cert

package
v0.0.0-...-232e0ad Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Apr 26, 2018 License: BSD-2-Clause Imports: 21 Imported by: 0

Documentation

Overview

Package cert contains certificate specifications and certificate-specific management.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type CA

type CA struct {
	Name        string `json:"name" yaml:"name"`
	Remote      string `json:"remote" yaml:"remote"`
	Label       string `json:"label" yaml:"label"`
	Profile     string `json:"profile" yaml:"profile"`
	AuthKey     string `json:"auth_key" yaml:"auth_key"`
	AuthKeyFile string `json:"auth_key_file" yaml:"auth_key_file"`
	File        *File  `json:"file,omitempty" yaml:"file,omitempty"`
	// contains filtered or unexported fields
}

A CA contains the core details for a CFSSL CA. There are two ways to use this: fill out Name to refer to a global CA (e.g. as defined in the config file) or fill out Remote, Label, Profile, and AuthKey.

func (*CA) Load

func (ca *CA) Load() error

Load reads the CA certificate from the configured remote, and if a File section is present in the config, it will attempt to write the CA certificate to disk.

func (*CA) Refresh

func (ca *CA) Refresh() (bool, error)

Refresh fetches the latest CA cert. If it has changed, write the new CA cert and return true.

type File

type File struct {
	Path  string `json:"path" yaml:"path"`
	Owner string `json:"owner" yaml:"owner"`
	Group string `json:"group" yaml:"group"`
	Mode  string `json:"mode" yaml:"mode"`
	// contains filtered or unexported fields
}

File contains path and ownership information for a file.

func (*File) Parse

func (f *File) Parse(hint string) (err error)

Parse sets up the File structure from its string parameters; the hint is used to provide a hint as to what file is being processed for use in error messages. This includes validating that the user and group referenced exist; providing sensible defaults, and processing the mode. The method is intended to allow set up after unmarshalling from a configuration file.

func (*File) Remove

func (f *File) Remove() error

Remove deletes the file specified by the Path field.

func (*File) Set

func (f *File) Set() error

Set ensures the file has the right owner/group and mode.

type Spec

type Spec struct {

	// This defines the service manager to use.  This should be defined
	// globally rather than per cert- it's allowed here to allow cert
	// definitions to use a servicemanager of 'command' to allow freeform
	// invocations.
	ServiceManager string `json:"svcmgr" yaml:"svcmgr"`

	// The service is the service that uses this certificate. If
	// this field is not empty, the action below will be applied
	// to this service upon certificate renewal. It can also be
	// used to describe what this certificate is for.
	Service string `json:"service" yaml:"service"`

	// Action is one of empty, "nop", "reload", or "restart" (see
	// the svcmgr package for details).
	Action string `json:"action" yaml:"action"`

	// Request contains the CSR metadata needed to request a
	// certificate.
	Request *csr.CertificateRequest `json:"request" yaml:"request"`

	// Key contains the file metadata for the private key.
	Key *File `json:"private_key" yaml:"private_key"`

	// Cert contains the file metadata for the certificate.
	Cert *File `json:"certificate" yaml:"certificate"`

	// CA specifies the certificate authority that should be used.
	CA CA `json:"authority" yaml:"authority"`

	// Path points to the on-disk location of the certificate
	// spec.
	Path string
	// contains filtered or unexported fields
}

A Spec contains information needed to monitor and renew a certificate.

func Load

func Load(path, remote string, before time.Duration) (*Spec, error)

Load reads a spec from a JSON configuration file.

func (*Spec) Backoff

func (spec *Spec) Backoff() time.Duration

Backoff returns the backoff delay.

func (*Spec) Certificate

func (spec *Spec) Certificate() *x509.Certificate

Certificate returns the x509.Certificate associated with the spec if one exists.

func (*Spec) Dequeue

func (spec *Spec) Dequeue()

Dequeue marks the spec as having been removed from the renewal queue.

func (*Spec) Identity

func (spec *Spec) Identity() (*core.Identity, error)

Identity creates a transport package identity for the certificate.

func (*Spec) IsQueued

func (spec *Spec) IsQueued() bool

IsQueued returns true if the spec is already queued for renewal.

func (*Spec) Lifespan

func (spec *Spec) Lifespan() time.Duration

Lifespan returns a time.Duration for the certificate's validity.

func (*Spec) Queue

func (spec *Spec) Queue()

Queue marks the spec as being queued for renewal.

func (*Spec) Ready

func (spec *Spec) Ready() bool

Ready returns true if the key pair specified by the Spec exists; it doesn't check whether it needs to be renewed.

func (*Spec) RefreshKeys

func (spec *Spec) RefreshKeys() error

RefreshKeys will make sure the key pair in the Spec has loaded keys and has a valid certificate. It will handle any persistence, check that the certificate is valid (i.e. that its expiry date is within the Before date), and handle certificate reissuance as needed.

func (*Spec) ResetBackoff

func (spec *Spec) ResetBackoff()

ResetBackoff resets the spec's backoff.

func (*Spec) String

func (spec *Spec) String() string

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL