local

package
v0.0.0-...-b94e044 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 13, 2018 License: BSD-2-Clause Imports: 27 Imported by: 0

Documentation

Overview

Package local implements certificate signature functionality for CFSSL.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func OverrideHosts 

func OverrideHosts(template *x509.Certificate, hosts []string)

OverrideHosts fills template's IPAddresses, EmailAddresses, DNSNames, and URIs with the content of hosts, if it is not nil.

func PopulateSubjectFromCSR 

func PopulateSubjectFromCSR(s *signer.Subject, req pkix.Name) pkix.Name

PopulateSubjectFromCSR has functionality similar to Name, except it fills the fields of the resulting pkix.Name with req's if the subject's corresponding fields are empty

Types

type Signer 

type Signer struct {
	// contains filtered or unexported fields
}

Signer contains a signer that uses the standard library to support both ECDSA and RSA CA keys.

func NewSigner 

func NewSigner(priv crypto.Signer, cert *x509.Certificate, sigAlgo x509.SignatureAlgorithm, policy *config.Signing) (*Signer, error)

NewSigner creates a new Signer directly from a private key and certificate, with optional policy.

func NewSignerFromFile 

func NewSignerFromFile(caFile, caKeyFile string, policy *config.Signing) (*Signer, error)

NewSignerFromFile generates a new local signer from a caFile and a caKey file, both PEM encoded.

func (*Signer) Certificate 

func (s *Signer) Certificate(label, profile string) (*x509.Certificate, error)

Certificate returns the signer's certificate.

func (*Signer) GetDBAccessor 

func (s *Signer) GetDBAccessor() certdb.Accessor

GetDBAccessor returns the signers' cert db accessor

func (*Signer) Info 

func (s *Signer) Info(req info.Req) (resp *info.Resp, err error)

Info return a populated info.Resp struct or an error.

func (*Signer) Policy 

func (s *Signer) Policy() *config.Signing

Policy returns the signer's policy.

func (*Signer) SetDBAccessor 

func (s *Signer) SetDBAccessor(dba certdb.Accessor)

SetDBAccessor sets the signers' cert db accessor

func (*Signer) SetPolicy 

func (s *Signer) SetPolicy(policy *config.Signing)

SetPolicy sets the signer's signature policy.

func (*Signer) SetReqModifier 

func (s *Signer) SetReqModifier(func(*http.Request, []byte))

SetReqModifier does nothing for local

func (*Signer) SigAlgo 

func (s *Signer) SigAlgo() x509.SignatureAlgorithm

SigAlgo returns the RSA signer's signature algorithm.

func (*Signer) Sign 

func (s *Signer) Sign(req signer.SignRequest) (cert []byte, err error)

Sign signs a new certificate based on the PEM-encoded client certificate or certificate request with the signing profile, specified by profileName.

func (*Signer) SignFromPrecert 

func (s *Signer) SignFromPrecert(precert *x509.Certificate, scts []ct.SignedCertificateTimestamp) ([]byte, error)

SignFromPrecert creates and signs a certificate from an existing precertificate that was previously signed by Signer.ca and inserts the provided SCTs into the new certificate. The resulting certificate will be a exact copy of the precert except for the removal of the poison extension and the addition of the SCT list extension. SignFromPrecert does not verify that the contents of the certificate still match the signing profile of the signer, it only requires that the precert was previously signed by the Signers CA.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.