mirror of
https://github.com/coder/coder.git
synced 2025-07-10 23:53:15 +00:00
- Adds a `jwtutils` package to be shared amongst the various packages in the codebase that make use of JWTs. It's intended to help us standardize on one library instead of some implementations using `go-jose` and others using `golang-jwt`. The main reason we're converging on `go-jose` is due to its support for JWEs, `golang-jwt` also has a repo to handle it but it doesn't look maintained: https://github.com/golang-jwt/jwe
42 lines
1.7 KiB
Go
42 lines
1.7 KiB
Go
package cryptokeys
|
|
|
|
import (
|
|
"context"
|
|
"io"
|
|
|
|
"golang.org/x/xerrors"
|
|
)
|
|
|
|
var (
|
|
ErrKeyNotFound = xerrors.New("key not found")
|
|
ErrKeyInvalid = xerrors.New("key is invalid for use")
|
|
ErrClosed = xerrors.New("closed")
|
|
ErrInvalidFeature = xerrors.New("invalid feature for this operation")
|
|
)
|
|
|
|
type EncryptionKeycache interface {
|
|
// EncryptingKey returns the latest valid key for encrypting payloads. A valid
|
|
// key is one that is both past its start time and before its deletion time.
|
|
EncryptingKey(ctx context.Context) (id string, key interface{}, err error)
|
|
// DecryptingKey returns the key with the provided id which maps to its sequence
|
|
// number. The key is valid for decryption as long as it is not deleted or past
|
|
// its deletion date. We must allow for keys prior to their start time to
|
|
// account for clock skew between peers (one key may be past its start time on
|
|
// one machine while another is not).
|
|
DecryptingKey(ctx context.Context, id string) (key interface{}, err error)
|
|
io.Closer
|
|
}
|
|
|
|
type SigningKeycache interface {
|
|
// SigningKey returns the latest valid key for signing. A valid key is one
|
|
// that is both past its start time and before its deletion time.
|
|
SigningKey(ctx context.Context) (id string, key interface{}, err error)
|
|
// VerifyingKey returns the key with the provided id which should map to its
|
|
// sequence number. The key is valid for verifying as long as it is not deleted
|
|
// or past its deletion date. We must allow for keys prior to their start time
|
|
// to account for clock skew between peers (one key may be past its start time
|
|
// on one machine while another is not).
|
|
VerifyingKey(ctx context.Context, id string) (key interface{}, err error)
|
|
io.Closer
|
|
}
|