Documentation

Overview

Package ca provides the CertificateAuthority interface for the transport package, which provides an interface to get a CSR signed by some certificate authority.

Index

Constants

This section is empty.

Variables

View Source
var ErrNoAuth = errors.New("transport: authentication is required for non-local remotes")

ErrNoAuth is returned when a client is talking to a CFSSL remote that is not on a loopback address and doesn't have an authentication provider set.

Functions

This section is empty.

Types

type CFSSL

type CFSSL struct {
	Profile       string
	Label         string
	DefaultRemote client.Remote
	DefaultAuth   config.AuthKey
	// contains filtered or unexported fields
}

CFSSL provides support for signing certificates via CFSSL.

func NewCFSSLProvider

func NewCFSSLProvider(id *core.Identity, defaultRemote client.Remote) (*CFSSL, error)

NewCFSSLProvider takes the configuration information from an Identity (and an optional default remote), returning a CFSSL instance. There should be a profile in id called "cfssl", which should contain label and profile fields as needed.

func (*CFSSL) CACertificate

func (cap *CFSSL) CACertificate() ([]byte, error)

CACertificate returns the certificate for a CFSSL CA.

func (*CFSSL) SignCSR

func (cap *CFSSL) SignCSR(csrPEM []byte) (cert []byte, err error)

SignCSR requests a certificate from a CFSSL signer.

type CertificateAuthority

type CertificateAuthority interface {
	// SignCSR submits a PKCS #10 certificate signing request to a
	// CA for signing.
	SignCSR(csrPEM []byte) (cert []byte, err error)

	// CACertificate returns the certificate authority's
	// certificate.
	CACertificate() (cert []byte, err error)
}

A CertificateAuthority is capable of signing certificates given certificate signing requests.

Directories

Path Synopsis
Package localca implements a localca that is useful for testing the transport package.
Package localca implements a localca that is useful for testing the transport package.