NoOpOptionImpl implements the RPCOption, SignOption, VerifyOption interfaces as no-ops.
type NoOpOptionImpl struct{}
func (NoOpOptionImpl) ApplyContext(_ *context.Context)
ApplyContext is a no-op required to fully implement the requisite interfaces
func (NoOpOptionImpl) ApplyCryptoSignerOpts(_ *crypto.SignerOpts)
ApplyCryptoSignerOpts is a no-op required to fully implement the requisite interfaces
func (NoOpOptionImpl) ApplyDigest(_ *[]byte)
ApplyDigest is a no-op required to fully implement the requisite interfaces
func (NoOpOptionImpl) ApplyED25519ph(_ *bool)
ApplyED25519ph is a no-op required to fully implement the requisite interfaces
func (NoOpOptionImpl) ApplyHash(_ *crypto.Hash)
ApplyHash is a no-op required to fully implement the requisite interfaces
func (NoOpOptionImpl) ApplyKeyVersion(_ *string)
ApplyKeyVersion is a no-op required to fully implement the requisite interfaces
func (NoOpOptionImpl) ApplyKeyVersionUsed(_ **string)
ApplyKeyVersionUsed is a no-op required to fully implement the requisite interfaces
func (NoOpOptionImpl) ApplyRPCAuthOpts(_ *RPCAuth)
ApplyRPCAuthOpts is a no-op required to fully implement the requisite interfaces
func (NoOpOptionImpl) ApplyRSAPSS(_ **rsa.PSSOptions)
ApplyRSAPSS is a no-op required to fully implement the requisite interfaces
func (NoOpOptionImpl) ApplyRand(_ *io.Reader)
ApplyRand is a no-op required to fully implement the requisite interfaces
func (NoOpOptionImpl) ApplyRemoteVerification(_ *bool)
ApplyRemoteVerification is a no-op required to fully implement the requisite interfaces
RPCAuth provides credentials for RPC calls, empty fields are ignored
type RPCAuth struct {
Address string // address is the remote server address, e.g. https://vault:8200
Path string // path for the RPC, in vault this is the transit path which default to "transit"
Token string // token used for RPC, in vault this is the VAULT_TOKEN value
OIDC RPCAuthOIDC
}
RPCAuthOIDC is used to perform the RPC login using OIDC instead of a fixed token
type RPCAuthOIDC struct {
Path string // path defaults to "jwt" for vault
Role string // role is required for jwt logins
Token string // token is a jwt with vault
}
RPCAuthOpts includes authentication settings for RPC calls
type RPCAuthOpts struct {
NoOpOptionImpl
// contains filtered or unexported fields
}
func WithRPCAuthOpts(opts RPCAuth) RPCAuthOpts
WithRPCAuthOpts specifies RPCAuth settings to be used with RPC logins
func (r RPCAuthOpts) ApplyRPCAuthOpts(opts *RPCAuth)
ApplyRPCAuthOpts sets the RPCAuth as a function option
RequestContext implements the functional option pattern for including a context during RPC
type RequestContext struct {
NoOpOptionImpl
// contains filtered or unexported fields
}
func WithContext(ctx context.Context) RequestContext
WithContext specifies that the given context should be used in RPC to external services
func (r RequestContext) ApplyContext(ctx *context.Context)
ApplyContext sets the specified context as the functional option
RequestCryptoSignerOpts implements the functional option pattern for supplying crypto.SignerOpts when signing or verifying
type RequestCryptoSignerOpts struct {
NoOpOptionImpl
// contains filtered or unexported fields
}
func WithCryptoSignerOpts(opts crypto.SignerOpts) RequestCryptoSignerOpts
WithCryptoSignerOpts specifies that provided crypto.SignerOpts be used during signing and verification operations
func (r RequestCryptoSignerOpts) ApplyCryptoSignerOpts(opts *crypto.SignerOpts)
ApplyCryptoSignerOpts sets crypto.SignerOpts as a functional option
RequestDigest implements the functional option pattern for specifying a digest value
type RequestDigest struct {
NoOpOptionImpl
// contains filtered or unexported fields
}
func WithDigest(digest []byte) RequestDigest
WithDigest specifies that the given digest can be used by underlying signature implementations WARNING: When verifying a digest with ECDSA, it is trivial to craft a valid signature over a random message given a public key. Do not use this unles you understand the implications and do not need to protect against malleability.
func (r RequestDigest) ApplyDigest(digest *[]byte)
ApplyDigest sets the specified digest value as the functional option
RequestED25519ph implements the functional option pattern for specifying ED25519ph (pre-hashed) should be used when loading a signer or verifier and a ED25519 key is
type RequestED25519ph struct {
NoOpOptionImpl
// contains filtered or unexported fields
}
func WithED25519ph() RequestED25519ph
WithED25519ph specifies that the ED25519ph algorithm should be used when a ED25519 key is used
func (r RequestED25519ph) ApplyED25519ph(useED25519ph *bool)
ApplyED25519ph sets the ED25519ph flag as requested by the functional option
RequestHash implements the functional option pattern for setting a Hash function when loading a signer or verifier
type RequestHash struct {
NoOpOptionImpl
// contains filtered or unexported fields
}
func WithHash(hash crypto.Hash) RequestHash
WithHash specifies that the given hash function should be used when loading a signer or verifier
func (r RequestHash) ApplyHash(hash *crypto.Hash)
ApplyHash sets the hash as requested by the functional option
RequestKeyVersion implements the functional option pattern for specifying the KMS key version during signing or verification
type RequestKeyVersion struct {
NoOpOptionImpl
// contains filtered or unexported fields
}
func WithKeyVersion(keyVersion string) RequestKeyVersion
WithKeyVersion specifies that a specific KMS key version be used during signing and verification operations; a value of 0 will use the latest version of the key (default)
func (r RequestKeyVersion) ApplyKeyVersion(keyVersion *string)
ApplyKeyVersion sets the KMS's key version as a functional option
RequestKeyVersionUsed implements the functional option pattern for obtaining the KMS key version used during signing
type RequestKeyVersionUsed struct {
NoOpOptionImpl
// contains filtered or unexported fields
}
func ReturnKeyVersionUsed(keyVersionUsed *string) RequestKeyVersionUsed
ReturnKeyVersionUsed specifies that the specific KMS key version that was used during signing should be stored in the pointer provided
func (r RequestKeyVersionUsed) ApplyKeyVersionUsed(keyVersionUsed **string)
ApplyKeyVersionUsed requests to store the KMS's key version that was used as a functional option
RequestPSSOptions implements the functional option pattern for specifying RSA PSS should be used when loading a signer or verifier and a RSA key is detected
type RequestPSSOptions struct {
NoOpOptionImpl
// contains filtered or unexported fields
}
func WithRSAPSS(opts *rsa.PSSOptions) RequestPSSOptions
WithRSAPSS specifies that the RSAPSS algorithm should be used when a RSA key is used Note that the RSA PSSOptions contains an hash algorithm, which will override the hash function specified with WithHash.
func (r RequestPSSOptions) ApplyRSAPSS(opts **rsa.PSSOptions)
ApplyRSAPSS sets the RSAPSS options as requested by the functional option
RequestRand implements the functional option pattern for using a specific source of entropy
type RequestRand struct {
NoOpOptionImpl
// contains filtered or unexported fields
}
func WithRand(rand io.Reader) RequestRand
WithRand specifies that the given source of entropy should be used in signing operations
func (r RequestRand) ApplyRand(rand *io.Reader)
ApplyRand sets the specified source of entropy as the functional option
RequestRemoteVerification implements the functional option pattern for remotely verifiying signatures when possible
type RequestRemoteVerification struct {
NoOpOptionImpl
// contains filtered or unexported fields
}
func WithRemoteVerification(remoteVerification bool) RequestRemoteVerification
WithRemoteVerification specifies that the verification operation should be performed remotely (vs in the process of the caller)
func (r RequestRemoteVerification) ApplyRemoteVerification(remoteVerification *bool)
ApplyRemoteVerification sets remote verification as a functional option