ca

package
v0.0.0-...-d8a8f93 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: May 2, 2019 License: Apache-2.0 Imports: 9 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type CertificateAuthority

type CertificateAuthority interface {
	// Sign generates a certificate for a workload or CA, from the given CSR and TTL.
	Sign(csrPEM []byte, ttl time.Duration, forCA bool) ([]byte, error)
	// GetCAKeyCertBundle returns the KeyCertBundle used by CA.
	GetCAKeyCertBundle() util.KeyCertBundle
}

CertificateAuthority contains methods to be supported by a CA.

type ErrType

type ErrType int

ErrType is the type for CA errors.

const (
	// CANotReady means the CA is not ready to sign CSRs.
	CANotReady ErrType = iota
	// CSRError means the CA cannot sign CSR due to CSR error.
	CSRError
	// TTLError means the required TTL is invalid.
	TTLError
	// CertGenError means an error happened during the certificate generation.
	CertGenError
)

type Error

type Error struct {
	// contains filtered or unexported fields
}

Error encapsulates the short and long errors.

func NewError

func NewError(t ErrType, err error) *Error

NewError creates a new Error instance.

func (Error) Error

func (e Error) Error() string

Error returns the string error message.

func (Error) ErrorType

func (e Error) ErrorType() string

ErrorType returns a short string representing the error type.

type IstioCA

type IstioCA struct {
	// contains filtered or unexported fields
}

IstioCA generates keys and certificates for Istio identities.

func NewIstioCA

func NewIstioCA(opts *IstioCAOptions) (*IstioCA, error)

NewIstioCA returns a new IstioCA instance.

func (*IstioCA) GetCAKeyCertBundle

func (ca *IstioCA) GetCAKeyCertBundle() util.KeyCertBundle

GetCAKeyCertBundle returns the KeyCertBundle for the CA.

func (*IstioCA) Sign

func (ca *IstioCA) Sign(csrPEM []byte, ttl time.Duration, forCA bool) ([]byte, error)

Sign takes a PEM-encoded CSR and ttl, and returns a signed certificate. If forCA is true, the signed certificate is a CA certificate, otherwise, it is a workload certificate. TODO(myidpt): Add error code to identify the Sign error types.

type IstioCAOptions

type IstioCAOptions struct {
	CAType cATypes

	CertTTL    time.Duration
	MaxCertTTL time.Duration

	KeyCertBundle util.KeyCertBundle

	LivenessProbeOptions *probe.Options
	ProbeCheckInterval   time.Duration
}

IstioCAOptions holds the configurations for creating an Istio CA. TODO(myidpt): remove IstioCAOptions.

func NewPluggedCertIstioCAOptions

func NewPluggedCertIstioCAOptions(certChainFile, signingCertFile, signingKeyFile, rootCertFile string,
	certTTL, maxCertTTL time.Duration) (caOpts *IstioCAOptions, err error)

NewPluggedCertIstioCAOptions returns a new IstioCAOptions instance using given certificate.

func NewSelfSignedIstioCAOptions

func NewSelfSignedIstioCAOptions(caCertTTL, certTTL, maxCertTTL time.Duration, org string,
	namespace string, core corev1.SecretsGetter) (caOpts *IstioCAOptions, err error)

NewSelfSignedIstioCAOptions returns a new IstioCAOptions instance using self-signed certificate.

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL