-
Notifications
You must be signed in to change notification settings - Fork 51
/
tokens.go
46 lines (42 loc) · 1.9 KB
/
tokens.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
package tokens
import (
"go.aporeto.io/trireme-lib/controller/pkg/claimsheader"
"go.aporeto.io/trireme-lib/controller/pkg/secrets"
"go.aporeto.io/trireme-lib/policy"
)
// ConnectionClaims captures all the claim information
type ConnectionClaims struct {
T *policy.TagStore `json:",omitempty"`
// RMT is the nonce of the remote that has to be signed in the JWT
RMT []byte `json:",omitempty"`
// LCL is the nonce of the local node that has to be signed
LCL []byte `json:",omitempty"`
// EK is the ephemeral EC key for encryption
EK []byte `json:",omitempty"`
// C is the compressed tags in one string
CT *policy.TagStore `json:",omitempty"`
// ID is the source PU ID
ID string `json:",omitempty"`
// RemoteID is the ID of the remote if known.
RemoteID string `json:",omitempty"`
// H is the claims header
H claimsheader.HeaderBytes `json:",omitempty"`
}
// TokenEngine is the interface to the different implementations of tokens
type TokenEngine interface {
// CreteAndSign creates a token, signs it and produces the final byte string
CreateAndSign(isAck bool, claims *ConnectionClaims, nonce []byte, claimsHeader *claimsheader.ClaimsHeader, secrets secrets.Secrets) (token []byte, err error)
// Decode decodes an incoming buffer and returns the claims and the sender certificate
Decode(isAck bool, data []byte, previousCert interface{}, secrets secrets.Secrets) (claims *ConnectionClaims, nonce []byte, publicKey interface{}, err error)
// Randomize inserts a source nonce in an existing token - New nonce will be
// create every time the token is transmitted as a challenge to the other side
// even when the token is cached. There should be space in the token already.
// Returns an error if there is no space
Randomize([]byte, []byte) (err error)
}
const (
// MaxServerName must be of UUID size maximum
MaxServerName = 24
// NonceLength is the length of the Nonce to be used in the secrets
NonceLength = 16
)