crypto

package

v0.9.0 Latest Latest Go to latest Published: Apr 25, 2022 License: Apache-2.0 Imports: 15 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/JEFFTheDev/pulsar-client-go

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
type DefaultMessageCrypto
- func NewDefaultMessageCrypto(logCtx string, keyGenNeeded bool, logger log.Logger) (*DefaultMessageCrypto, error)
type EncryptionKeyInfo
- func NewEncryptionKeyInfo(name string, key []byte, metadata map[string]string) *EncryptionKeyInfo
type FileKeyReader
- func NewFileKeyReader(publicKeyPath, privateKeyPath string) *FileKeyReader
- func (d *FileKeyReader) PrivateKey(keyName string, keyMeta map[string]string) (*EncryptionKeyInfo, error)
- func (d *FileKeyReader) PublicKey(keyName string, keyMeta map[string]string) (*EncryptionKeyInfo, error)
type KeyReader
type MessageCrypto
type MessageMetadata
type MessageMetadataSupplier
- func NewMessageMetadataSupplier(messageMetadata *pb.MessageMetadata) MessageMetadataSupplier

Constants ¶

View Source

const (
	// ProducerCryptoFailureActionFail this is the default option to fail send if crypto operation fails.
	ProducerCryptoFailureActionFail = iota

	// ProducerCryptoFailureActionSend ignore crypto failure and proceed with sending unencrypted message.
	ProducerCryptoFailureActionSend
)

View Source

const (
	// ConsumerCryptoFailureActionFail this is the default option to fail consume messages until crypto succeeds.
	ConsumerCryptoFailureActionFail = iota

	// ConsumerCryptoFailureActionDiscard  message is silently acknowledged and not delivered to the application
	ConsumerCryptoFailureActionDiscard

	// ConsumerCryptoFailureActionConsume deliver the encrypted message to the application.
	// It's the application's responsibility to decrypt the message.
	// if message is also compressed, decompression will fail.
	// If message contain batch messages, client will not be able to retrieve
	// individual messages in the batch.
	// delivered encrypted message contains EncryptionContext which contains encryption
	// and compression information in it using which application can decrypt the payload.
	ConsumerCryptoFailureActionConsume
)

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type DefaultMessageCrypto ¶

type DefaultMessageCrypto struct {
	// contains filtered or unexported fields
}

DefaultMessageCrypto implementation of the interface MessageCryto

func NewDefaultMessageCrypto ¶

func NewDefaultMessageCrypto(logCtx string, keyGenNeeded bool, logger log.Logger) (*DefaultMessageCrypto, error)

NewDefaultMessageCrypto get the instance of message crypto

func (*DefaultMessageCrypto) AddPublicKeyCipher ¶

func (d *DefaultMessageCrypto) AddPublicKeyCipher(keyNames []string, keyReader KeyReader) error

AddPublicKeyCipher encrypt data key using keyCrypto and cache

func (*DefaultMessageCrypto) Decrypt ¶

func (d *DefaultMessageCrypto) Decrypt(msgMetadata MessageMetadataSupplier,
	payload []byte,
	keyReader KeyReader) ([]byte, error)

Decrypt the payload using decrypted data key. Here data key is read from the message metadata and decrypted using private key.

func (*DefaultMessageCrypto) Encrypt ¶

func (d *DefaultMessageCrypto) Encrypt(encKeys []string,
	keyReader KeyReader,
	msgMetadata MessageMetadataSupplier,
	payload []byte) ([]byte, error)

Encrypt payload using encryption keys and add encrypted data key to message metadata. Here data key is encrypted using public key

func (*DefaultMessageCrypto) RemoveKeyCipher ¶

func (d *DefaultMessageCrypto) RemoveKeyCipher(keyName string) bool

RemoveKeyCipher remove encrypted data key from cache

type EncryptionKeyInfo ¶

type EncryptionKeyInfo struct {
	// contains filtered or unexported fields
}

EncryptionKeyInfo

func NewEncryptionKeyInfo ¶

func NewEncryptionKeyInfo(name string, key []byte, metadata map[string]string) *EncryptionKeyInfo

NewEncryptionKeyInfo create a new EncryptionKeyInfo

func (*EncryptionKeyInfo) Key ¶

func (eci *EncryptionKeyInfo) Key() []byte

Key get the key data

func (*EncryptionKeyInfo) Metadata ¶

func (eci *EncryptionKeyInfo) Metadata() map[string]string

Metadata get key metadata

func (*EncryptionKeyInfo) Name ¶

func (eci *EncryptionKeyInfo) Name() string

Name get the name of the key

type FileKeyReader ¶

type FileKeyReader struct {
	// contains filtered or unexported fields
}

FileKeyReader default implementation of KeyReader

func NewFileKeyReader ¶

func NewFileKeyReader(publicKeyPath, privateKeyPath string) *FileKeyReader

func (*FileKeyReader) PrivateKey ¶

func (d *FileKeyReader) PrivateKey(keyName string, keyMeta map[string]string) (*EncryptionKeyInfo, error)

PrivateKey read private key from the given path

func (*FileKeyReader) PublicKey ¶

func (d *FileKeyReader) PublicKey(keyName string, keyMeta map[string]string) (*EncryptionKeyInfo, error)

PublicKey read public key from the given path

type KeyReader ¶

type KeyReader interface {
	// PublicKey get public key that is be used by the producer to encrypt data key
	PublicKey(keyName string, metadata map[string]string) (*EncryptionKeyInfo, error)

	// PrivateKey get private key that is used by the consumer to decrypt data key
	PrivateKey(keyName string, metadata map[string]string) (*EncryptionKeyInfo, error)
}

KeyReader implement this interface to read and provide public & private keys key pair can be RSA, ECDSA

type MessageCrypto ¶

type MessageCrypto interface {

	// AddPublicKeyCipher encrypt data using the public key(s) in the argument.
	// If more than one key name is specified, data key is encrypted using each of those keys.
	// If the public key is expired or changed, application is responsible to remove
	// the old key and add the new key.
	AddPublicKeyCipher(keyNames []string, keyReader KeyReader) error

	// RemoveKeyCipher remove the key from the list
	RemoveKeyCipher(keyName string) bool

	// Encrypt the payload using the data key and update
	// message metadata with the key and encrypted data key
	Encrypt(encKeys []string, KeyReader KeyReader, msgMetadata MessageMetadataSupplier, payload []byte) ([]byte, error)

	// Decrypt the payload using the data key.
	// Keys used to encrypt the data key can be retrieved from msgMetadata
	Decrypt(msgMetadata MessageMetadataSupplier, payload []byte, KeyReader KeyReader) ([]byte, error)
}

MessageCrypto implement this interface to encrypt and decrypt messages

type MessageMetadata ¶

type MessageMetadata struct {
	// contains filtered or unexported fields
}

func (*MessageMetadata) EncryptionKeys ¶

func (m *MessageMetadata) EncryptionKeys() []EncryptionKeyInfo

func (*MessageMetadata) EncryptionParam ¶

func (m *MessageMetadata) EncryptionParam() []byte

func (*MessageMetadata) SetEncryptionParam ¶

func (m *MessageMetadata) SetEncryptionParam(param []byte)

func (*MessageMetadata) UpsertEncryptionKey ¶

func (m *MessageMetadata) UpsertEncryptionKey(keyInfo EncryptionKeyInfo)

type MessageMetadataSupplier ¶

type MessageMetadataSupplier interface {
	// EncryptionKeys read all the encryption keys from the MessageMetadata
	EncryptionKeys() []EncryptionKeyInfo

	// UpsertEncryptionKey add new or update existing EncryptionKeys in to the MessageMetadata
	UpsertEncryptionKey(EncryptionKeyInfo)

	// EncryptionParam read the ecryption parameter from the MessageMetadata
	EncryptionParam() []byte

	// SetEncryptionParam set encryption parameter in to the MessageMetadata
	SetEncryptionParam([]byte)
}

MessageMetadataSupplier wrapper implementation around message metadata

func NewMessageMetadataSupplier ¶

func NewMessageMetadataSupplier(messageMetadata *pb.MessageMetadata) MessageMetadataSupplier

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL