fedentities

package
v0.2.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 4, 2025 License: MIT Imports: 24 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func RegisterEntityChecker 

func RegisterEntityChecker(configTypeName string, constructor func() EntityChecker)

RegisterEntityChecker registers a custom EntityChecker so EntityCheckerFromYAMLConfig knows about it and can return it from a yaml config

Types

type AuthorityHintEntityChecker 

type AuthorityHintEntityChecker struct {
	EntityID string `yaml:"entity_id"`
}

AuthorityHintEntityChecker checks that the entity has a certain entry in its authority_hints

func (AuthorityHintEntityChecker) Check 

func (c AuthorityHintEntityChecker) Check(
	entityConfiguration *pkg.EntityStatement,
	_ []string,
) (bool, int, *pkg.Error)

Check implements the EntityChecker interface

func (*AuthorityHintEntityChecker) UnmarshalYAML 

func (c *AuthorityHintEntityChecker) UnmarshalYAML(node *yaml.Node) error

UnmarshalYAML implements the yaml.Unmarshaler and EntityChecker interface

type EndpointConf 

type EndpointConf struct {
	Path string `yaml:"path"`
	URL  string `yaml:"url"`
}

EndpointConf is a type for configuring an endpoint with an internal and external path

func (EndpointConf) IsSet 

func (c EndpointConf) IsSet() bool

IsSet returns a bool indicating if this endpoint was configured or not

func (*EndpointConf) ValidateURL 

func (c *EndpointConf) ValidateURL(rootURL string) string

ValidateURL validates that an external URL is set, and if not prefixes the internal path with the passed rootURL and sets it at the external url

type EntityChecker 

type EntityChecker interface {
	// Check checks if the entity with the passed pkg.EntityStatement
	// satisfies the requirements of this EntityChecker or not
	// It returns a bool indicating this status,
	// and if not a http status code as well as a pkg.Error as api response
	Check(
		entityConfiguration *pkg.EntityStatement,
		entityTypes []string,
	) (bool, int, *pkg.Error)
	// Unmarshaler is used to load the configuration
	yaml.Unmarshaler
}

EntityChecker is an interface used to check if an entity satisfies some requirements, e.g. to check if an entity should be enrolled in the federation or should be issued a trust mark

func EntityCheckerFromEntityCheckerConfig 

func EntityCheckerFromEntityCheckerConfig(c EntityCheckerConfig) (
	EntityChecker,
	error,
)

EntityCheckerFromEntityCheckerConfig parses the passed EntityCheckerConfig and returns the configured EntityChecker

func EntityCheckerFromYAMLConfig 

func EntityCheckerFromYAMLConfig(config []byte) (EntityChecker, error)

EntityCheckerFromYAMLConfig passes the passed yaml config and returns the configured EntityChecker

type EntityCheckerConfig 

type EntityCheckerConfig struct {
	Type   string    `yaml:"type"`
	Config yaml.Node `yaml:"config,omitempty"`
}

EntityCheckerConfig is a type for configuring an EntityChecker through yaml

type EntityCheckerNone 

type EntityCheckerNone struct{}

EntityCheckerNone is a type implementing EntityChecker but that checks nothing

func (EntityCheckerNone) Check 

func (EntityCheckerNone) Check(_ *pkg.EntityStatement, _ []string) (
	bool, int, *pkg.Error,
)

Check implements the EntityChecker interface

func (EntityCheckerNone) UnmarshalYAML 

func (EntityCheckerNone) UnmarshalYAML(_ *yaml.Node) error

UnmarshalYAML implements the EntityChecker interface

type EntityIDEntityChecker 

type EntityIDEntityChecker struct {
	AllowedIDs []string `yaml:"entity_ids"`
}

EntityIDEntityChecker checks that the entity has a certain entity id

func (EntityIDEntityChecker) Check 

func (c EntityIDEntityChecker) Check(
	entityConfiguration *pkg.EntityStatement,
	_ []string,
) (bool, int, *pkg.Error)

Check implements the EntityChecker interface

func (*EntityIDEntityChecker) UnmarshalYAML 

func (c *EntityIDEntityChecker) UnmarshalYAML(node *yaml.Node) error

UnmarshalYAML implements the yaml.Unmarshaler and EntityChecker interface

type FedEntity 

type FedEntity struct {
	*pkg.FederationEntity
	*pkg.TrustMarkIssuer
	*pkg.GeneralJWTSigner
	SubordinateStatementsConfig
	// contains filtered or unexported fields
}

FedEntity is a type a that represents a federation entity that can have multiple purposes (TA/IA + TMI, etc.)

func NewFedEntity 

func NewFedEntity(
	entityID string, authorityHints []string, metadata *pkg.Metadata,
	privateSigningKey crypto.Signer, signingAlg jwa.SignatureAlgorithm, configurationLifetime int64,
	stmtConfig SubordinateStatementsConfig,
) (
	*FedEntity,
	error,
)

NewFedEntity creates a new FedEntity

func (*FedEntity) AddEnrollEndpoint 

func (fed *FedEntity) AddEnrollEndpoint(
	endpoint EndpointConf,
	store storage.SubordinateStorageBackend,
	checker EntityChecker,
)

AddEnrollEndpoint adds an endpoint to enroll to this IA/TA

func (*FedEntity) AddEnrollRequestEndpoint 

func (fed *FedEntity) AddEnrollRequestEndpoint(
	endpoint EndpointConf,
	store storage.SubordinateStorageBackend,
)

AddEnrollRequestEndpoint adds an endpoint to request enrollment to this IA /TA (this does only add a request to the storage, no automatic enrollment)

func (*FedEntity) AddFetchEndpoint 

func (fed *FedEntity) AddFetchEndpoint(endpoint EndpointConf, store storage.SubordinateStorageBackend)

AddFetchEndpoint adds a fetch endpoint

func (*FedEntity) AddResolveEndpoint 

func (fed *FedEntity) AddResolveEndpoint(endpoint EndpointConf)

AddResolveEndpoint adds a resolve endpoint

func (*FedEntity) AddSubordinateListingEndpoint 

func (fed *FedEntity) AddSubordinateListingEndpoint(
	endpoint EndpointConf, store storage.SubordinateStorageBackend,
	trustMarkStore storage.TrustMarkedEntitiesStorageBackend,
)

AddSubordinateListingEndpoint adds a subordinate listing endpoint

func (*FedEntity) AddTrustMarkEndpoint 

func (fed *FedEntity) AddTrustMarkEndpoint(
	endpoint EndpointConf,
	store storage.TrustMarkedEntitiesStorageBackend,
	checkers map[string]EntityChecker,
)

AddTrustMarkEndpoint adds a trust mark endpoint

func (*FedEntity) AddTrustMarkRequestEndpoint 

func (fed *FedEntity) AddTrustMarkRequestEndpoint(
	endpoint EndpointConf,
	store storage.TrustMarkedEntitiesStorageBackend,
)

AddTrustMarkRequestEndpoint adds an endpoint where entities can request to be entitled for a trust mark

func (*FedEntity) AddTrustMarkStatusEndpoint 

func (fed *FedEntity) AddTrustMarkStatusEndpoint(
	endpoint EndpointConf,
	store storage.TrustMarkedEntitiesStorageBackend,
)

AddTrustMarkStatusEndpoint adds a trust mark status endpoint

func (*FedEntity) AddTrustMarkedEntitiesListingEndpoint 

func (fed *FedEntity) AddTrustMarkedEntitiesListingEndpoint(
	endpoint EndpointConf,
	store storage.TrustMarkedEntitiesStorageBackend,
)

AddTrustMarkedEntitiesListingEndpoint adds a trust marked entities endpoint

func (FedEntity) CreateSubordinateStatement 

func (fed FedEntity) CreateSubordinateStatement(subordinate *storage.SubordinateInfo) pkg.EntityStatementPayload

CreateSubordinateStatement returns a pkg.EntityStatementPayload for the passed storage.SubordinateInfo

func (FedEntity) HttpHandlerFunc 

func (fed FedEntity) HttpHandlerFunc() http.HandlerFunc

HttpHandlerFunc returns a http.HandlerFunc for serving all the necessary endpoints

func (FedEntity) Listen 

func (fed FedEntity) Listen(addr string) error

Listen starts a http server at the specific address for serving all the necessary endpoints

type MultipleEntityCheckerAnd 

type MultipleEntityCheckerAnd struct {
	Checkers []EntityChecker
}

MultipleEntityCheckerAnd is an EntityChecker that combines multiple EntityChecker by requiring all checks to pass

func NewMultipleEntityCheckerAnd 

func NewMultipleEntityCheckerAnd(
	checkers ...EntityChecker,
) *MultipleEntityCheckerAnd

NewMultipleEntityCheckerAnd returns a new MultipleEntityCheckerAnd using all the passed EntityChecker

func (MultipleEntityCheckerAnd) Check 

func (c MultipleEntityCheckerAnd) Check(
	entityStatement *pkg.
		EntityStatement, entityTypes []string,
) (bool, int, *pkg.Error)

Check implements the EntityChecker interface

func (*MultipleEntityCheckerAnd) UnmarshalYAML 

func (c *MultipleEntityCheckerAnd) UnmarshalYAML(node *yaml.Node) error

UnmarshalYAML implements the yaml.Unmarshaler and EntityChecker interfaces

type MultipleEntityCheckerOr 

type MultipleEntityCheckerOr struct {
	Checkers []EntityChecker
}

MultipleEntityCheckerOr is an EntityChecker that combines multiple EntityChecker by requiring only one check to pass

func NewMultipleEntityCheckerOr 

func NewMultipleEntityCheckerOr(checkers ...EntityChecker) *MultipleEntityCheckerOr

NewMultipleEntityCheckerOr returns a new MultipleEntityCheckerOr using all the passed EntityChecker

func (MultipleEntityCheckerOr) Check 

func (c MultipleEntityCheckerOr) Check(
	entityStatement *pkg.EntityStatement, entityTypes []string,
) (bool, int, *pkg.Error)

Check implements the EntityChecker interface

func (*MultipleEntityCheckerOr) UnmarshalYAML 

func (c *MultipleEntityCheckerOr) UnmarshalYAML(node *yaml.Node) error

UnmarshalYAML implements the yaml.Unmarshaler and EntityChecker interfaces

type SubordinateStatementsConfig 

type SubordinateStatementsConfig struct {
	MetadataPolicies             *pkg.MetadataPolicies
	SubordinateStatementLifetime int64
	Constraints                  *pkg.ConstraintSpecification
	CriticalExtensions           []string
	MetadataPolicyCrit           []pkg.PolicyOperatorName
	Extra                        map[string]any
}

SubordinateStatementsConfig is a type for setting MetadataPolicies and additional attributes that should go into the SubordinateStatements issued by this FedEntity

type TrustMarkEntityChecker 

type TrustMarkEntityChecker struct {
	TrustMarkID         string                 `yaml:"trust_mark_id"`
	TrustAnchors        pkg.TrustAnchors       `yaml:"trust_anchors"`
	TrustMarkIssuerJWKS jwk.JWKS               `yaml:"trust_mark_issuer_jwks"`
	TrustMarkOwnerSpec  pkg.TrustMarkOwnerSpec `yaml:"trust_mark_owner"`
}

TrustMarkEntityChecker checks that the entity has a valid trust mark. The trust mark can be checked with a specific issuer or through the federation

func (TrustMarkEntityChecker) Check 

func (c TrustMarkEntityChecker) Check(
	entityConfiguration *pkg.EntityStatement,
	entityTypes []string,
) (bool, int, *pkg.Error)

Check implements the EntityChecker interface

func (*TrustMarkEntityChecker) UnmarshalYAML 

func (c *TrustMarkEntityChecker) UnmarshalYAML(node *yaml.Node) error

UnmarshalYAML implements the yaml.Unmarshaler and EntityChecker interface

type TrustPathEntityChecker 

type TrustPathEntityChecker struct {
	TrustAnchors pkg.TrustAnchors `yaml:"trust_anchors"`
	// contains filtered or unexported fields
}

TrustPathEntityChecker checks that the entity has a valid trust path to a trust anchor

func (TrustPathEntityChecker) Check 

func (c TrustPathEntityChecker) Check(
	entityConfiguration *pkg.EntityStatement,
	entityTypes []string,
) (bool, int, *pkg.Error)

Check implements the EntityChecker interface

func (*TrustPathEntityChecker) UnmarshalYAML 

func (c *TrustPathEntityChecker) UnmarshalYAML(node *yaml.Node) error

UnmarshalYAML implements the yaml.Unmarshaler and EntityChecker interface

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.