ca

package

v0.0.0-...-8f69376 Latest Latest Go to latest Published: Dec 20, 2018 License: Apache-2.0 Imports: 35 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/nordix/spire

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
func CreateServerCATemplate(csrDER []byte, trustDomain string, notBefore, notAfter time.Time, ...) (*x509.Certificate, error)
func CreateX509SVIDTemplate(csrDER []byte, trustDomain string, notBefore, notAfter time.Time, ...) (*x509.Certificate, error)
func GenerateServerCACSR(signer crypto.Signer, trustDomain string, subject pkix.Name) ([]byte, error)
func NewManager(c *ManagerConfig) *manager
func SelfSignServerCACertificate(signer crypto.Signer, trustDomain string, subject pkix.Name, ...) (*x509.Certificate, error)
func UpstreamSignServerCACertificate(ctx context.Context, upstreamCA upstreamca.UpstreamCA, signer crypto.Signer, ...) (*x509.Certificate, []*x509.Certificate, error)
type Manager
type ManagerConfig
type ServerCA

Constants ¶

View Source

const (
	DefaultSVIDTTL = time.Hour
	DefaultCATTL   = 24 * time.Hour
)

View Source

const (
	DefaultJWTSVIDTTL = time.Minute * 5
)

Variables ¶

This section is empty.

Functions ¶

func CreateServerCATemplate ¶

func CreateServerCATemplate(csrDER []byte, trustDomain string, notBefore, notAfter time.Time, serialNumber *big.Int) (*x509.Certificate, error)

func CreateX509SVIDTemplate ¶

func CreateX509SVIDTemplate(csrDER []byte, trustDomain string, notBefore, notAfter time.Time, serialNumber *big.Int) (*x509.Certificate, error)

func GenerateServerCACSR ¶

func GenerateServerCACSR(signer crypto.Signer, trustDomain string, subject pkix.Name) ([]byte, error)

func NewManager ¶

func NewManager(c *ManagerConfig) *manager

func SelfSignServerCACertificate ¶

func SelfSignServerCACertificate(signer crypto.Signer, trustDomain string, subject pkix.Name, notBefore, notAfter time.Time) (*x509.Certificate, error)

func UpstreamSignServerCACertificate ¶

func UpstreamSignServerCACertificate(ctx context.Context, upstreamCA upstreamca.UpstreamCA, signer crypto.Signer, trustDomain string, subject pkix.Name) (*x509.Certificate, []*x509.Certificate, error)

Types ¶

type Manager ¶

type Manager interface {
	// Initializes the CA manager. Must be called before a call to Run().
	Initialize(ctx context.Context) error

	// Run runs the CA manager. It blocks until a failure or the context is
	// canceled.
	Run(ctx context.Context) error

	// Returns the CA being managed
	CA() ServerCA
}

type ManagerConfig ¶

type ManagerConfig struct {
	Catalog        catalog.Catalog
	TrustDomain    url.URL
	UpstreamBundle bool
	SVIDTTL        time.Duration
	CATTL          time.Duration
	CASubject      pkix.Name
	CertsPath      string
	Log            logrus.FieldLogger
	Metrics        telemetry.Metrics
}

type ServerCA ¶

type ServerCA interface {
	SignX509SVID(ctx context.Context, csrDER []byte, ttl time.Duration) ([]*x509.Certificate, error)
	SignJWTSVID(ctx context.Context, jsr *node.JSR) (string, error)
}

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL