Documentation
¶
Index ¶
- Constants
- Variables
- type Certificate
- type Issuer
- type SSH
- func (c SSH) GetCert(ctx context.Context) (any, error)
- func (c *SSH) GetSigners() ([]ssh.Signer, error)
- func (c SSH) Issue(ctx context.Context) error
- func (c SSH) Lifetime(_ context.Context) (validAfter, validBefore time.Time, err error)
- func (c SSH) RenewalFactor(_ context.Context) float64
- func (c *SSH) Type() string
- type SSHOption
- type TLS
- func (c *TLS) EncodedCert(_ context.Context) ([]byte, error)
- func (c TLS) GetCert(ctx context.Context) (any, error)
- func (c TLS) Issue(ctx context.Context) error
- func (c TLS) Lifetime(_ context.Context) (validAfter, validBefore time.Time, err error)
- func (c *TLS) Public() crypto.PublicKey
- func (c TLS) RenewalFactor(_ context.Context) float64
- func (c *TLS) SignMessage(rand io.Reader, msg []byte, opts crypto.SignerOpts) (signature []byte, err error)
- func (c *TLS) Type() string
- type TLSOption
Constants ¶
const ( TypeSSH = "pces_ssh" TypeTLS = "pces_tls" )
Supported certificate types.
Variables ¶
var ( ErrCertInvalid = errors.New("certificate is invalid") ErrCertExpired = errors.New("certificate expired") ErrCertNotFound = errors.New("certificate not found") ErrCertExists = errors.New("certificate already exists") ErrNoSigner = errors.New("signer not found") ErrSignerMismatch = errors.New("signer does not match certificate") ErrInvalidRenewalFactor = errors.New("renewal factor must be between 0.0 and 1.0") )
Certificate errors.
Functions ¶
This section is empty.
Types ¶
type Certificate ¶
type Certificate interface {
Issue(ctx context.Context) error
GetCert(ctx context.Context) (any, error)
Lifetime(ctx context.Context) (validAfter, validBefore time.Time, err error)
RenewalFactor(ctx context.Context) float64
Type() string
}
Certificate defines interface for certificate.
type SSH ¶
type SSH struct {
// contains filtered or unexported fields
}
SSH is a SSH certificate.
func (SSH) GetCert ¶
GetCert checks the vailidity of the certificate before returning it. If the certificate is invalid or expired, it will return corresponding error. It is up to the caller from that point to trigger a renewal.
func (*SSH) GetSigners ¶
GetSigners returns signers backed by the SSH certificate key.
func (SSH) RenewalFactor ¶
RenewalFactor determines at what timestamp this certificate needs to be renewed relative to its expiry time. This renewal time is determined using a decimal factor between 0 and 1 inclusive. For example, if the factor is 1, the certificate needs to be renewed at its expiry time. If the factor is 0.5, the certificate needs to be renewed halfway between the time it starts to be valid and its expiry time.
type SSHOption ¶
SSHOption is a functional option for SSH.
func WithSSHCert ¶
func WithSSHCert(cert *ssh.Certificate) SSHOption
WithSSHCert sets the SSH certificate.
func WithSSHCertFromFile ¶
WithSSHCertFromFile sets the SSH certificate from a file.
func WithSSHRenewalFactor ¶
WithSSHRenewalFactor sets the renewal factor on a Cert, it determines at what timestamp this certificate needs to be renewed relative to its expiry time. This renewal time is determined using a decimal factor between 0 and 1 inclusive. For example, if the factor is 1, the certificate needs to be renewed at its expiry time. If the factor is 0.5, the certificate needs to be renewed halfway between the time it starts to be valid and its expiry time.
type TLS ¶
type TLS struct {
// contains filtered or unexported fields
}
TLS is a TLS certificate.
func (*TLS) EncodedCert ¶
EncodedCert returns the TLS certificate chain data.
func (TLS) GetCert ¶
GetCert checks the vailidity of the certificate before returning it. If the certificate is invalid or expired, it will return corresponding error. It is up to the caller from that point to trigger a renewal.
func (TLS) RenewalFactor ¶
RenewalFactor determines at what timestamp this certificate needs to be renewed relative to its expiry time. This renewal time is determined using a decimal factor between 0 and 1 inclusive. For example, if the factor is 1, the certificate needs to be renewed at its expiry time. If the factor is 0.5, the certificate needs to be renewed halfway between the time it starts to be valid and its expiry time.
func (*TLS) SignMessage ¶
func (c *TLS) SignMessage(rand io.Reader, msg []byte, opts crypto.SignerOpts) (signature []byte, err error)
SignMessage implements SignMessage() method of crypto.MessageSigner interface.
type TLSOption ¶
TLSOption is a functional option for TLS.
func WithTLSCert ¶
func WithTLSCert(cert *tls.Certificate) TLSOption
WithTLSCert sets the TLS certificate.
func WithTLSCertFromFile ¶
WithTLSCertFromFile sets the TLS certificate from a pem-encoded file. Only CERTIFICATE blocks are parsed, all other blocks including PRIVATE KEY are ignored.
func WithTLSRenewalFactor ¶
WithTLSRenewalFactor sets the renewal factor on a Cert, it determines at what timestamp this certificate needs to be renewed relative to its expiry time. This renewal time is determined using a decimal factor between 0 and 1 inclusive. For example, if the factor is 1, the certificate needs to be renewed at its expiry time. If the factor is 0.5, the certificate needs to be renewed halfway between the time it starts to be valid and its expiry time.
Source Files