v1.6.4 Latest Latest

This package is not in the latest version of its module.

Go to latest
Published: Mar 28, 2023 License: BSD-2-Clause Imports: 9 Imported by: 62



Package universal implements a signer that can do remote or local



This section is empty.


This section is empty.


func NewSigner

func NewSigner(root Root, policy *config.Signing) (signer.Signer, error)

NewSigner generates a new certificate signer from a Root structure. This is one of two standard signers: local or remote. If the root structure specifies a force remote, then a remote signer is created, otherwise either a remote or local signer is generated based on the policy. For a local signer, the CertFile and KeyFile need to be defined in Root.

func PrependLocalSignerToList

func PrependLocalSignerToList(signer localSignerCheck)

PrependLocalSignerToList prepends signer to the local signer's list


type Root

type Root struct {
	Config      map[string]string
	ForceRemote bool

Root is used to define where the universal signer gets its public certificate and private keys for signing.

type Signer

type Signer struct {
	// contains filtered or unexported fields

Signer represents a universal signer which is both local and remote to fulfill the signer.Signer interface.

func (*Signer) GetDBAccessor

func (s *Signer) GetDBAccessor() certdb.Accessor

GetDBAccessor returns the signer's cert db accessor.

func (*Signer) Info

func (s *Signer) Info(req info.Req) (resp *info.Resp, err error)

Info sends an info request to the remote or local CFSSL server receiving an Resp struct or an error in response.

func (*Signer) Policy

func (s *Signer) Policy() *config.Signing

Policy returns the signer's policy.

func (*Signer) SetDBAccessor

func (s *Signer) SetDBAccessor(dba certdb.Accessor)

SetDBAccessor sets the signer's cert db accessor.

func (*Signer) SetPolicy

func (s *Signer) SetPolicy(policy *config.Signing)

SetPolicy sets the signer's signature policy.

func (*Signer) SetReqModifier

func (s *Signer) SetReqModifier(mod func(*http.Request, []byte))

SetReqModifier sets the function to call to modify the HTTP request prior to sending it

func (*Signer) SigAlgo

func (s *Signer) SigAlgo() x509.SignatureAlgorithm

SigAlgo returns the RSA signer's signature algorithm.

func (*Signer) Sign

func (s *Signer) Sign(req signer.SignRequest) (cert []byte, err error)

Sign sends a signature request to either the remote or local signer, receiving a signed certificate or an error in response.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL