github.com/aporeto-inc/trireme-lib@v10.358.0+incompatible/controller/pkg/secrets/secrets.go

github.com/aporeto-inc/trireme-lib@v10.358.0+incompatible/controller/pkg/secrets/secrets.go (about)

     1  package secrets
     2  
     3  import (
     4  	"time"
     5  
     6  	"go.aporeto.io/enforcerd/trireme-lib/controller/pkg/claimsheader"
     7  	"go.aporeto.io/enforcerd/trireme-lib/controller/pkg/pkiverifier"
     8  )
     9  
    10  // LockedSecrets provides a way to use secrets where shared read access is required. The user becomes
    11  // responsible for unlocking when done using them. The implementation should lock the access to secrets
    12  // for reading, and pass down the function for unlocking.
    13  type LockedSecrets interface {
    14  	Secrets() (Secrets, func())
    15  }
    16  
    17  // Secrets is an interface implementing secrets
    18  type Secrets interface {
    19  	// EncodingKey returns the key used to encode the tokens.
    20  	EncodingKey() interface{}
    21  	// PublicKey returns the public ket of the secrets.
    22  	PublicKey() interface{}
    23  	// CertAuthority returns the CA
    24  	CertAuthority() []byte
    25  	// TransmittedKey returns the public key as a byte slice and as it is transmitted
    26  	// on the wire.
    27  	TransmittedKey() []byte
    28  	// KeyAndClaims will verify the public key and return any claims that are part of the key.
    29  	KeyAndClaims(pkey []byte) (interface{}, []string, time.Time, *pkiverifier.PKIControllerInfo, error)
    30  	// AckSize calculates the size of the ACK packet based on the keys.
    31  	AckSize() uint32
    32  	// RPCSecrets returns the PEM formated secrets to be transmitted over the RPC interface.
    33  	RPCSecrets() RPCSecrets
    34  }
    35  
    36  // ControllerInfo holds information about public keys
    37  type ControllerInfo struct {
    38  	// PublicKey is the public key for a controller which is used to verify the public token
    39  	// that that is transmitted over the wire. These were used to sign the txtKey.
    40  	PublicKey []byte
    41  	// Controller is information for a given controller.
    42  	Controller *pkiverifier.PKIControllerInfo
    43  }
    44  
    45  // RPCSecrets includes all the secrets that can be transmitted over
    46  // the RPC interface.
    47  type RPCSecrets struct {
    48  	Key                []byte
    49  	Certificate        []byte
    50  	CA                 []byte
    51  	TrustedControllers []*ControllerInfo
    52  	Token              []byte
    53  	Compressed         claimsheader.CompressionType
    54  }