V2 keystore

func GetServerDecryptionKeyFilename 

func GetServerDecryptionKeyFilename(id []byte) string

GetServerDecryptionKeyFilename return filename for decryption key

func IsKeyDirectory 

func IsKeyDirectory(keyDirectory string, extractor *args.ServiceExtractor) bool

IsKeyDirectory checks if the local directory contains a keystore v1. This is a conservative check. That is, positive return value does not mean that the directory contains *a valid* keystore. However, false value means that the directory is definitely not a valid keystore. In particular, false is returned if the directory does not exists or cannot be opened.

func IsKeyReadError 

func IsKeyReadError(err error) bool

IsKeyReadError return true if error is os.ErrNotExist compatible and NoKeyFoundExit

func ReadDir 

func ReadDir(storage Storage, path string) ([]string, error)

ReadDir reads a directory and returns paths of items

Types

type DefaultKeyFileClassifier 

type DefaultKeyFileClassifier struct{}

DefaultKeyFileClassifier is a KeyFileClassifier for standard key types.

func (*DefaultKeyFileClassifier) ClassifyExportedKey 

func (*DefaultKeyFileClassifier) ClassifyExportedKey(path string) *ExportedKey

ClassifyExportedKey tells how a key at given path should be exported.

type DummyStorage 

type DummyStorage struct{ FileStorage }

DummyStorage keeps key files in filesystem directories.

type ExportedKey 

type ExportedKey struct {
	PublicPath    string
	PrivatePath   string
	SymmetricPath string
	KeyContext    keystore.KeyContext
}

ExportedKey describes a key that can be exported from keystore.

`Purpose` describes the purpose of this key. This is one of the `Purpose...` constants exported by this module.

`ID` is either client ID or nil depending on the purpose.

`*Path` fields will be empty when not applicable. For example, symmetric keys will not have public or private parts, and only public or private key of a key pair may be present.

func EnumerateExportedKeys 

func EnumerateExportedKeys(enumerator KeyExportEnumerator) ([]ExportedKey, error)

EnumerateExportedKeys prepares a list of keys that can be exported. The keys are classified with default key file classifier.

func EnumerateExportedKeysByClass 

func EnumerateExportedKeysByClass(enumerator KeyExportEnumerator, classifier KeyFileClassifier) ([]ExportedKey, error)

EnumerateExportedKeysByClass prepares a list of keys that can be exported. The keys are classified with the provided classifier.

func NewExportedPlaintextSymmetricKey 

func NewExportedPlaintextSymmetricKey(symmetricPath string, keyContext keystore.KeyContext) *ExportedKey

NewExportedPlaintextSymmetricKey makes an ExportedKey for an unencrypted symmetric key file.

func NewExportedPrivateKey 

func NewExportedPrivateKey(privatePath string, keyContext keystore.KeyContext) *ExportedKey

NewExportedPrivateKey makes an ExportedKey for a private key file.

func NewExportedPublicKey 

func NewExportedPublicKey(publicPath string, keyContext keystore.KeyContext) *ExportedKey

NewExportedPublicKey makes an ExportedKey for a public key file.

func NewExportedSymmetricKey 

func NewExportedSymmetricKey(symmetricPath string, keyContext keystore.KeyContext) *ExportedKey

NewExportedSymmetricKey makes an ExportedKey for an unencrypted symmetric key file.

type FileStorage 

type FileStorage struct{}

FileStorage is implementation of Storage interface for filesystem

func (*FileStorage) Copy 

func (*FileStorage) Copy(src, dst string) error

Copy implementation of Storage interface

func (*FileStorage) Exists 

func (*FileStorage) Exists(path string) (bool, error)

Exists implementation of Storage interface 

func (*FileStorage) Link(oldpath, newpath string) error

Link implementation of Storage interface

func (*FileStorage) MkdirAll 

func (*FileStorage) MkdirAll(path string, perm os.FileMode) error

MkdirAll implementation of Storage interface

func (*FileStorage) ReadDir 

func (*FileStorage) ReadDir(path string) ([]os.FileInfo, error)

ReadDir implementation of Storage interface

func (*FileStorage) ReadFile 

func (*FileStorage) ReadFile(path string) ([]byte, error)

