trireme-lib: go.aporeto.io/trireme-lib/controller/pkg/secrets Index | Files

package secrets

import "go.aporeto.io/trireme-lib/controller/pkg/secrets"

Index

Package Files

compactpki.go interfaces.go null.go secrets.go test_utils.go

Variables

var (
    CAPEM = "" /* 620 byte string literal not displayed */

    CAKeyPEM = "" /* 228 byte string literal not displayed */

    PrivateKeyPEM = "" /* 228 byte string literal not displayed */

    PublicPEM = "" /* 649 byte string literal not displayed */

)

Certs

func CreateTxtToken Uses

func CreateTxtToken() []byte

CreateTxtToken creates a transmitter token

type CompactPKI Uses

type CompactPKI struct {
    PrivateKeyPEM []byte
    PublicKeyPEM  []byte
    AuthorityPEM  []byte
    TokenKeyPEMs  [][]byte
    Compressed    claimsheader.CompressionType
    // contains filtered or unexported fields
}

CompactPKI holds all PKI information

func NewCompactPKI Uses

func NewCompactPKI(keyPEM []byte, certPEM []byte, caPEM []byte, txKey []byte, compress claimsheader.CompressionType) (*CompactPKI, error)

NewCompactPKI creates new secrets for PKI implementation based on compact encoding

func NewCompactPKIWithTokenCA Uses

func NewCompactPKIWithTokenCA(keyPEM []byte, certPEM []byte, caPEM []byte, tokenKeyPEMs [][]byte, txKey []byte, compress claimsheader.CompressionType) (*CompactPKI, error)

NewCompactPKIWithTokenCA creates new secrets for PKI implementation based on compact encoding.

keyPEM: is the private key that will be used for signing tokens formated as a PEM file.
certPEM: is the public key that will be used formated as a PEM file.
tokenKeyPEMs: is a list of public keys that can be used to verify the public token that
              that is transmitted over the wire. These are essentially the public CA PEMs
              that were used to sign the txtKey
txKey: is the public key that is send over the wire.
compressionType: is packed with the secrets to indicate compression.

func (*CompactPKI) AckSize Uses

func (p *CompactPKI) AckSize() uint32

AckSize returns the default size of an ACK packet

func (*CompactPKI) EncodingKey Uses

func (p *CompactPKI) EncodingKey() interface{}

EncodingKey returns the private key

func (*CompactPKI) KeyAndClaims Uses

func (p *CompactPKI) KeyAndClaims(pkey []byte) (interface{}, []string, error)

KeyAndClaims returns both the key and any attributes associated with the public key.

func (*CompactPKI) PublicKey Uses

func (p *CompactPKI) PublicKey() interface{}

PublicKey returns the public key

func (*CompactPKI) PublicSecrets Uses

func (p *CompactPKI) PublicSecrets() PublicSecrets

PublicSecrets returns the secrets that are marshallable over the RPC interface.

func (*CompactPKI) TransmittedKey Uses

func (p *CompactPKI) TransmittedKey() []byte

TransmittedKey returns the PEM of the public key in the case of PKI if there is no certificate cache configured

func (*CompactPKI) Type Uses

func (p *CompactPKI) Type() PrivateSecretsType

Type implements the interface Secrets

type CompactPKIPublicSecrets Uses

type CompactPKIPublicSecrets struct {
    Type        PrivateSecretsType
    Key         []byte
    Certificate []byte
    CA          []byte
    TokenCAs    [][]byte
    Token       []byte
    Compressed  claimsheader.CompressionType
}

CompactPKIPublicSecrets includes all the secrets that can be transmitted over the RPC interface.

func (*CompactPKIPublicSecrets) CertAuthority Uses

func (p *CompactPKIPublicSecrets) CertAuthority() []byte

CertAuthority returns the cert authority

func (*CompactPKIPublicSecrets) SecretsType Uses

func (p *CompactPKIPublicSecrets) SecretsType() PrivateSecretsType

SecretsType returns the type of secrets.

type NullPKI Uses

type NullPKI struct {
    PrivateKeyPEM []byte
    PublicKeyPEM  []byte
    AuthorityPEM  []byte
}

NullPKI holds all PKI information

func NewNullPKI Uses

func NewNullPKI(keyPEM, certPEM, caPEM []byte) (*NullPKI, error)

NewNullPKI creates new secrets for PKI implementation based on compact encoding

func (*NullPKI) AckSize Uses

func (p *NullPKI) AckSize() uint32

AckSize returns the default size of an ACK packet

func (*NullPKI) EncodingKey Uses

func (p *NullPKI) EncodingKey() interface{}

EncodingKey returns the private key

func (*NullPKI) KeyAndClaims Uses

func (p *NullPKI) KeyAndClaims(pkey []byte) (interface{}, []string, error)

KeyAndClaims returns both the key and any attributes associated with the public key.

func (*NullPKI) PublicKey Uses

func (p *NullPKI) PublicKey() interface{}

PublicKey returns nil in this case

func (*NullPKI) PublicSecrets Uses

func (p *NullPKI) PublicSecrets() PublicSecrets

PublicSecrets returns the secrets that are marshallable over the RPC interface.

func (*NullPKI) TransmittedKey Uses

func (p *NullPKI) TransmittedKey() []byte

TransmittedKey returns the PEM of the public key in the case of PKI if there is no certificate cache configured

func (*NullPKI) Type Uses

func (p *NullPKI) Type() PrivateSecretsType

Type implements the interface Secrets

type NullPublicSecrets Uses

type NullPublicSecrets struct {
    Type PrivateSecretsType
}

NullPublicSecrets includes all the secrets that can be transmitted over the RPC interface.

func (*NullPublicSecrets) CertAuthority Uses

func (p *NullPublicSecrets) CertAuthority() []byte

CertAuthority returns the cert authority - N/A to PSK

func (*NullPublicSecrets) SecretsType Uses

func (p *NullPublicSecrets) SecretsType() PrivateSecretsType

SecretsType returns the type of secrets.

type PrivateSecretsType Uses

type PrivateSecretsType int

PrivateSecretsType identifies the different secrets that are supported

const (
    // PKICompactType is for asymetric signing using compact JWTs on the wire
    PKICompactType PrivateSecretsType = iota
    // PKINull is for debugging
    PKINull
)

type PublicKeyAdder Uses

type PublicKeyAdder interface {

    // PublicKeyAdd adds the given cert for the given host.
    PublicKeyAdd(host string, cert []byte) error
}

PublicKeyAdder register a publicKey for a Node.

type PublicSecrets Uses

type PublicSecrets interface {
    SecretsType() PrivateSecretsType
    CertAuthority() []byte
}

PublicSecrets is an interface of the data structures of the secrets that can be transmitted over the RPC interface to the remotes.

type Secrets Uses

type Secrets interface {
    // Type must return the type of the secrets as defined in the PrivateSecretsType
    Type() PrivateSecretsType
    // EncodingKey returns the key used to encode the tokens.
    EncodingKey() interface{}
    // PublicKey returns the public ket of the secrets.
    PublicKey() interface{}
    // TransmittedKey returns the public key as a byte slice and as it is transmitted
    // on the wire.
    TransmittedKey() []byte
    // KeyAndClaims will verify the public key and return any claims that are part of the key.
    KeyAndClaims(pkey []byte) (interface{}, []string, error)
    // AckSize calculates the size of the ACK packet based on the keys.
    AckSize() uint32
    // PublicSecrets returns the PEM formated secrets to be transmitted over the RPC interface.
    PublicSecrets() PublicSecrets
}

Secrets is an interface implementing secrets

func CreateCompactPKITestSecrets Uses

func CreateCompactPKITestSecrets() (*x509.Certificate, Secrets, error)

CreateCompactPKITestSecrets creates test secrets

func NewSecrets Uses

func NewSecrets(s PublicSecrets) (Secrets, error)

NewSecrets creates a new set of secrets based on the type.

Package secrets imports 9 packages (graph) and is imported by 30 packages. Updated 2019-02-20. Refresh now. Tools for package owners.