Documentation ¶
Index ¶
- func DecryptBlock(key [32]byte, in []byte) (clear []byte, err kv.Error)
- func EncryptBlock(data []byte) (key [32]byte, enc []byte, err kv.Error)
- func GenerateKeyPair(pwd string) (privatePEM []byte, publicPEM []byte, err kv.Error)
- func HybridSeal(buffer []byte, pub *rsa.PublicKey) (output string, err kv.Error)
- func IsEnvelope(msg []byte) (isEnvelope bool, err kv.Error)
- func ParseSSHSignature(in []byte) (out *ssh.Signature, err kv.Error)
- func SSHKeys(cryptoDir string, passphraseDir string) (publicPEM []byte, privatePEM []byte, passphrase []byte, err kv.Error)
- func StopSecret()
- func Unseal(encrypted string, prvKey *rsa.PrivateKey) (decrypted []byte, err kv.Error)
- func WillEscape(candidate string, target string) (escapes bool, err kv.Error)
- func WriteKeyToFile(keyBytes []byte, outputFN string) (err kv.Error)
- type DSExtract
- type DynamicStore
- type Envelope
- type Message
- type OpenExperiment
- type PubkeyStore
- func (s *PubkeyStore) Dir() (dir string)
- func (s *PubkeyStore) GetRefresh() (doneCtx context.Context)
- func (s *PubkeyStore) GetSSH(q string) (key ssh.PublicKey, fingerprint string, err kv.Error)
- func (s *PubkeyStore) Select(q string) (key *rsa.PublicKey, err kv.Error)
- func (s *PubkeyStore) SelectSSH(q string) (key ssh.PublicKey, fingerprint string, err kv.Error)
- type RefreshContext
- type Wrapper
- func (w *Wrapper) Envelope(r *request.Request) (e *Envelope, err kv.Error)
- func (w *Wrapper) Request(e *Envelope) (r *request.Request, err kv.Error)
- func (w *Wrapper) UnwrapRequest(encrypted string) (r *request.Request, err kv.Error)
- func (w *Wrapper) WrapRequest(r *request.Request) (encrypted string, err kv.Error)
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func GenerateKeyPair ¶
generateKeyPair produces a 4096 bit PEM formatted public and password protected RSA key pair
func IsEnvelope ¶
IsEnvelop is used to test if a JSON payload is indeed present
func ParseSSHSignature ¶
ParseSSHSignature is used to extract a signature from a byte buffer encoded formatted according to, https://tools.ietf.org/html/draft-ietf-curdle-ssh-ed25519-01. A pair of Length,Value items. The first the Format string for the signature and the second the bytes of the key blob.
func StopSecret ¶
func StopSecret()
func WillEscape ¶
WillEscape checks to see if the candidate name will escape the target directory
Types ¶
type DynamicStore ¶
DynamicStore encapsulates an instance of a single directory that is backing the in-memory file contents, it also includes a reference to the next pending refresh and a function that is used when the directory files change
func NewDynamicStore ¶
func NewDynamicStore(ctx context.Context, configuredDir string, extractFN DSExtract, refresh time.Duration, errorC chan<- kv.Error) (store *DynamicStore, err kv.Error)
NewDynamicStore is used to initialize a watched dynamic store of items that is backed by the file system. This is a non-blocking function that will spawn a go routine that uses the ctx context to stop when the context is done.
func (*DynamicStore) Init ¶
func (s *DynamicStore) Init(ctx context.Context, configuredDir string, refresh time.Duration, errorC chan<- kv.Error) (err kv.Error)
Init is used to initialize a directory watcher backed store
func (*DynamicStore) Reset ¶
func (s *DynamicStore) Reset()
Reset is used to load a new pending refresh notification channel and trigger the old one
type Envelope ¶
type Envelope struct {
Message Message `json:"message"`
}
Request marshals the requests made by studioML under which all of the other meta data can be found
func UnmarshalEnvelope ¶
UnmarshalRequest takes an encoded StudioML envelope and extracts it into go data structures used by the go runner.
type Message ¶
type Message struct { Experiment OpenExperiment `json:"experiment"` TimeAdded float64 `json:"time_added"` ExperimentLifetime string `json:"experiment_lifetime"` Resource server.Resource `json:"resources_needed"` Payload string `json:"payload"` Fingerprint string `json:"fingerprint"` Signature string `json:"signature"` }
Message contains any clear text fields and either an an encrypted payload or clear text payloads as a Request.
type OpenExperiment ¶
type PubkeyStore ¶
PubkeyStore encapsulates a store of SSH public keys used for message signing, and encryption
func InitRqstSigWatcher ¶
func InitRqstSigWatcher(ctx context.Context, configuredDir string, errorC chan<- kv.Error) (sigs *PubkeyStore, err kv.Error)
InitRqstSigWatcher is used to initialize a watch for signatures and to spawn the file system backed service function to perform the watching.
func InitRspnsEncryptWatcher ¶
func InitRspnsEncryptWatcher(ctx context.Context, configuredDir string, errorC chan<- kv.Error) (sigs *PubkeyStore, err kv.Error)
InitRspnsSigWatcher is used to initialize a watch for signatures and to spawn the file system backed service function to perform the watching.
func (*PubkeyStore) Dir ¶
func (s *PubkeyStore) Dir() (dir string)
Dir returns the absolute directory path from which signature files are being retrieved and used
func (*PubkeyStore) GetRefresh ¶
func (s *PubkeyStore) GetRefresh() (doneCtx context.Context)
GetRefresh will return a context that will be cancelled on the next refresh of signatures completing. This us principally for testing at this time. This function will return nil if the key store is not yet initialized fully.
func (*PubkeyStore) GetSSH ¶
GetSSH retrieves a signature that has a queue name supplied by the caller as an exact match
func (*PubkeyStore) Select ¶
Select retrieves an SSH style signature that has a queue name supplied by the caller using the longest prefix matched queue name for the supplied queue name that can be found.
type RefreshContext ¶
type RefreshContext struct {
// contains filtered or unexported fields
}
RefreshContext is used to track when the background service function has checked the file system backing store for new, updated, or deleted items
type Wrapper ¶
type Wrapper struct {
// contains filtered or unexported fields
}
func KubernetesWrapper ¶
KubertesWrapper is used to obtain, if available, the Kubernetes stored encryption parameters for the server