access

package
v0.10.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Oct 17, 2025 License: BSD-3-Clause-Clear Imports: 43 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	ErrPolicyDissemInvalid     = Error("policy dissem invalid")
	ErrDecisionUnexpected      = Error("authorization decision unexpected")
	ErrDecisionCountUnexpected = Error("authorization decision count unexpected")
)
View Source 
const (
	ErrHSM    = Error("hsm unexpected")
	ErrConfig = Error("invalid config")
)
View Source 
const (
	ErrCertificateEncode = Error("certificate encode error")
	ErrPublicKeyMarshal  = Error("public key marshal error")
)
View Source 
const (
	ErrUser     = Error("request error")
	ErrInternal = Error("internal error")

	ErrNanoTDFPolicyModeUnsupported = Error("unsupported policy mode")
)

Variables

This section is empty.

Functions

func ConvertToAuditKasPolicy added in v0.4.6 

func ConvertToAuditKasPolicy(policy Policy) audit.KasPolicy

Audit helper methods

Types

type Attribute 

type Attribute struct {
	URI           string           `json:"attribute"` // attribute
	PublicKey     crypto.PublicKey `json:"pubKey"`    // pubKey
	ProviderURI   string           `json:"kasUrl"`    // kasUrl
	SchemaVersion string           `json:"tdf_spec_version,omitempty"`
	Name          string           `json:"displayName"` // displayName
}

type CurrentKeyFor added in v0.4.7 

type CurrentKeyFor struct {
	Algorithm string `mapstructure:"alg" json:"alg"`
	KID       string `mapstructure:"kid" json:"kid"`
	// Indicates that the key should not be serves by default,
	// but instead is allowed for legacy reasons on decrypt (rewrap) only
	Legacy bool `mapstructure:"legacy" json:"legacy"`
}

Specifies the preferred/default key for a given algorithm type.

type Error 

type Error string

func (Error) Error 

func (e Error) Error() string

type KASConfig added in v0.4.7 

type KASConfig struct {
	// Which keys are currently the default.
	Keyring []CurrentKeyFor `mapstructure:"keyring" json:"keyring"`
	// Deprecated
	ECCertID string `mapstructure:"eccertid" json:"eccertid"`
	// Deprecated
	RSACertID string `mapstructure:"rsacertid" json:"rsacertid"`

	RootKey string `mapstructure:"root_key" json:"root_key"`

	KeyCacheExpiration time.Duration `mapstructure:"key_cache_expiration" json:"key_cache_expiration"`

	// Deprecated
	// Enables experimental EC rewrap support in TDFs
	// Enabling is required to parse KAOs with the `ec-wrapped` type,
	// and (currently) also enables responding with ECIES encrypted responses.
	ECTDFEnabled     bool    `mapstructure:"ec_tdf_enabled" json:"ec_tdf_enabled"`
	Preview          Preview `mapstructure:"preview" json:"preview"`
	RegisteredKASURI string  `mapstructure:"registered_kas_uri" json:"registered_kas_uri"`
}

func (*KASConfig) UpgradeMapToKeyring added in v0.4.39 

func (kasCfg *KASConfig) UpgradeMapToKeyring(c *security.StandardCrypto)

type KeyAccess added in v0.4.7 

type KeyAccess struct {
	EncryptedMetadata  string      `json:"encryptedMetadata,omitempty"`
	PolicyBinding      interface{} `json:"policyBinding,omitempty"`
	Protocol           string      `json:"protocol"`
	Type               string      `json:"type"`
	URL                string      `json:"url"`
	KID                string      `json:"kid,omitempty"`
	SID                string      `json:"sid,omitempty"`
	WrappedKey         []byte      `json:"wrappedKey,omitempty"`
	Header             []byte      `json:"header,omitempty"`
	Algorithm          string      `json:"algorithm,omitempty"`
	EphemeralPublicKey string      `json:"ephemeralPublicKey,omitempty"`
}

type PDPAccessResult added in v0.4.38 

type PDPAccessResult struct {
	Access bool
	Error  error
	Policy *Policy
}

type Policy 

type Policy struct {
	UUID uuid.UUID  `json:"uuid"`
	Body PolicyBody `json:"body"`
}

type PolicyBody 

type PolicyBody struct {
	DataAttributes []Attribute `json:"dataAttributes"`
	Dissem         []string    `json:"dissem"`
}

type Preview added in v0.5.5 

type Preview struct {
	ECTDFEnabled  bool `mapstructure:"ec_tdf_enabled" json:"ec_tdf_enabled"`
	KeyManagement bool `mapstructure:"key_management" json:"key_management"`
}

type Provider 

type Provider struct {
	kaspb.AccessServiceServer
	SDK          *otdf.SDK
	AttributeSvc *url.URL
	KeyDelegator *trust.DelegatingKeyService
	// Deprecated: Use SecurityProvider instead
	CryptoProvider *security.StandardCrypto // Kept for backward compatibility
	Logger         *logger.Logger
	Config         *config.ServiceConfig
	KASConfig
	trace.Tracer
}

func (*Provider) IsReady added in v0.4.2 

func (p *Provider) IsReady(ctx context.Context) error

func (*Provider) LegacyPublicKey 

func (p *Provider) LegacyPublicKey(ctx context.Context, req *connect.Request[kaspb.LegacyPublicKeyRequest]) (*connect.Response[wrapperspb.StringValue], error)

func (*Provider) PublicKey 

func (p *Provider) PublicKey(ctx context.Context, req *connect.Request[kaspb.PublicKeyRequest]) (*connect.Response[kaspb.PublicKeyResponse], error)

func (*Provider) Rewrap 

func (p *Provider) Rewrap(ctx context.Context, req *connect.Request[kaspb.RewrapRequest]) (*connect.Response[kaspb.RewrapResponse], error)

type RequestBody 

type RequestBody struct {
	AuthToken       string      `json:"authToken"`
	KeyAccess       KeyAccess   `json:"keyAccess"`
	Policy          string      `json:"policy,omitempty"`
	Algorithm       string      `json:"algorithm,omitempty"`
	ClientPublicKey string      `json:"clientPublicKey"`
	PublicKey       interface{} `json:"-"`
	SchemaVersion   string      `json:"schemaVersion,omitempty"`
}

type SignedRequestBody added in v0.4.1 

type SignedRequestBody struct {
	RequestBody string `json:"requestBody"`
}

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.