ca

package

v0.0.0-...-ddb8ba8 Latest Latest Go to latest Published: Jan 24, 2021 License: Apache-2.0 Imports: 13 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/hslatman/caddy-est

Links

Open Source Insights

Documentation ¶

Index ¶

type CA
- func New(pkiCA *caddypki.CA, logger *zap.Logger) *CA

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type CA ¶

type CA struct {
	// contains filtered or unexported fields
}

CA is responsible for signing certificates requested by clients using Enrollment over Secure Transport.

func New ¶

func New(pkiCA *caddypki.CA, logger *zap.Logger) *CA

New creates a new CA for issuing certificates over EST backed by a *caddypki.CA instance.

func (*CA) CACerts ¶

func (c *CA) CACerts(ctx context.Context, aps string, r *http.Request) ([]*x509.Certificate, error)

CACerts returns the CA root certificate(s) according to RFC7030 4.1.

func (*CA) CSRAttrs ¶

func (c *CA) CSRAttrs(ctx context.Context, aps string, r *http.Request) (est.CSRAttrs, error)

CSRAttrs returns CSR attributes requested by this CA

func (*CA) EnableSigningWithRoot ¶

func (c *CA) EnableSigningWithRoot()

EnableSigningWithRoot enables signin with the CA root key instead of the intermedate key.

func (*CA) Enroll ¶

func (c *CA) Enroll(ctx context.Context, csr *x509.CertificateRequest, aps string, r *http.Request) (*x509.Certificate, error)

Enroll requests a new certificate. Also see RFC7030 4.2. It will perform several checks and validations

func (*CA) Reenroll ¶

func (c *CA) Reenroll(ctx context.Context, cert *x509.Certificate, csr *x509.CertificateRequest, aps string, r *http.Request) (*x509.Certificate, error)

Reenroll requests renewal of an existing certificate. Also see RFC7030 4.2. Currently it will take all of the information from the certificate and the CSR and pass the request on to Enroll(). Validation according to the RFC is performed by globalsign/est and we currently do not override the decision made in that library. The library will then pass on control by calling Reenroll and we again pass it on to Enroll()

func (*CA) ServerKeyGen ¶

func (c *CA) ServerKeyGen(ctx context.Context, csr *x509.CertificateRequest, aps string, r *http.Request) (*x509.Certificate, []byte, error)

ServerKeyGen requests a new certificate and a private key. In this case the private key is thus generated by the server instead of by the client. Currently not implemented yet.

func (*CA) TPMEnroll ¶

func (c *CA) TPMEnroll(ctx context.Context, csr *x509.CertificateRequest, ekcerts []*x509.Certificate, ekPub, akPub []byte, aps string, r *http.Request) ([]byte, []byte, []byte, error)

TPMEnroll to be implemented

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL