trireme-lib: go.aporeto.io/trireme-lib/controller/pkg/tokens Index | Files

package tokens

import "go.aporeto.io/trireme-lib/controller/pkg/tokens"

Index

Package Files

binarycodec.go binaryjwt.go binaryjwtclaimtypes.go errors.go jwt.go tokens.go

Constants

const (
    // MaxServerName must be of UUID size maximum
    MaxServerName = 24
    // NonceLength is the length of the Nonce to be used in the secrets
    NonceLength = 16
)

func CodeFromErr Uses

func CodeFromErr(err error) string

CodeFromErr returns the collector code from ErrToken

type BinaryJWTClaims Uses

type BinaryJWTClaims struct {
    // Tags
    T   []string `codec:",omitempty"`
    // Compressed tags
    CT  []string `codec:",omitempty"`
    // RMT is the nonce of the remote that has to be signed in the JWT
    RMT []byte `codec:",omitempty"`
    // LCL is the nonce of the local node that has to be signed
    LCL []byte `codec:",omitempty"`
    // EK is the ephemeral EC key for encryption
    EK  []byte `codec:",omitempty"`
    // ID is the source PU ID
    ID  string `codec:",omitempty"`
    // Expiration time
    ExpiresAt int64 `codec:",omitempty"`
    // SignerKey
    SignerKey []byte `codec:",omitempty"`
}

BinaryJWTClaims captures all the custom clains

func ConvertToBinaryClaims Uses

func ConvertToBinaryClaims(j *ConnectionClaims, validity time.Duration) *BinaryJWTClaims

ConvertToBinaryClaims coverts back,

func (*BinaryJWTClaims) CodecDecodeSelf Uses

func (x *BinaryJWTClaims) CodecDecodeSelf(d *codec1978.Decoder)

func (*BinaryJWTClaims) CodecEncodeSelf Uses

func (x *BinaryJWTClaims) CodecEncodeSelf(e *codec1978.Encoder)

type BinaryJWTConfig Uses

type BinaryJWTConfig struct {
    // ValidityPeriod  period of the JWT
    ValidityPeriod time.Duration
    // Issuer is the server that issues the JWT
    Issuer string
    // contains filtered or unexported fields
}

BinaryJWTConfig configures the JWT token generator with the standard parameters. One configuration is assigned to each server

func NewBinaryJWT Uses

func NewBinaryJWT(validity time.Duration, issuer string, s secrets.Secrets) (*BinaryJWTConfig, error)

NewBinaryJWT creates a new JWT token processor

func (*BinaryJWTConfig) CreateAndSign Uses

func (c *BinaryJWTConfig) CreateAndSign(isAck bool, claims *ConnectionClaims, nonce []byte, header *claimsheader.ClaimsHeader) (token []byte, err error)

CreateAndSign creates a new token, attaches an ephemeral key pair and signs with the issuer key. It also randomizes the source nonce of the token. It returns back the token and the private key.

func (*BinaryJWTConfig) Decode Uses

func (c *BinaryJWTConfig) Decode(isAck bool, data []byte, previousCert interface{}) (claims *ConnectionClaims, nonce []byte, publicKey interface{}, err error)

Decode takes as argument the JWT token and the certificate of the issuer. First it verifies the certificate with the local CA pool, and the decodes the JWT if the certificate is trusted

func (*BinaryJWTConfig) Randomize Uses

func (c *BinaryJWTConfig) Randomize(token []byte, nonce []byte) (err error)

Randomize adds a nonce to an existing token. Returns the nonce

type ConnectionClaims Uses

type ConnectionClaims struct {
    T   *policy.TagStore `json:",omitempty"`
    // RMT is the nonce of the remote that has to be signed in the JWT
    RMT []byte `json:",omitempty"`
    // LCL is the nonce of the local node that has to be signed
    LCL []byte `json:",omitempty"`
    // EK is the ephemeral EC key for encryption
    EK  []byte `json:",omitempty"`
    // C is the compressed tags in one string
    CT  *policy.TagStore `json:",omitempty"`
    // ID is the source PU ID
    ID  string `json:",omitempty"`
    // RemoteID is the ID of the remote if known.
    RemoteID string `json:",omitempty"`
    // H is the claims header
    H   claimsheader.HeaderBytes `json:",omitempty"`
}

ConnectionClaims captures all the claim information

type ErrToken Uses

type ErrToken struct {
    // contains filtered or unexported fields
}

ErrToken holds error message in string

func (*ErrToken) Code Uses

func (e *ErrToken) Code() string

Code returns collector reason

func (*ErrToken) Error Uses

func (e *ErrToken) Error() string

Error returns error in string

type JWTClaims Uses

type JWTClaims struct {
    *ConnectionClaims
    jwt.StandardClaims
}

JWTClaims captures all the custom clains

func ConvertToJWTClaims Uses

func ConvertToJWTClaims(b *BinaryJWTClaims) *JWTClaims

ConvertToJWTClaims converts to old claims

type JWTConfig Uses

type JWTConfig struct {
    // ValidityPeriod  period of the JWT
    ValidityPeriod time.Duration
    // Issuer is the server that issues the JWT
    Issuer string
    // contains filtered or unexported fields
}

JWTConfig configures the JWT token generator with the standard parameters. One configuration is assigned to each server

func NewJWT Uses

func NewJWT(validity time.Duration, issuer string, s secrets.Secrets) (*JWTConfig, error)

NewJWT creates a new JWT token processor

func (*JWTConfig) CreateAndSign Uses

func (c *JWTConfig) CreateAndSign(isAck bool, claims *ConnectionClaims, nonce []byte, claimsHeader *claimsheader.ClaimsHeader) (token []byte, err error)

CreateAndSign creates a new token, attaches an ephemeral key pair and signs with the issuer key. It also randomizes the source nonce of the token. It returns back the token and the private key.

func (*JWTConfig) Decode Uses

func (c *JWTConfig) Decode(isAck bool, data []byte, previousCert interface{}) (claims *ConnectionClaims, nonce []byte, publicKey interface{}, err error)

Decode takes as argument the JWT token and the certificate of the issuer. First it verifies the certificate with the local CA pool, and the decodes the JWT if the certificate is trusted

func (*JWTConfig) Randomize Uses

func (c *JWTConfig) Randomize(token []byte, nonce []byte) (err error)

Randomize adds a nonce to an existing token. Returns the nonce

type TokenEngine Uses

type TokenEngine interface {
    // CreteAndSign creates a token, signs it and produces the final byte string
    CreateAndSign(isAck bool, claims *ConnectionClaims, nonce []byte, claimsHeader *claimsheader.ClaimsHeader) (token []byte, err error)
    // Decode decodes an incoming buffer and returns the claims and the sender certificate
    Decode(isAck bool, data []byte, previousCert interface{}) (claims *ConnectionClaims, nonce []byte, publicKey interface{}, err error)
    // Randomize inserts a source nonce in an existing token - New nonce will be
    // create every time the token is transmitted as a challenge to the other side
    // even when the token is cached. There should be space in the token already.
    // Returns an error if there is no space
    Randomize([]byte, []byte) (err error)
}

TokenEngine is the interface to the different implementations of tokens

Package tokens imports 22 packages (graph) and is imported by 9 packages. Updated 2019-09-02. Refresh now. Tools for package owners.