keydbstore

package
v0.0.0-...-99f93f6 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Nov 27, 2021 License: Apache-2.0 Imports: 17 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	EncryptionAlg = jose.A256GCM
	KeywrapAlg    = jose.PBES2_HS256_A128KW
)

Constants

Variables

View Source 
var PrivateKeysRethinkTable = rethinkdb.Table{
	Name:             RDBPrivateKey{}.TableName(),
	PrimaryKey:       "key_id",
	JSONUnmarshaller: rdbPrivateKeyFromJSON,
}

PrivateKeysRethinkTable is the table definition for notary signer's key information

Functions

func NewCachedKeyService 

func NewCachedKeyService(baseKeyService signed.CryptoService) signed.CryptoService

NewCachedKeyService returns a new signed.CryptoService that includes caching

Types

type GormPrivateKey 

type GormPrivateKey struct {
	gorm.Model
	KeyID           string    `sql:"type:varchar(255);not null;unique;index:key_id_idx"`
	EncryptionAlg   string    `sql:"type:varchar(255);not null"`
	KeywrapAlg      string    `sql:"type:varchar(255);not null"`
	Algorithm       string    `sql:"type:varchar(50);not null"`
	PassphraseAlias string    `sql:"type:varchar(50);not null"`
	Gun             string    `sql:"type:varchar(255);not null"`
	Role            string    `sql:"type:varchar(255);not null"`
	Public          string    `sql:"type:blob;not null"`
	Private         string    `sql:"type:blob;not null"`
	LastUsed        time.Time `sql:"type:datetime;null;default:null"`
}

GormPrivateKey represents a PrivateKey in the database

func (GormPrivateKey) TableName 

func (g GormPrivateKey) TableName() string

TableName sets a specific table name for our GormPrivateKey

type RDBPrivateKey 

type RDBPrivateKey struct {
	rethinkdb.Timing
	KeyID           string        `gorethink:"key_id"`
	EncryptionAlg   string        `gorethink:"encryption_alg"`
	KeywrapAlg      string        `gorethink:"keywrap_alg"`
	Algorithm       string        `gorethink:"algorithm"`
	PassphraseAlias string        `gorethink:"passphrase_alias"`
	Gun             data.GUN      `gorethink:"gun"`
	Role            data.RoleName `gorethink:"role"`

	// gorethink specifically supports binary types, and says to pass it in as
	// a byteslice.  Currently our encryption method for the private key bytes
	// produces a base64-encoded string, but for future compatibility in case
	// we change how we encrypt, use a byteslace for the encrypted private key
	// too
	Public  []byte `gorethink:"public"`
	Private []byte `gorethink:"private"`

	// whether this key is active or not
	LastUsed time.Time `gorethink:"last_used"`
}

RDBPrivateKey represents a PrivateKey in the rethink database

func (RDBPrivateKey) TableName 

func (g RDBPrivateKey) TableName() string

TableName sets a specific table name for our RDBPrivateKey

type RethinkDBKeyStore 

type RethinkDBKeyStore struct {
	// contains filtered or unexported fields
}

RethinkDBKeyStore persists and manages private keys on a RethinkDB database

func NewRethinkDBKeyStore 

func NewRethinkDBKeyStore(dbName, username, password string, passphraseRetriever notary.PassRetriever, defaultPassAlias string, rethinkSession *gorethink.Session) *RethinkDBKeyStore

NewRethinkDBKeyStore returns a new RethinkDBKeyStore backed by a RethinkDB database

func (*RethinkDBKeyStore) AddKey 

func (rdb *RethinkDBKeyStore) AddKey(role data.RoleName, gun data.GUN, privKey data.PrivateKey) error

AddKey stores the contents of a private key. Both role and gun are ignored, we always use Key IDs as name, and don't support aliases

func (RethinkDBKeyStore) Bootstrap 

func (rdb RethinkDBKeyStore) Bootstrap() error

Bootstrap sets up the database and tables, also creating the notary signer user with appropriate db permission

func (RethinkDBKeyStore) CheckHealth 

func (rdb RethinkDBKeyStore) CheckHealth() error

CheckHealth verifies that DB exists and is query-able

func (RethinkDBKeyStore) Create 

func (rdb RethinkDBKeyStore) Create(role data.RoleName, gun data.GUN, algorithm string) (data.PublicKey, error)

Create will attempt to first re-use an inactive key for the same role, gun, and algorithm. If one isn't found, it will create a private key and add it to the DB as an inactive key

func (*RethinkDBKeyStore) GetKey 

func (rdb *RethinkDBKeyStore) GetKey(keyID string) data.PublicKey

GetKey returns the PublicKey given a KeyID, and does not activate the key

func (*RethinkDBKeyStore) GetPrivateKey 

func (rdb *RethinkDBKeyStore) GetPrivateKey(keyID string) (data.PrivateKey, data.RoleName, error)

GetPrivateKey returns the PrivateKey given a KeyID

func (RethinkDBKeyStore) ListAllKeys 

func (rdb RethinkDBKeyStore) ListAllKeys() map[string]data.RoleName

ListAllKeys always returns nil. This method is here to satisfy the CryptoService interface

func (RethinkDBKeyStore) ListKeys 

func (rdb RethinkDBKeyStore) ListKeys(role data.RoleName) []string

ListKeys always returns nil. This method is here to satisfy the CryptoService interface

func (*RethinkDBKeyStore) Name 

func (rdb *RethinkDBKeyStore) Name() string

Name returns a user friendly name for the storage location

func (RethinkDBKeyStore) RemoveKey 

func (rdb RethinkDBKeyStore) RemoveKey(keyID string) error

RemoveKey removes the key from the table

func (RethinkDBKeyStore) RotateKeyPassphrase 

func (rdb RethinkDBKeyStore) RotateKeyPassphrase(keyID, newPassphraseAlias string) error

RotateKeyPassphrase rotates the key-encryption-key

type SQLKeyDBStore 

type SQLKeyDBStore struct {
	// contains filtered or unexported fields
}

SQLKeyDBStore persists and manages private keys on a SQL database

func NewSQLKeyDBStore 

func NewSQLKeyDBStore(passphraseRetriever notary.PassRetriever, defaultPassAlias string,
	dbDialect string, dbArgs ...interface{}) (*SQLKeyDBStore, error)

NewSQLKeyDBStore returns a new SQLKeyDBStore backed by a SQL database

func (*SQLKeyDBStore) AddKey 

func (s *SQLKeyDBStore) AddKey(role data.RoleName, gun data.GUN, privKey data.PrivateKey) error

AddKey stores the contents of a private key. Both role and gun are ignored, we always use Key IDs as name, and don't support aliases

func (*SQLKeyDBStore) Create 

func (s *SQLKeyDBStore) Create(role data.RoleName, gun data.GUN, algorithm string) (data.PublicKey, error)

Create will attempt to first re-use an inactive key for the same role, gun, and algorithm. If one isn't found, it will create a private key and add it to the DB as an inactive key

func (*SQLKeyDBStore) GetKey 

func (s *SQLKeyDBStore) GetKey(keyID string) data.PublicKey

GetKey performs the same get as GetPrivateKey, but does not mark the as active and only returns the public bytes

func (*SQLKeyDBStore) GetPrivateKey 

func (s *SQLKeyDBStore) GetPrivateKey(keyID string) (data.PrivateKey, data.RoleName, error)

GetPrivateKey returns the PrivateKey given a KeyID

func (*SQLKeyDBStore) HealthCheck 

func (s *SQLKeyDBStore) HealthCheck() error

HealthCheck verifies that DB exists and is query-able

func (*SQLKeyDBStore) ListAllKeys 

func (s *SQLKeyDBStore) ListAllKeys() map[string]data.RoleName

ListAllKeys always returns nil. This method is here to satisfy the CryptoService interface

func (*SQLKeyDBStore) ListKeys 

func (s *SQLKeyDBStore) ListKeys(role data.RoleName) []string

ListKeys always returns nil. This method is here to satisfy the CryptoService interface

func (*SQLKeyDBStore) Name 

func (s *SQLKeyDBStore) Name() string

Name returns a user friendly name for the storage location

func (*SQLKeyDBStore) RemoveKey 

func (s *SQLKeyDBStore) RemoveKey(keyID string) error

RemoveKey removes the key from the keyfilestore

func (*SQLKeyDBStore) RotateKeyPassphrase 

func (s *SQLKeyDBStore) RotateKeyPassphrase(keyID, newPassphraseAlias string) error

RotateKeyPassphrase rotates the key-encryption-key

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.