ReadFile implementation of Storage interface

func (*FileStorage) Remove 

func (*FileStorage) Remove(path string) error

Remove implementation of Storage interface

func (*FileStorage) RemoveAll 

func (*FileStorage) RemoveAll(path string) error

RemoveAll implementation of Storage interface

func (*FileStorage) Rename 

func (*FileStorage) Rename(oldpath, newpath string) error

Rename implementation of Storage interface

func (*FileStorage) Stat 

func (*FileStorage) Stat(path string) (os.FileInfo, error)

Stat implementation of Storage interface

func (*FileStorage) TempDir 

func (*FileStorage) TempDir(pattern string, perm os.FileMode) (string, error)

TempDir implementation of Storage interface

func (*FileStorage) TempFile 

func (*FileStorage) TempFile(pattern string, perm os.FileMode) (string, error)

TempFile implementation of Storage interface

func (*FileStorage) WriteFile 

func (*FileStorage) WriteFile(path string, data []byte, perm os.FileMode) error

WriteFile implementation of Storage interface

type KeyBackuper 

type KeyBackuper struct {
	// contains filtered or unexported fields
}

KeyBackuper export keys from KeyStore into encrypted bytes buffer

func NewKeyBackuper 

func NewKeyBackuper(privateFolder, publicFolder string, storage Storage, decryptor keystore.KeyEncryptor, keyStore keystore.ServerKeyStore) (*KeyBackuper, error)

NewKeyBackuper create, initialize and return new instance of KeyBackuper

func (*KeyBackuper) Export 

func (store *KeyBackuper) Export(exportIDs []keystore.ExportID, mode keystore.ExportMode) (*keystore.KeysBackup, error)

Export keys from KeyStore encrypted with new key for backup

func (*KeyBackuper) Import 

func (store *KeyBackuper) Import(backup *keystore.KeysBackup) ([]keystore.KeyDescription, error)

Import keys from backup to current keystore

type KeyExport 

type KeyExport interface {
	KeyExportEnumerator

	ExportPublicKey(key ExportedKey) (*keys.PublicKey, error)
	ExportPrivateKey(key ExportedKey) (*keys.PrivateKey, error)
	ExportKeyPair(key ExportedKey) (*keys.Keypair, error)
	ExportSymmetricKey(key ExportedKey) ([]byte, error)
	ExportPlaintextSymmetricKey(key ExportedKey) ([]byte, error)
}

KeyExport allows to export plaintext key material by generic key description rather than specific purpose.

type KeyExportEnumerator 

type KeyExportEnumerator interface {
	EnumerateExportedKeyPaths() ([]string, error)
}

KeyExportEnumerator provides a list of key paths to be exported.

type KeyFileClassifier 

type KeyFileClassifier interface {
	ClassifyExportedKey(path string) *ExportedKey
}

KeyFileClassifier defines how to export keys stored in files. It divines the purpose of the key by its path. Return nil if the path should not be exported (e.g., if it's not a key).

type KeyStore 

type KeyStore struct {
	// contains filtered or unexported fields
}

KeyStore represents keystore that reads keys from key folders, and stores them in memory.

func NewFileSystemKeyStoreWithCacheSize 

func NewFileSystemKeyStoreWithCacheSize(directory string, encryptor keystore.KeyEncryptor, cacheSize int) (*KeyStore, error)

NewFileSystemKeyStoreWithCacheSize represents keystore that reads keys from key folders, and stores them in cache.

func NewFilesystemKeyStore 

func NewFilesystemKeyStore(directory string, encryptor keystore.KeyEncryptor) (*KeyStore, error)

NewFilesystemKeyStore represents keystore that reads keys from key folders, and stores them in memory.

func NewFilesystemKeyStoreTwoPath 

func NewFilesystemKeyStoreTwoPath(privateKeyFolder, publicKeyFolder string, encryptor keystore.KeyEncryptor) (*KeyStore, error)

NewFilesystemKeyStoreTwoPath creates new KeyStore using separate folders for private and public keys.

func (*KeyStore) Add 

func (store *KeyStore) Add(keyID string, keyValue []byte)

Add value to inner cache

func (*KeyStore) CacheOnStart 

func (store *KeyStore) CacheOnStart() error

CacheOnStart list and cache all keys from keystore

func (*KeyStore) DestroyClientIDEncryptionKeyPair 

func (store *KeyStore) DestroyClientIDEncryptionKeyPair(clientID []byte) error

DestroyClientIDEncryptionKeyPair destroy server encryption key pair

func (*KeyStore) DestroyClientIDSymmetricKey 

func (store *KeyStore) DestroyClientIDSymmetricKey(clientID []byte) error

DestroyClientIDSymmetricKey destroy private poison key

func (*KeyStore) DestroyHmacSecretKey 

func (store *KeyStore) DestroyHmacSecretKey(clientID []byte) error

DestroyHmacSecretKey destroy hmac secter key

func (*KeyStore) DestroyPoisonKeyPair 

func (store *KeyStore) DestroyPoisonKeyPair() error

DestroyPoisonKeyPair destroy poison key pair

func (*KeyStore) DestroyPoisonSymmetricKey 

func (store *KeyStore) DestroyPoisonSymmetricKey() error

DestroyPoisonSymmetricKey destroy poison symmetric key

func (*KeyStore) DestroyRotatedClientIDEncryptionKeyPair 

func (store *KeyStore) DestroyRotatedClientIDEncryptionKeyPair(clientID []byte, index int) error

DestroyRotatedClientIDEncryptionKeyPair destroy created rotated storage key pair

func (*KeyStore) DestroyRotatedClientIDSymmetricKey 

func (store *KeyStore) DestroyRotatedClientIDSymmetricKey(clientID []byte, index int) error

DestroyRotatedClientIDSymmetricKey destroy created rotated symmetric key

func (*KeyStore) DestroyRotatedHmacSecretKey 

func (store *KeyStore) DestroyRotatedHmacSecretKey(clientID []byte, index int) error

DestroyRotatedHmacSecretKey destroy created rotated hmac symmetric key

func (*KeyStore) DestroyRotatedPoisonKeyPair 

func (store *KeyStore) DestroyRotatedPoisonKeyPair(index int) error

DestroyRotatedPoisonKeyPair destroy poison rotated key pair by index

func (*KeyStore) DestroyRotatedPoisonSymmetricKey 

func (store *KeyStore) DestroyRotatedPoisonSymmetricKey(index int) error

DestroyRotatedPoisonSymmetricKey destroy created rotated poison record symmetric key

func (*KeyStore) EnumerateExportedKeyPaths 

func (store *KeyStore) EnumerateExportedKeyPaths() ([]string, error)

EnumerateExportedKeyPaths returns a list of key paths that can be exported from this keystore.

func (*KeyStore) ExportKeyPair 

func (store *KeyStore) ExportKeyPair(key ExportedKey) (*keys.Keypair, error)

ExportKeyPair loads a key pair for export.

func (*KeyStore) ExportPlaintextSymmetricKey 

func (store *KeyStore) ExportPlaintextSymmetricKey(key ExportedKey) ([]byte, error)

ExportPlaintextSymmetricKey loads an unencrypted symmetric key for export.

func (*KeyStore) ExportPrivateKey 

func (store *KeyStore) ExportPrivateKey(key ExportedKey) (*keys.PrivateKey, error)

ExportPrivateKey loads a private key for export.

func (*KeyStore) ExportPublicKey 

func (store *KeyStore) ExportPublicKey(key ExportedKey) (*keys.PublicKey, error)

ExportPublicKey loads a public key for export.

func (*KeyStore) ExportSymmetricKey 

func (store *KeyStore) ExportSymmetricKey(key ExportedKey) ([]byte, error)

ExportSymmetricKey loads a symmetric key for export.

func (*KeyStore) GenerateClientIDSymmetricKey 

func (store *KeyStore) GenerateClientIDSymmetricKey(id []byte) error

GenerateClientIDSymmetricKey generate symmetric key for specified client id

func (*KeyStore) GenerateConnectorKeys 

func (store *KeyStore) GenerateConnectorKeys(id []byte) error

GenerateConnectorKeys generates AcraConnector transport EC keypair using clientID as part of key name. Writes encrypted private key and plaintext public key to fs. Returns error if writing/encryption failed.

