Documentation ¶
Index ¶
- type CA
- func (c *CA) CACerts(ctx context.Context, aps string, r *http.Request) ([]*x509.Certificate, error)
- func (c *CA) CSRAttrs(ctx context.Context, aps string, r *http.Request) (est.CSRAttrs, error)
- func (c *CA) EnableSigningWithRoot()
- func (c *CA) Enroll(ctx context.Context, csr *x509.CertificateRequest, aps string, r *http.Request) (*x509.Certificate, error)
- func (c *CA) Reenroll(ctx context.Context, cert *x509.Certificate, csr *x509.CertificateRequest, ...) (*x509.Certificate, error)
- func (c *CA) ServerKeyGen(ctx context.Context, csr *x509.CertificateRequest, aps string, r *http.Request) (*x509.Certificate, []byte, error)
- func (c *CA) TPMEnroll(ctx context.Context, csr *x509.CertificateRequest, ekcerts []*x509.Certificate, ...) ([]byte, []byte, []byte, error)
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type CA ¶
type CA struct {
// contains filtered or unexported fields
}
CA is responsible for signing certificates requested by clients using Enrollment over Secure Transport.
func New ¶
New creates a new CA for issuing certificates over EST backed by a *caddypki.CA instance.
func (*CA) EnableSigningWithRoot ¶
func (c *CA) EnableSigningWithRoot()
EnableSigningWithRoot enables signin with the CA root key instead of the intermedate key.
func (*CA) Enroll ¶
func (c *CA) Enroll(ctx context.Context, csr *x509.CertificateRequest, aps string, r *http.Request) (*x509.Certificate, error)
Enroll requests a new certificate. Also see RFC7030 4.2. It will perform several checks and validations
func (*CA) Reenroll ¶
func (c *CA) Reenroll(ctx context.Context, cert *x509.Certificate, csr *x509.CertificateRequest, aps string, r *http.Request) (*x509.Certificate, error)
Reenroll requests renewal of an existing certificate. Also see RFC7030 4.2. Currently it will take all of the information from the certificate and the CSR and pass the request on to Enroll(). Validation according to the RFC is performed by globalsign/est and we currently do not override the decision made in that library. The library will then pass on control by calling Reenroll and we again pass it on to Enroll()
func (*CA) ServerKeyGen ¶
func (c *CA) ServerKeyGen(ctx context.Context, csr *x509.CertificateRequest, aps string, r *http.Request) (*x509.Certificate, []byte, error)
ServerKeyGen requests a new certificate and a private key. In this case the private key is thus generated by the server instead of by the client. Currently not implemented yet.