const (
// ObjectLabelPIV selects the PIV Authentication object.
ObjectLabelPIV = "PIV"
// ObjectLabelCardAuth selects the Card Authentication object.
ObjectLabelCardAuth = "CARD AUTH"
)
PKCS11Config contains PKCS#11-specific configuration.
type PKCS11Config struct {
// ObjectLabel selects a well-known PKCS#11 object such as "PIV" or "CARD AUTH", or an arbitrary PKCS#11 object label.
ObjectLabel string
// ObjectID selects a PKCS#11 object numerically.
ObjectID *uint32
// KeyID optionally overrides the default tenancy/user/fingerprint key ID.
KeyID string
// ModulePath optionally selects the PKCS#11 shared library to use.
ModulePath string
// TokenLabel optionally selects a token by PKCS#11 token label.
TokenLabel string
// TokenSerial optionally selects a token by PKCS#11 token serial.
TokenSerial string
}
PKCS11ConfigurationProvider provides user principal authentication backed by a PKCS#11 token.
type PKCS11ConfigurationProvider struct {
// contains filtered or unexported fields
}
func NewPKCS11ConfigurationProvider(tenancyID, userID, region, passphrase string) (*PKCS11ConfigurationProvider, error)
NewPKCS11ConfigurationProvider creates a PKCS#11-backed configuration provider using explicit tenancy, user, region, and passphrase values.
func NewPKCS11ConfigurationProviderFromConfigurationProvider(configProvider common.ConfigurationProvider, passphrase string) (*PKCS11ConfigurationProvider, error)
NewPKCS11ConfigurationProviderFromConfigurationProvider creates a PKCS#11-backed configuration provider using tenancy, user, and region values sourced from another configuration provider.
func NewPKCS11ConfigurationProviderFromConfigurationProviderWithConfig(configProvider common.ConfigurationProvider, passphrase string, pkcs11Config *PKCS11Config) (*PKCS11ConfigurationProvider, error)
NewPKCS11ConfigurationProviderFromConfigurationProviderWithConfig creates a PKCS#11-backed configuration provider using tenancy, user, and region values sourced from another configuration provider and additional PKCS#11-specific settings.
func NewPKCS11ConfigurationProviderFromDefaultConfig(passphrase string) (*PKCS11ConfigurationProvider, error)
NewPKCS11ConfigurationProviderFromDefaultConfig creates a PKCS#11-backed configuration provider using the DEFAULT profile from the default OCI config file path.
func NewPKCS11ConfigurationProviderFromFile(configFilePath, passphrase string) (*PKCS11ConfigurationProvider, error)
NewPKCS11ConfigurationProviderFromFile creates a PKCS#11-backed configuration provider using tenancy, user, and region values from the DEFAULT profile of an OCI config file.
func NewPKCS11ConfigurationProviderFromFileWithProfile(configFilePath, profile, passphrase string) (*PKCS11ConfigurationProvider, error)
NewPKCS11ConfigurationProviderFromFileWithProfile creates a PKCS#11-backed configuration provider using tenancy, user, and region values from the selected profile of an OCI config file.
func NewPKCS11ConfigurationProviderFromFileWithProfileAndConfig(configFilePath, profile, passphrase string, pkcs11Config *PKCS11Config) (*PKCS11ConfigurationProvider, error)
NewPKCS11ConfigurationProviderFromFileWithProfileAndConfig creates a PKCS#11-backed configuration provider using tenancy, user, and region values from the selected profile of an OCI config file and additional PKCS#11-specific settings.
func NewPKCS11ConfigurationProviderWithConfig(tenancyID, userID, region, passphrase string, pkcs11Config *PKCS11Config) (*PKCS11ConfigurationProvider, error)
NewPKCS11ConfigurationProviderWithConfig creates a PKCS#11-backed configuration provider using explicit tenancy, user, region, passphrase, and PKCS#11-specific settings. Uses default values for any PKCS#11 settings not provided.
func (p *PKCS11ConfigurationProvider) AuthType() (common.AuthConfig, error)
func (p *PKCS11ConfigurationProvider) Close() error
Close releases the PKCS#11 context.
func (p *PKCS11ConfigurationProvider) KeyFingerprint() (string, error)
func (p *PKCS11ConfigurationProvider) KeyID() (string, error)
func (p *PKCS11ConfigurationProvider) PrivateKeySigner() (crypto.Signer, error)
func (p *PKCS11ConfigurationProvider) PrivateRSAKey() (*rsa.PrivateKey, error)
func (p *PKCS11ConfigurationProvider) Region() (string, error)
func (p *PKCS11ConfigurationProvider) TenancyOCID() (string, error)
func (p *PKCS11ConfigurationProvider) UserOCID() (string, error)