func (*KeyStore) GenerateDataEncryptionKeys 

func (store *KeyStore) GenerateDataEncryptionKeys(id []byte) error

GenerateDataEncryptionKeys generates Storage EC keypair for encrypting/decrypting data using clientID as part of key name. Writes encrypted private key and plaintext public key to fs. Returns error if writing/encryption failed.

func (*KeyStore) GenerateHmacKey 

func (store *KeyStore) GenerateHmacKey(id []byte) error

GenerateHmacKey key for hmac calculation in in folder for private keys

func (*KeyStore) GenerateLogKey 

func (store *KeyStore) GenerateLogKey() error

GenerateLogKey key for log integrity check calculation in folder for private keys

func (*KeyStore) GeneratePoisonKeyPair 

func (store *KeyStore) GeneratePoisonKeyPair() error

GeneratePoisonKeyPair generates new poison keypair, saving it in the storage. Old keypair is rotated.

func (*KeyStore) GeneratePoisonSymmetricKey 

func (store *KeyStore) GeneratePoisonSymmetricKey() error

GeneratePoisonSymmetricKey generate symmetric key for poison records

func (*KeyStore) GenerateServerKeys 

func (store *KeyStore) GenerateServerKeys(id []byte) error

GenerateServerKeys generates AcraServer transport EC keypair using clientID as part of key name. Writes encrypted private key and plaintext public key to fs. Returns error if writing/encryption failed.

func (*KeyStore) GenerateTranslatorKeys 

func (store *KeyStore) GenerateTranslatorKeys(id []byte) error

GenerateTranslatorKeys generates AcraTranslator transport EC keypair using clientID as part of key name. Writes encrypted private key and plaintext public key to fs. Returns error if writing/encryption failed.

func (*KeyStore) Get 

func (store *KeyStore) Get(keyID string) ([]byte, bool)

Get value from inner cache

func (*KeyStore) GetClientIDEncryptionPublicKey 

func (store *KeyStore) GetClientIDEncryptionPublicKey(clientID []byte) (*keys.PublicKey, error)

GetClientIDEncryptionPublicKey return PublicKey by clientID from cache or load from main store

func (*KeyStore) GetClientIDSymmetricKey 

func (store *KeyStore) GetClientIDSymmetricKey(id []byte) ([]byte, error)

GetClientIDSymmetricKey return latest symmetric key for encryption by specified client id

func (*KeyStore) GetClientIDSymmetricKeys 

func (store *KeyStore) GetClientIDSymmetricKeys(id []byte) ([][]byte, error)

GetClientIDSymmetricKeys return symmetric keys for specified client id

func (*KeyStore) GetHMACSecretKey 

func (store *KeyStore) GetHMACSecretKey(id []byte) ([]byte, error)

GetHMACSecretKey return key for hmac calculation according to id

func (*KeyStore) GetHistoricalPrivateKeyFilenames 

func (store *KeyStore) GetHistoricalPrivateKeyFilenames(filename string) ([]string, error)

GetHistoricalPrivateKeyFilenames return filenames for current and rotated keys

func (*KeyStore) GetLogSecretKey 

func (store *KeyStore) GetLogSecretKey() ([]byte, error)

GetLogSecretKey return key for log integrity checks

func (*KeyStore) GetPeerPublicKey 

func (store *KeyStore) GetPeerPublicKey(id []byte) (*keys.PublicKey, error)

GetPeerPublicKey returns public key for this clientID, gets it from cache or reads from fs.

func (*KeyStore) GetPoisonKeyPair 

func (store *KeyStore) GetPoisonKeyPair() (*keys.Keypair, error)

GetPoisonKeyPair reads and returns poison EC keypair from the fs. Returns an error if fs or crypto operations fail. Also, returns ErrKeysNotFound if the key pair doesn't exist.

func (*KeyStore) GetPoisonPrivateKeys 

func (store *KeyStore) GetPoisonPrivateKeys() ([]*keys.PrivateKey, error)

