Documentation
¶
Index ¶
- Constants
- func DefaultX509CASubject() pkix.Name
- func DefaultX509SVIDSubject() pkix.Name
- type AgentX509SVIDParams
- type Builder
- func (b *Builder) BuildAgentX509SVIDTemplate(ctx context.Context, params AgentX509SVIDParams) (*x509.Certificate, error)
- func (b *Builder) BuildDownstreamX509CATemplate(ctx context.Context, params DownstreamX509CAParams) (*x509.Certificate, error)
- func (b *Builder) BuildSelfSignedX509CATemplate(ctx context.Context, params SelfSignedX509CAParams) (*x509.Certificate, error)
- func (b *Builder) BuildServerX509SVIDTemplate(ctx context.Context, params ServerX509SVIDParams) (*x509.Certificate, error)
- func (b *Builder) BuildUpstreamSignedX509CACSR(ctx context.Context, params UpstreamSignedX509CAParams) (*x509.CertificateRequest, error)
- func (b *Builder) BuildWorkloadJWTSVIDClaims(ctx context.Context, params WorkloadJWTSVIDParams) (map[string]interface{}, error)
- func (b *Builder) BuildWorkloadX509SVIDTemplate(ctx context.Context, params WorkloadX509SVIDParams) (*x509.Certificate, error)
- func (b *Builder) Config() Config
- func (b *Builder) ValidateWorkloadJWTSVID(rawToken string, id spiffeid.ID) error
- func (b *Builder) ValidateX509CA(ca *x509.Certificate) error
- func (b *Builder) ValidateX509SVID(svid *x509.Certificate, id spiffeid.ID) error
- type Config
- type DownstreamX509CAParams
- type SelfSignedX509CAParams
- type ServerX509SVIDParams
- type UpstreamSignedX509CAParams
- type WorkloadJWTSVIDParams
- type WorkloadX509SVIDParams
Constants ¶
View Source
const ( // DefaultX509CATTL is the TTL given to X509 CAs if not overridden by // the server config. DefaultX509CATTL = time.Hour * 24 // DefaultX509SVIDTTL is the TTL given to X509 SVIDs if not overridden by // the server config. DefaultX509SVIDTTL = time.Hour // DefaultJWTSVIDTTL is the TTL given to JWT SVIDs if a different TTL is // not provided in the signing request. DefaultJWTSVIDTTL = time.Minute * 5 // NotBeforeCushion is how much of a cushion to subtract from the current // time when determining the notBefore field of certificates to account // for clock skew. NotBeforeCushion = 10 * time.Second )
Variables ¶
This section is empty.
Functions ¶
func DefaultX509CASubject ¶
DefaultX509CASubject is the default subject set on workload X509SVIDs TODO: This is a historic, but poor, default. We should revisit (see issue #3841).
func DefaultX509SVIDSubject ¶
DefaultX509SVIDSubject is the default subject set on workload X509SVIDs TODO: This is a historic, but poor, default. We should revisit (see issue #3841).
Types ¶
type AgentX509SVIDParams ¶
type Builder ¶
type Builder struct {
// contains filtered or unexported fields
}
func NewBuilder ¶
func (*Builder) BuildAgentX509SVIDTemplate ¶
func (b *Builder) BuildAgentX509SVIDTemplate(ctx context.Context, params AgentX509SVIDParams) (*x509.Certificate, error)
func (*Builder) BuildDownstreamX509CATemplate ¶
func (b *Builder) BuildDownstreamX509CATemplate(ctx context.Context, params DownstreamX509CAParams) (*x509.Certificate, error)
func (*Builder) BuildSelfSignedX509CATemplate ¶
func (b *Builder) BuildSelfSignedX509CATemplate(ctx context.Context, params SelfSignedX509CAParams) (*x509.Certificate, error)
func (*Builder) BuildServerX509SVIDTemplate ¶
func (b *Builder) BuildServerX509SVIDTemplate(ctx context.Context, params ServerX509SVIDParams) (*x509.Certificate, error)
func (*Builder) BuildUpstreamSignedX509CACSR ¶
func (b *Builder) BuildUpstreamSignedX509CACSR(ctx context.Context, params UpstreamSignedX509CAParams) (*x509.CertificateRequest, error)
func (*Builder) BuildWorkloadJWTSVIDClaims ¶
func (*Builder) BuildWorkloadX509SVIDTemplate ¶
func (b *Builder) BuildWorkloadX509SVIDTemplate(ctx context.Context, params WorkloadX509SVIDParams) (*x509.Certificate, error)
func (*Builder) ValidateWorkloadJWTSVID ¶
func (*Builder) ValidateX509CA ¶
func (b *Builder) ValidateX509CA(ca *x509.Certificate) error
func (*Builder) ValidateX509SVID ¶
type Config ¶
type Config struct {
TrustDomain spiffeid.TrustDomain
Clock clock.Clock
X509CASubject pkix.Name
X509CATTL time.Duration
X509SVIDSubject pkix.Name
X509SVIDTTL time.Duration
JWTSVIDTTL time.Duration
JWTIssuer string
AgentSVIDTTL time.Duration
CredentialComposers []credentialcomposer.CredentialComposer
NewSerialNumber func() (*big.Int, error)
}
type DownstreamX509CAParams ¶
type SelfSignedX509CAParams ¶
type ServerX509SVIDParams ¶
type ServerX509SVIDParams struct {
ParentChain []*x509.Certificate
PublicKey crypto.PublicKey
}
type WorkloadJWTSVIDParams ¶
Source Files
Click to show internal directories.
Click to hide internal directories.