ClearJustifications removes the justifications from the token by deleting the entire key.

ClearRequestor removes the req field from the JWT.

CreateBreakglassToken creates a JWT that can be used as "breakglass" if the system is configured to allow breakglass tokens.

GetJustifications retrieves a copy of the justifications on the token.

GetRequestor retrieves the identity of the principal that requested this JWT.

LoadConfig calls the necessary methods to load in config using the OsLookuper which finds env variables specified on the host.

NewClient returns a JVSClient with the cache initialized.

VerifyBreakglassToken accepts an HMAC-signed JWT and verifies the signature.

SetJustifications updates the justifications on the token.

SetRequestor sets the req field on the JWT.

WithTypedJustifications is an option for parsing JWTs that will convert decode the [Justification] claims into the correct Go structure.

This will immediately destroy the version specified.

This will immediately disable the version specified.

This rotates the specified key gracefully.

nolint:gosec.

DefaultJustificationCategory is the default justification category supported.

JustificationsKey is the key in the JWT where justifications are stored.

RequestorKey is the key in the JWT that holds the identity of the principal that requested this JWT.

Enum value maps for Action_ACTION.

Enum value maps for Action_ACTION.

CertificateActionService_ServiceDesc is the grpc.ServiceDesc for CertificateActionService service.

DefaultJustificationValidator is the [Validator] for the [DefaultJustificationCategory].

Handshake is a common handshake that is shared by plugin and host.

JVSPlugin_ServiceDesc is the grpc.ServiceDesc for JVSPlugin service.

JVSService_ServiceDesc is the grpc.ServiceDesc for JVSService service.

Action is intended to specify an action to be taken on a certificate version.

CertificateActionRequest is a request to do a manual action on a certificate.

CertificateActionResponse is a blank response.

Client allows for getting JWK keys from the JVS and validating JWTs with those keys.

Config is the jvs client configuration.

CreateJustificationRequest provides a justification to the server in order to receive a token.

CreateJustificationResponse contains a signed justification token.

ExplanationValidator is the built-in [Validator] for the "explanation" justifications.

GetUIDataRequest is the request to get the plugin data for display purposes.

Justification is intended to be used to provide reasons that data access is required.

PluginClient is an implementation of Validator that talks over RPC.

Here is the gRPC server that PluginClient talks to.

The UIData comprises the data that will be displayed.

UnimplementedCertificateActionServiceServer must be embedded to have forward compatible implementations.

UnimplementedJVSPluginServer must be embedded to have forward compatible implementations.

UnimplementedJVSServiceServer must be embedded to have forward compatible implementations.

ValidateJustificationRequest provides a justification for the server to validate.

ValidateJustificationResponse contains the validation result.

ValidatorPlugin implements [plugin.GRPCPlugin].

CertificateActionServiceClient is the client API for CertificateActionService service.

CertificateActionServiceServer is the server API for CertificateActionService service.

JVSPluginClient is the client API for JVSPlugin service.

JVSPluginServer is the server API for JVSPlugin service.

JVSServiceClient is the client API for JVSService service.

JVSServiceServer is the server API for JVSService service.

UnsafeCertificateActionServiceServer may be embedded to opt out of forward compatibility for this service.

UnsafeJVSPluginServer may be embedded to opt out of forward compatibility for this service.

UnsafeJVSServiceServer may be embedded to opt out of forward compatibility for this service.

The interface we are exposing as a plugin.