generator

package
Version: v0.0.0-...-d88cd6e Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Oct 1, 2015 License: BSD-2-Clause Imports: 15 Imported by: 0

Documentation

Overview

Package generator implements the HTTP handlers for certificate generation.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func CSRValidate

func CSRValidate(req *csr.CertificateRequest) error

CSRValidate contains the default validation logic for certificate requests to the API server. This follows the Baseline Requirements for the Issuance and Management of Publicly-Trusted Certificates, v.1.1.6, from the CA/Browser Forum (https://cabforum.org). Specifically, section 10.2.3 ("Information Requirements"), states:

"Applicant information MUST include, but not be limited to, at least one Fully-Qualified Domain Name or IP address to be included in the Certificate’s SubjectAltName extension."

func NewCertGeneratorHandler

func NewCertGeneratorHandler(validator Validator, caFile, caKeyFile string, policy *config.Signing) (http.Handler, error)

NewCertGeneratorHandler builds a new handler for generating certificates directly from certificate requests; the validator covers the certificate request and the CA's key and certificate are used to sign the generated request. If remote is not an empty string, the handler will send signature requests to the CFSSL instance contained in remote.

func NewCertGeneratorHandlerFromSigner

func NewCertGeneratorHandlerFromSigner(validator Validator, signer signer.Signer) http.Handler

NewCertGeneratorHandlerFromSigner returns a handler directly from the signer and validation function.

func NewHandler

func NewHandler(validator Validator) (http.Handler, error)

NewHandler builds a new Handler from the validation function provided.

Types

type CertGeneratorHandler

type CertGeneratorHandler struct {
	// contains filtered or unexported fields
}

A CertGeneratorHandler accepts JSON-encoded certificate requests and returns a new private key and signed certificate; it handles sending the CSR to the server.

func (*CertGeneratorHandler) Handle

Handle responds to requests for the CA to generate a new private key and certificate on behalf of the client. The format for these requests is documented in the API documentation.

type CertRequest

type CertRequest struct {
	Key  string         `json:"private_key"`
	CSR  string         `json:"certificate_request"`
	Sums map[string]Sum `json:"sums"`
}

A CertRequest stores a PEM-encoded private key and corresponding CSR; this is returned from the CSR generation endpoint.

type Handler

type Handler struct {
	// contains filtered or unexported fields
}

A Handler accepts JSON-encoded certificate requests and returns a new private key and certificate request.

func (*Handler) Handle

func (g *Handler) Handle(w http.ResponseWriter, r *http.Request) error

Handle responds to requests for the CA to generate a new private key and certificate request on behalf of the client. The format for these requests is documented in the API documentation.

type Sum

type Sum struct {
	MD5  string `json:"md5"`
	SHA1 string `json:"sha-1"`
}

Sum contains digests for a certificate or certificate request.

type Validator

type Validator func(*csr.CertificateRequest) error

Validator is a type of function that contains the logic for validating a certificate request.

Source Files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL