Package ca provides the CertificateAuthority interface for the transport package, which provides an interface to get a CSR signed by some certificate authority.



This section is empty.


View Source
var ErrNoAuth = errors.New("transport: authentication is required for non-local remotes")

ErrNoAuth is returned when a client is talking to a CFSSL remote that is not on a loopback address and doesn't have an authentication provider set.


This section is empty.


type CFSSL

type CFSSL struct {
	Profile       string
	Label         string
	DefaultRemote client.Remote
	DefaultAuth   config.AuthKey
	// contains filtered or unexported fields

CFSSL provides support for signing certificates via CFSSL.

func NewCFSSLProvider

func NewCFSSLProvider(id *core.Identity, defaultRemote client.Remote) (*CFSSL, error)

NewCFSSLProvider takes the configuration information from an Identity (and an optional default remote), returning a CFSSL instance. There should be a profile in id called "cfssl", which should contain label and profile fields as needed.

func (*CFSSL) CACertificate

func (cap *CFSSL) CACertificate() ([]byte, error)

CACertificate returns the certificate for a CFSSL CA.

func (*CFSSL) SignCSR

func (cap *CFSSL) SignCSR(csrPEM []byte) (cert []byte, err error)

SignCSR requests a certificate from a CFSSL signer.

type CertificateAuthority

type CertificateAuthority interface {
	// SignCSR submits a PKCS #10 certificate signing request to a
	// CA for signing.
	SignCSR(csrPEM []byte) (cert []byte, err error)

	// CACertificate returns the certificate authority's
	// certificate.
	CACertificate() (cert []byte, err error)

A CertificateAuthority is capable of signing certificates given certificate signing requests.


Path Synopsis
Package localca implements a localca that is useful for testing the transport package.
Package localca implements a localca that is useful for testing the transport package.