trireme-lib: go.aporeto.io/trireme-lib/controller/pkg/secrets Index | Files

package secrets

import "go.aporeto.io/trireme-lib/controller/pkg/secrets"

Index

Package Files

compactpki.go interfaces.go null.go pkisecrets.go psksecrets.go secrets.go

type CompactPKI Uses

type CompactPKI struct {
    PrivateKeyPEM []byte
    PublicKeyPEM  []byte
    AuthorityPEM  []byte
    TokenKeyPEMs  [][]byte
    Compressed    constants.CompressionType
    // contains filtered or unexported fields
}

CompactPKI holds all PKI information

func NewCompactPKI Uses

func NewCompactPKI(keyPEM []byte, certPEM []byte, caPEM []byte, txKey []byte, compress constants.CompressionType) (*CompactPKI, error)

NewCompactPKI creates new secrets for PKI implementation based on compact encoding

func NewCompactPKIWithTokenCA Uses

func NewCompactPKIWithTokenCA(keyPEM []byte, certPEM []byte, caPEM []byte, tokenKeyPEMs [][]byte, txKey []byte, compress constants.CompressionType) (*CompactPKI, error)

NewCompactPKIWithTokenCA creates new secrets for PKI implementation based on compact encoding

func (*CompactPKI) AckSize Uses

func (p *CompactPKI) AckSize() uint32

AckSize returns the default size of an ACK packet

func (*CompactPKI) AuthPEM Uses

func (p *CompactPKI) AuthPEM() []byte

AuthPEM returns the Certificate Authority PEM

func (*CompactPKI) DecodingKey Uses

func (p *CompactPKI) DecodingKey(server string, ackKey interface{}, prevKey interface{}) (interface{}, error)

DecodingKey returns the public key

func (*CompactPKI) EncodingKey Uses

func (p *CompactPKI) EncodingKey() interface{}

EncodingKey returns the private key

func (*CompactPKI) EncodingPEM Uses

func (p *CompactPKI) EncodingPEM() []byte

EncodingPEM returns the certificate PEM that is used for encoding

func (*CompactPKI) PublicKey Uses

func (p *CompactPKI) PublicKey() interface{}

PublicKey returns the public key

func (*CompactPKI) PublicSecrets Uses

func (p *CompactPKI) PublicSecrets() PublicSecrets

PublicSecrets returns the secrets that are marshallable over the RPC interface.

func (*CompactPKI) TokenPEMs Uses

func (p *CompactPKI) TokenPEMs() [][]byte

TokenPEMs returns the Token Certificate Authorities

func (*CompactPKI) TransmittedKey Uses

func (p *CompactPKI) TransmittedKey() []byte

TransmittedKey returns the PEM of the public key in the case of PKI if there is no certificate cache configured

func (*CompactPKI) TransmittedPEM Uses

func (p *CompactPKI) TransmittedPEM() []byte

TransmittedPEM returns the PEM certificate that is transmitted

func (*CompactPKI) Type Uses

func (p *CompactPKI) Type() PrivateSecretsType

Type implements the interface Secrets

func (*CompactPKI) VerifyPublicKey Uses

func (p *CompactPKI) VerifyPublicKey(pkey []byte) (interface{}, error)

VerifyPublicKey verifies if the inband public key is correct.

type CompactPKIPublicSecrets Uses

type CompactPKIPublicSecrets struct {
    Type        PrivateSecretsType
    Key         []byte
    Certificate []byte
    CA          []byte
    TokenCAs    [][]byte
    Token       []byte
    Compressed  constants.CompressionType
}

CompactPKIPublicSecrets includes all the secrets that can be transmitted over the RPC interface.

func (*CompactPKIPublicSecrets) CertAuthority Uses

func (p *CompactPKIPublicSecrets) CertAuthority() []byte

CertAuthority returns the cert authority

func (*CompactPKIPublicSecrets) SecretsType Uses

func (p *CompactPKIPublicSecrets) SecretsType() PrivateSecretsType

SecretsType returns the type of secrets.

type NullPKI Uses

type NullPKI struct {
    PrivateKeyPEM []byte
    PublicKeyPEM  []byte
    AuthorityPEM  []byte
}

NullPKI holds all PKI information

func NewNullPKI Uses

func NewNullPKI(keyPEM, certPEM, caPEM []byte) (*NullPKI, error)

NewNullPKI creates new secrets for PKI implementation based on compact encoding

func (*NullPKI) AckSize Uses

func (p *NullPKI) AckSize() uint32

AckSize returns the default size of an ACK packet

func (*NullPKI) AuthPEM Uses

func (p *NullPKI) AuthPEM() []byte

AuthPEM returns the Certificate Authority PEM

func (*NullPKI) DecodingKey Uses

func (p *NullPKI) DecodingKey(server string, ackKey interface{}, prevKey interface{}) (interface{}, error)

DecodingKey returns the public key

func (*NullPKI) EncodingKey Uses

func (p *NullPKI) EncodingKey() interface{}

EncodingKey returns the private key

func (*NullPKI) EncodingPEM Uses

func (p *NullPKI) EncodingPEM() []byte

EncodingPEM returns the certificate PEM that is used for encoding

func (*NullPKI) PublicKey Uses

func (p *NullPKI) PublicKey() interface{}

PublicKey returns nil in this case

func (*NullPKI) PublicSecrets Uses

func (p *NullPKI) PublicSecrets() PublicSecrets

PublicSecrets returns the secrets that are marshallable over the RPC interface.

func (*NullPKI) TransmittedKey Uses

func (p *NullPKI) TransmittedKey() []byte

TransmittedKey returns the PEM of the public key in the case of PKI if there is no certificate cache configured

func (*NullPKI) TransmittedPEM Uses

func (p *NullPKI) TransmittedPEM() []byte

TransmittedPEM returns the PEM certificate that is transmitted

func (*NullPKI) Type Uses

func (p *NullPKI) Type() PrivateSecretsType

Type implements the interface Secrets

func (*NullPKI) VerifyPublicKey Uses

func (p *NullPKI) VerifyPublicKey(pkey []byte) (interface{}, error)

VerifyPublicKey verifies if the inband public key is correct.

type NullPublicSecrets Uses

type NullPublicSecrets struct {
    Type PrivateSecretsType
}

NullPublicSecrets includes all the secrets that can be transmitted over the RPC interface.

func (*NullPublicSecrets) CertAuthority Uses

func (p *NullPublicSecrets) CertAuthority() []byte

CertAuthority returns the cert authority - N/A to PSK

func (*NullPublicSecrets) SecretsType Uses

func (p *NullPublicSecrets) SecretsType() PrivateSecretsType

SecretsType returns the type of secrets.

type PKIPublicSecrets Uses

type PKIPublicSecrets struct {
    Type        PrivateSecretsType
    Key         []byte
    Certificate []byte
    CA          []byte
}

PKIPublicSecrets includes all the secrets that can be transmitted over the RPC interface.

func (*PKIPublicSecrets) CertAuthority Uses

func (p *PKIPublicSecrets) CertAuthority() []byte

CertAuthority returns the cert authority

func (*PKIPublicSecrets) SecretsType Uses

func (p *PKIPublicSecrets) SecretsType() PrivateSecretsType

SecretsType returns the type of secrets.

type PKISecrets Uses

type PKISecrets struct {
    PrivateKeyPEM    []byte
    PublicKeyPEM     []byte
    AuthorityPEM     []byte
    CertificateCache map[string]*ecdsa.PublicKey
    // contains filtered or unexported fields
}

PKISecrets holds all PKI information

func NewPKISecrets Uses

func NewPKISecrets(keyPEM, certPEM, caPEM []byte, certCache map[string]*ecdsa.PublicKey) (*PKISecrets, error)

NewPKISecrets creates new secrets for PKI implementations

func (*PKISecrets) AckSize Uses

func (p *PKISecrets) AckSize() uint32

AckSize returns the default size of an ACK packet

func (*PKISecrets) AuthPEM Uses

func (p *PKISecrets) AuthPEM() []byte

AuthPEM returns the Certificate Authority PEM

func (*PKISecrets) DecodingKey Uses

func (p *PKISecrets) DecodingKey(server string, ackCert interface{}, prevCert interface{}) (interface{}, error)

DecodingKey returns the public key

func (*PKISecrets) EncodingKey Uses

func (p *PKISecrets) EncodingKey() interface{}

EncodingKey returns the private key

func (*PKISecrets) EncodingPEM Uses

func (p *PKISecrets) EncodingPEM() []byte

EncodingPEM returns the certificate PEM that is used for encoding

func (*PKISecrets) PublicKey Uses

func (p *PKISecrets) PublicKey() interface{}

PublicKey returns the public key

func (*PKISecrets) PublicKeyAdd Uses

func (p *PKISecrets) PublicKeyAdd(host string, newCert []byte) error

PublicKeyAdd validates the parameter certificate. If valid, the corresponding key is added in the PublicKeyCache. If Invalid, an error is returned.

func (*PKISecrets) PublicSecrets Uses

func (p *PKISecrets) PublicSecrets() PublicSecrets

PublicSecrets returns the secrets that are marshallable over the RPC interface.

func (*PKISecrets) TransmittedKey Uses

func (p *PKISecrets) TransmittedKey() []byte

TransmittedKey returns the PEM of the public key in the case of PKI if there is no certificate cache configured

func (*PKISecrets) TransmittedPEM Uses

func (p *PKISecrets) TransmittedPEM() []byte

TransmittedPEM returns the PEM certificate that is transmitted

func (*PKISecrets) Type Uses

func (p *PKISecrets) Type() PrivateSecretsType

Type implements the interface Secrets

func (*PKISecrets) VerifyPublicKey Uses

func (p *PKISecrets) VerifyPublicKey(pkey []byte) (interface{}, error)

VerifyPublicKey verifies if the inband public key is correct.

type PSKPublicSecrets Uses

type PSKPublicSecrets struct {
    Type      PrivateSecretsType
    SharedKey []byte
}

PSKPublicSecrets includes all the secrets that can be transmitted over the RPC interface.

func (*PSKPublicSecrets) CertAuthority Uses

func (p *PSKPublicSecrets) CertAuthority() []byte

CertAuthority returns the cert authority - N/A to PSK

func (*PSKPublicSecrets) SecretsType Uses

func (p *PSKPublicSecrets) SecretsType() PrivateSecretsType

SecretsType returns the type of secrets.

type PSKSecrets Uses

type PSKSecrets struct {
    SharedKey []byte
}

PSKSecrets holds the shared key.

func NewPSKSecrets Uses

func NewPSKSecrets(psk []byte) *PSKSecrets

NewPSKSecrets creates new PSK Secrets.

func (*PSKSecrets) AckSize Uses

func (p *PSKSecrets) AckSize() uint32

AckSize returns the expected size of ack packets.

func (*PSKSecrets) AuthPEM Uses

func (p *PSKSecrets) AuthPEM() []byte

AuthPEM returns the Certificate Authority PEM.

func (*PSKSecrets) DecodingKey Uses

func (p *PSKSecrets) DecodingKey(server string, ackCert, prevCert interface{}) (interface{}, error)

DecodingKey returns the preshared key.

func (*PSKSecrets) EncodingKey Uses

func (p *PSKSecrets) EncodingKey() interface{}

EncodingKey returns the pre-shared key.

func (*PSKSecrets) EncodingPEM Uses

func (p *PSKSecrets) EncodingPEM() []byte

EncodingPEM returns the certificate PEM that is used for encoding.

func (*PSKSecrets) PublicKey Uses

func (p *PSKSecrets) PublicKey() interface{}

PublicKey returns the public key

func (*PSKSecrets) PublicSecrets Uses

func (p *PSKSecrets) PublicSecrets() PublicSecrets

PublicSecrets returns the secrets that are marshallable over the RPC interface.

func (*PSKSecrets) TransmittedKey Uses

func (p *PSKSecrets) TransmittedKey() []byte

TransmittedKey returns nil in the case of pre-shared key.

func (*PSKSecrets) TransmittedPEM Uses

func (p *PSKSecrets) TransmittedPEM() []byte

TransmittedPEM returns the PEM certificate that is transmitted.

func (*PSKSecrets) Type Uses

func (p *PSKSecrets) Type() PrivateSecretsType

Type implements the Secrets interface.

func (*PSKSecrets) VerifyPublicKey Uses

func (p *PSKSecrets) VerifyPublicKey(pkey []byte) (interface{}, error)

VerifyPublicKey always returns nil for pre-shared secrets.

type PrivateSecretsType Uses

type PrivateSecretsType int

PrivateSecretsType identifies the different secrets that are supported

const (
    // PKIType  for asymmetric signing
    PKIType PrivateSecretsType = iota
    // PSKType  for symetric signing
    PSKType
    // PKICompactType is for asymetric signing using compact JWTs on the wire
    PKICompactType
    // PKINull is for debugging
    PKINull
)

type PublicKeyAdder Uses

type PublicKeyAdder interface {

    // PublicKeyAdd adds the given cert for the given host.
    PublicKeyAdd(host string, cert []byte) error
}

PublicKeyAdder register a publicKey for a Node.

type PublicSecrets Uses

type PublicSecrets interface {
    SecretsType() PrivateSecretsType
    CertAuthority() []byte
}

PublicSecrets is an interface of the data structures of the secrets that can be transmitted over the RPC interface to the remotes.

type Secrets Uses

type Secrets interface {
    // Type must return the type of the secrets as defined in the PrivateSecretsType
    Type() PrivateSecretsType
    // EncodingKey returns the key used to encode the tokens.
    EncodingKey() interface{}
    // DecodingKey is the key used to decode the tokens.
    DecodingKey(server string, ackCert, prevCert interface{}) (interface{}, error)
    // PublicKey returns the public ket of the secrets.
    PublicKey() interface{}
    // TransmittedKey returns the public key as a byte slice and as it is transmitted
    // on the wire.
    TransmittedKey() []byte
    // VerifyPublicKey will verify a public key and whether it is signed by a trusted
    // authority.
    VerifyPublicKey(pkey []byte) (interface{}, error)
    // AckSize calculates the size of the ACK packet based on the keys.
    AckSize() uint32
    // PublicSecrets returns the PEM formated secrets to be transmitted over the RPC interface.
    PublicSecrets() PublicSecrets
}

Secrets is an interface implementing secrets

func NewSecrets Uses

func NewSecrets(s PublicSecrets) (Secrets, error)

NewSecrets creates a new set of secrets based on the type.

Package secrets imports 9 packages (graph) and is imported by 29 packages. Updated 2018-12-10. Refresh now. Tools for package owners.