Documentation
¶
Overview ¶
Package client provides a client for interacting with the GlobalSigner service.
Index ¶
- type AttestationResponse
- type Client
- func (c *Client) Derive(ctx context.Context, req *DeriveRequest) (*DeriveResponse, error)
- func (c *Client) GetAttestation(ctx context.Context) (*AttestationResponse, error)
- func (c *Client) Health(ctx context.Context) error
- func (c *Client) ListKeys(ctx context.Context) ([]KeyVersion, error)
- func (c *Client) Sign(ctx context.Context, req *SignRequest) (*SignResponse, error)
- func (c *Client) SignRaw(ctx context.Context, req *SignRawRequest) (*SignResponse, error)
- type Config
- type DeriveRequest
- type DeriveResponse
- type KeyVersion
- type SignRawRequest
- type SignRequest
- type SignResponse
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type AttestationResponse ¶
type AttestationResponse struct {
KeyVersion string `json:"key_version"`
PubKeyHex string `json:"pubkey_hex"`
PubKeyHash string `json:"pubkey_hash"`
Quote string `json:"quote,omitempty"`
MRENCLAVE string `json:"mrenclave,omitempty"`
MRSIGNER string `json:"mrsigner,omitempty"`
ProdID uint16 `json:"prod_id,omitempty"`
ISVSVN uint16 `json:"isvsvn,omitempty"`
Timestamp string `json:"timestamp"`
Simulated bool `json:"simulated"`
}
AttestationResponse is the attestation for a key.
type Client ¶
type Client struct {
// contains filtered or unexported fields
}
Client is a client for the GlobalSigner service.
func (*Client) Derive ¶
func (c *Client) Derive(ctx context.Context, req *DeriveRequest) (*DeriveResponse, error)
Derive performs deterministic key derivation.
func (*Client) GetAttestation ¶
func (c *Client) GetAttestation(ctx context.Context) (*AttestationResponse, error)
GetAttestation gets the attestation for the active key.
func (*Client) ListKeys ¶
func (c *Client) ListKeys(ctx context.Context) ([]KeyVersion, error)
ListKeys lists all key versions.
func (*Client) Sign ¶
func (c *Client) Sign(ctx context.Context, req *SignRequest) (*SignResponse, error)
Sign performs domain-separated signing.
func (*Client) SignRaw ¶
func (c *Client) SignRaw(ctx context.Context, req *SignRawRequest) (*SignResponse, error)
SignRaw performs raw signing without domain separation.
type Config ¶
type Config struct {
BaseURL string
// ServiceID identifies the caller. In strict identity mode this is redundant
// (caller identity is enforced by MarbleRun mTLS), but it's still useful for
// local development and debugging.
ServiceID string
Timeout time.Duration
// HTTPClient optionally overrides the client used to execute requests.
// For MarbleRun mesh calls, prefer using `marble.Marble.HTTPClient()` so
// requests are sent over verified mTLS.
HTTPClient *http.Client
// MaxBodyBytes caps responses to prevent memory exhaustion.
MaxBodyBytes int64
}
Config holds client configuration.
type DeriveRequest ¶
type DeriveRequest struct {
Domain string `json:"domain"`
Path string `json:"path"`
KeyVersion string `json:"key_version,omitempty"`
}
DeriveRequest is a request for key derivation.
type DeriveResponse ¶
type DeriveResponse struct {
PubKeyHex string `json:"pubkey_hex"`
KeyVersion string `json:"key_version"`
}
DeriveResponse is the response from key derivation.
type KeyVersion ¶
type KeyVersion struct {
Version string `json:"version"`
Status string `json:"status"`
PubKeyHex string `json:"pubkey_hex"`
PubKeyHash string `json:"pubkey_hash"`
CreatedAt time.Time `json:"created_at"`
ActivatedAt *time.Time `json:"activated_at,omitempty"`
OverlapEndsAt *time.Time `json:"overlap_ends_at,omitempty"`
}
KeyVersion represents a key version.
type SignRawRequest ¶
type SignRawRequest struct {
Data string `json:"data"` // hex-encoded
KeyVersion string `json:"key_version,omitempty"`
}
SignRawRequest is a request for raw signing without domain separation.
type SignRequest ¶
type SignRequest struct {
Domain string `json:"domain"`
Data string `json:"data"` // hex-encoded
KeyVersion string `json:"key_version,omitempty"`
}
SignRequest is a request for domain-separated signing.
type SignResponse ¶
type SignResponse struct {
Signature string `json:"signature"` // hex-encoded
KeyVersion string `json:"key_version"`
PubKeyHex string `json:"pubkey_hex"`
}
SignResponse is the response from signing.
Source Files
Click to show internal directories.
Click to hide internal directories.