GetPoisonPrivateKeys reads and returns poison EC private keys from the fs, returning them in order from newest to oldest. Returns an error if fs or crypto operations fail. Also, returns ErrKeysNotFound if the keys don't exist.

func (*KeyStore) GetPoisonSymmetricKey 

func (store *KeyStore) GetPoisonSymmetricKey() ([]byte, error)

GetPoisonSymmetricKey reads and returns poison symmetric key from the fs. Returns an error if fs or crypto operations fail. Also, returns ErrKeysNotFound if the keys don't exist.

func (*KeyStore) GetPoisonSymmetricKeys 

func (store *KeyStore) GetPoisonSymmetricKeys() ([][]byte, error)

GetPoisonSymmetricKeys reads and returns all poison symmetric keys from the fs, returning them in order from newest to oldest. Returns an error if fs or crypto operations fail. Also, returns ErrKeysNotFound if the keys don't exist.

func (*KeyStore) GetPrivateKey 

func (store *KeyStore) GetPrivateKey(id []byte) (*keys.PrivateKey, error)

GetPrivateKey reads encrypted client private key from fs, decrypts it with master key and clientID, and returns plaintext private key, or reading/decryption error.

func (*KeyStore) GetPrivateKeyFilePath 

func (store *KeyStore) GetPrivateKeyFilePath(filename string) string

GetPrivateKeyFilePath return path for file with private key with configured folder for store

func (*KeyStore) GetPublicKeyFilePath 

func (store *KeyStore) GetPublicKeyFilePath(filename string) string

GetPublicKeyFilePath return path for file with public key with configured folder for store

func (*KeyStore) GetServerDecryptionPrivateKey 

func (store *KeyStore) GetServerDecryptionPrivateKey(id []byte) (*keys.PrivateKey, error)

GetServerDecryptionPrivateKey reads encrypted server storage private key from fs, decrypts it with master key and clientID, and returns plaintext private key, or reading/decryption error.

func (*KeyStore) GetServerDecryptionPrivateKeys 

func (store *KeyStore) GetServerDecryptionPrivateKeys(id []byte) ([]*keys.PrivateKey, error)

GetServerDecryptionPrivateKeys reads encrypted server storage private keys from fs, decrypts them with master key and clientID, and returns plaintext private keys, or reading/decryption error.

func (*KeyStore) ListKeys 

func (store *KeyStore) ListKeys() ([]keystore.KeyDescription, error)

ListKeys enumerates keys present in the keystore.

func (*KeyStore) ListRotatedKeys 

func (store *KeyStore) ListRotatedKeys() ([]keystore.KeyDescription, error)

ListRotatedKeys enumerates keys present in the keystore within old dir.

func (*KeyStore) ReadKeyFile 

func (store *KeyStore) ReadKeyFile(filename string) ([]byte, error)

ReadKeyFile reads raw key data for given filename.

func (*KeyStore) Reset 

func (store *KeyStore) Reset()

Reset clears all cached keys

func (*KeyStore) SaveDataEncryptionKeys 

func (store *KeyStore) SaveDataEncryptionKeys(id []byte, keypair *keys.Keypair) error

SaveDataEncryptionKeys save or overwrite decryption keypair for client id

func (*KeyStore) SaveKeyPairWithFilename 

func (store *KeyStore) SaveKeyPairWithFilename(keypair *keys.Keypair, filename string, keyContext keystore.KeyContext) error

SaveKeyPairWithFilename save encrypted private key and public key to configured folders

func (*KeyStore) WriteKeyFile 

func (store *KeyStore) WriteKeyFile(filename string, data []byte, mode os.FileMode) error

WriteKeyFile updates key data, creating a new file if necessary.

func (*KeyStore) WritePrivateKey 

func (store *KeyStore) WritePrivateKey(filename string, data []byte) error

WritePrivateKey writes private key from data to filename

func (*KeyStore) WritePublicKey 

func (store *KeyStore) WritePublicKey(filename string, data []byte) error

WritePublicKey writes public key from data to filename

type KeyStoreBuilder 

type KeyStoreBuilder struct {
	// contains filtered or unexported fields
}

KeyStoreBuilder allows to build a custom keystore.

func NewCustomFilesystemKeyStore 

func NewCustomFilesystemKeyStore() *KeyStoreBuilder

NewCustomFilesystemKeyStore allows a custom-made KeyStore to be built. You must set at least root key directories and provide a KeyEncryptor.

func (*KeyStoreBuilder) Build 

func (b *KeyStoreBuilder) Build() (*KeyStore, error)

Build constructs a KeyStore with specified parameters.

func (*KeyStoreBuilder) CacheSize 

func (b *KeyStoreBuilder) CacheSize(cacheSize int) *KeyStoreBuilder

CacheSize sets cache size to use. By default cache size is unlimited,

func (*KeyStoreBuilder) Encryptor 

func (b *KeyStoreBuilder) Encryptor(encryptor keystore.KeyEncryptor) *KeyStoreBuilder

Encryptor sets cryptographic backend.

func (*KeyStoreBuilder) KeyDirectories 

func (b *KeyStoreBuilder) KeyDirectories(privateKeyDir, publicKeyDir string) *KeyStoreBuilder

KeyDirectories sets root key directories for private and public keys.

func (*KeyStoreBuilder) KeyDirectory 

func (b *KeyStoreBuilder) KeyDirectory(directory string) *KeyStoreBuilder

KeyDirectory sets root key directory. Private and public keys will be kept together.

func (*KeyStoreBuilder) Storage 

func (b *KeyStoreBuilder) Storage(storage Storage) *KeyStoreBuilder

Storage sets custom storage backend.

type RedisStorage 

type RedisStorage struct {
	// contains filtered or unexported fields
}

RedisStorage provides a storage backend that keeps key in Redis.

func (*RedisStorage) Copy 

func (r *RedisStorage) Copy(src, dst string) error

func (*RedisStorage) Exists 

func (r *RedisStorage) Exists(path string) (bool, error)
func (r *RedisStorage) Link(oldpath, newpath string) error

func (*RedisStorage) MkdirAll 

func (r *RedisStorage) MkdirAll(path string, perm os.FileMode) error

func (*RedisStorage) ReadDir 

func (r *RedisStorage) ReadDir(path string) ([]os.FileInfo, error)

func (*RedisStorage) ReadFile 

func (r *RedisStorage) ReadFile(path string) ([]byte, error)

func (*RedisStorage) Remove 

func (r *RedisStorage) Remove(path string) error

func (*RedisStorage) RemoveAll 

func (r *RedisStorage) RemoveAll(path string) error

func (*RedisStorage) Rename 

func (r *RedisStorage) Rename(oldpath, newpath string) error

func (*RedisStorage) Stat 

func (r *RedisStorage) Stat(path string) (os.FileInfo, error)

func (*RedisStorage) TempDir 

func (r *RedisStorage) TempDir(pattern string, perm os.FileMode) (string, error)

func (*RedisStorage) TempFile 

func (r *RedisStorage) TempFile(pattern string, perm os.FileMode) (string, error)

func (*RedisStorage) WriteFile 

func (r *RedisStorage) WriteFile(path string, data []byte, perm os.FileMode) error

type Storage 

type Storage interface {
	// Stat a file at given path.
	Stat(path string) (os.FileInfo, error)
	// Exists checks whether a file exists at a given path.
	Exists(path string) (bool, error)
	// ReadDir reads a directory and returns information about its contents sorted by filename.
	ReadDir(path string) ([]os.FileInfo, error)
	// MkdirAll creates directory at given path with given permissions, including all missing intermediate directories.
	// It is not at error if a directory already exists at this path.
	MkdirAll(path string, perm os.FileMode) error
	// Rename a file atomically from oldpath to newpath, replacing a file at newpath if it exists.
	Rename(oldpath, newpath string) error
	// TempFile creates a new temporary file with given name pattern and access permissions.
	// Name of the newly created file is returned.
	// Caller is responsible for removing the file once they are done with it.
	TempFile(pattern string, perm os.FileMode) (string, error)
	// TempDir creates a new temporary directory with given name pattern and access permissions.
	// Name of the newly created directory is returned.
	// Caller is responsible for removing the directory and its contents once they are done with it.
	TempDir(pattern string, perm os.FileMode) (string, error)
	// Link creates a hard link at newpath which refers to the same path as oldpath.
	// Not all file systems support hard links, and there may be restrictions on hard links between different directories.
	Link(oldpath, newpath string) error
	// Copy a file from src to dst, preserving access mode.
	// It is an error if dst already exists.
	// dst is an independent copy of src with initially identical content.
	Copy(src, dst string) error
	// ReadFile reads entire content of the specified file.
	ReadFile(path string) ([]byte, error)
	// WriteAll replaces entire content of the specified file, creating it with specified mode if it does not exist.
	WriteFile(path string, data []byte, perm os.FileMode) error
	// Remove the file or empty directory at given path.
	Remove(path string) error
	// RemoveAll removes the path with any children that it contains.
	RemoveAll(path string) error
}

Storage interface provides support for alternative filesystem-like storage backends of KeyStore. Semantics of methods are identical to corresponding "os", "io", "io/ioutil" functions where applicable.

func NewRedisStorage 

func NewRedisStorage(address string, password string, db int, tls *tls.Config) (Storage, error)

NewRedisStorage returns a new Redis backend.

type TranslatorFileSystemKeyStore 

type TranslatorFileSystemKeyStore struct {
	*KeyStore
	// contains filtered or unexported fields
}

TranslatorFileSystemKeyStore stores AcraTranslator keys configuration

func NewTranslatorFileSystemKeyStore 

func NewTranslatorFileSystemKeyStore(directory string, encryptor keystore.KeyEncryptor, cacheSize int) (*TranslatorFileSystemKeyStore, error)

NewTranslatorFileSystemKeyStore creates new TranslatorFileSystemKeyStore

func NewTranslatorFileSystemKeyStoreFromServerStore 

func NewTranslatorFileSystemKeyStoreFromServerStore(directory string, encryptor keystore.KeyEncryptor, store *KeyStore) (*TranslatorFileSystemKeyStore, error)

NewTranslatorFileSystemKeyStoreFromServerStore create TranslatorKeyStore which inherit KeyStore

func (*TranslatorFileSystemKeyStore) CheckIfPrivateKeyExists 

func (store *TranslatorFileSystemKeyStore) CheckIfPrivateKeyExists(id []byte) (bool, error)

CheckIfPrivateKeyExists checks if Keystore has Translator transport private key for establishing Secure Session connection, returns true if key exists in fs.

func (*TranslatorFileSystemKeyStore) GetPrivateKey 

func (store *TranslatorFileSystemKeyStore) GetPrivateKey(id []byte) (*keys.PrivateKey, error)

GetPrivateKey reads and decrypts Translator transport private key for establishing Secure Session connection.

type TranslatorFileSystemKeyStoreBuilder 

type TranslatorFileSystemKeyStoreBuilder struct {
	// contains filtered or unexported fields
}

TranslatorFileSystemKeyStoreBuilder allows to build a custom keystore.

func NewCustomTranslatorFileSystemKeyStore 

func NewCustomTranslatorFileSystemKeyStore() *TranslatorFileSystemKeyStoreBuilder

NewCustomTranslatorFileSystemKeyStore allows to customize a translator keystore.

func (*TranslatorFileSystemKeyStoreBuilder) Build 

func (b *TranslatorFileSystemKeyStoreBuilder) Build() (*TranslatorFileSystemKeyStore, error)

Build a keystore.

func (*TranslatorFileSystemKeyStoreBuilder) Encryptor 

func (b *TranslatorFileSystemKeyStoreBuilder) Encryptor(encryptor keystore.KeyEncryptor) *TranslatorFileSystemKeyStoreBuilder

Encryptor sets key encryptor.

func (*TranslatorFileSystemKeyStoreBuilder) KeyDirectory 

func (b *TranslatorFileSystemKeyStoreBuilder) KeyDirectory(directory string) *TranslatorFileSystemKeyStoreBuilder

KeyDirectory sets key directory.

func (*TranslatorFileSystemKeyStoreBuilder) Storage 

func (b *TranslatorFileSystemKeyStoreBuilder) Storage(storage Storage) *TranslatorFileSystemKeyStoreBuilder

Storage sets custom storage.

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.