authn

package

v0.1.0 Latest Latest Go to latest Published: Apr 30, 2026 License: Apache-2.0 Imports: 15 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/oberones/OpenCook

Links

Open Source Insights

Documentation ¶

Index ¶

func LegacyHashedPathDebugValue(rawSign, path string) (string, bool)
func ParseRSAPrivateKeyPEM(data []byte) (*rsa.PrivateKey, error)
func ParseRSAPublicKeyPEM(data []byte) (*rsa.PublicKey, error)
type Capabilities
type ChefVerifier
- func NewChefVerifier(store KeyStore, opts Options) *ChefVerifier
- func (v *ChefVerifier) Capabilities() Capabilities
- func (v *ChefVerifier) Name() string
- func (v *ChefVerifier) Verify(ctx context.Context, req RequestContext) (VerificationResult, error)
type Error
- func (e *Error) Error() string
- func (e *Error) HTTPStatus() int
type ErrorKind
type Key
type KeyStore
type MemoryKeyStore
- func NewMemoryKeyStore() *MemoryKeyStore
- func (s *MemoryKeyStore) Delete(principal Principal, keyID string) error
- func (s *MemoryKeyStore) Lookup(_ context.Context, userID, organization string) ([]Key, error)
- func (s *MemoryKeyStore) Name() string
- func (s *MemoryKeyStore) Put(key Key) error
- func (s *MemoryKeyStore) Replace(keys []Key) error
type Options
type Principal
type RequestContext
type VerificationResult
type Verifier

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func LegacyHashedPathDebugValue ¶

func LegacyHashedPathDebugValue(rawSign, path string) (string, bool)

LegacyHashedPathDebugValue returns the server-side hashed path used by legacy Chef signing versions for safe authn failure diagnostics.

func ParseRSAPrivateKeyPEM ¶

func ParseRSAPrivateKeyPEM(data []byte) (*rsa.PrivateKey, error)

func ParseRSAPublicKeyPEM ¶

func ParseRSAPublicKeyPEM(data []byte) (*rsa.PublicKey, error)

Types ¶

type Capabilities ¶

type Capabilities struct {
	SupportedSignVersions []string `json:"supported_sign_versions"`
	SupportedAlgorithms   []string `json:"supported_algorithms"`
	AllowedClockSkew      string   `json:"allowed_clock_skew"`
	KeyStore              string   `json:"key_store"`
}

type ChefVerifier ¶

type ChefVerifier struct {
	// contains filtered or unexported fields
}

func NewChefVerifier ¶

func NewChefVerifier(store KeyStore, opts Options) *ChefVerifier

func (*ChefVerifier) Capabilities ¶

func (v *ChefVerifier) Capabilities() Capabilities

func (*ChefVerifier) Name ¶

func (v *ChefVerifier) Name() string

func (*ChefVerifier) Verify ¶

func (v *ChefVerifier) Verify(ctx context.Context, req RequestContext) (VerificationResult, error)

type Error ¶

type Error struct {
	Kind    ErrorKind
	Message string
	Headers []string
}

func (*Error) Error ¶

func (e *Error) Error() string

func (*Error) HTTPStatus ¶

func (e *Error) HTTPStatus() int

type ErrorKind ¶

type ErrorKind string

const (
	ErrorKindMissingHeaders    ErrorKind = "missing_headers"
	ErrorKindUnsupportedSign   ErrorKind = "unsupported_sign_description"
	ErrorKindBadHeaders        ErrorKind = "bad_headers"
	ErrorKindBadClock          ErrorKind = "bad_clock"
	ErrorKindRequestorNotFound ErrorKind = "requestor_not_found"
	ErrorKindBadSignature      ErrorKind = "bad_signature"
	ErrorKindKeyStoreFailure   ErrorKind = "key_store_failure"
)

type Key ¶

type Key struct {
	ID        string
	Principal Principal
	PublicKey *rsa.PublicKey
	ExpiresAt *time.Time
}

type KeyStore ¶

type KeyStore interface {
	Name() string
	Lookup(context.Context, string, string) ([]Key, error)
}

type MemoryKeyStore ¶

type MemoryKeyStore struct {
	// contains filtered or unexported fields
}

func NewMemoryKeyStore ¶

func NewMemoryKeyStore() *MemoryKeyStore

func (*MemoryKeyStore) Delete ¶

func (s *MemoryKeyStore) Delete(principal Principal, keyID string) error

func (*MemoryKeyStore) Lookup ¶

func (s *MemoryKeyStore) Lookup(_ context.Context, userID, organization string) ([]Key, error)

func (*MemoryKeyStore) Name ¶

func (s *MemoryKeyStore) Name() string

func (*MemoryKeyStore) Put ¶

func (s *MemoryKeyStore) Put(key Key) error

func (*MemoryKeyStore) Replace ¶

func (s *MemoryKeyStore) Replace(keys []Key) error

type Options ¶

type Options struct {
	AllowedClockSkew        *time.Duration
	Now                     func() time.Time
	DefaultServerAPIVersion string
}

type Principal ¶

type Principal struct {
	Type         string `json:"type"`
	Name         string `json:"name"`
	Organization string `json:"organization,omitempty"`
}

type RequestContext ¶

type RequestContext struct {
	Method           string
	Path             string
	Body             []byte
	Headers          map[string]string
	Organization     string
	ServerAPIVersion string
}

type VerificationResult ¶

type VerificationResult struct {
	Authenticated bool      `json:"authenticated"`
	Mode          string    `json:"mode"`
	Principal     Principal `json:"principal"`
	SignVersion   string    `json:"sign_version,omitempty"`
	Algorithm     string    `json:"algorithm,omitempty"`
	KeyID         string    `json:"key_id,omitempty"`
}

type Verifier ¶

type Verifier interface {
	Name() string
	Capabilities() Capabilities
	Verify(context.Context, RequestContext) (VerificationResult, error)
}

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL