Version: v0.0.0-...-a91455d Latest Latest

This package is not in the latest version of its module.

Go to latest
Published: Apr 3, 2019 License: Apache-2.0 Imports: 50 Imported by: 0




View Source
const (

	// CAChainParentFirstEnvVar is the name of the environment variable that needs to be set
	// for server to return CA chain in parent-first order
	CAChainParentFirstEnvVar = "CA_CHAIN_PARENT_FIRST"


This section is empty.


func GetAttrExtension

func GetAttrExtension(ca *CA, attrReqs []*api.AttributeRequest, id, profile string) (*signer.Extension, error)

GetAttrExtension returns an attribute extension to place into a signing request

func LoadPEMCertPool

func LoadPEMCertPool(certFiles []string) (*x509.CertPool, error)

LoadPEMCertPool loads a pool of PEM certificate from list of files

func ReadBody

func ReadBody(r *http.Request, body interface{}) error

ReadBody reads the request body and JSON unmarshals into 'body'

func ReadBodyBytes

func ReadBodyBytes(r *http.Request) ([]byte, error)

ReadBodyBytes reads the request body and returns bytes

func TryReadBody

func TryReadBody(r *http.Request, body interface{}) (bool, error)

TryReadBody reads the request body into 'body' if not empty


type Accessor

type Accessor struct {
	// contains filtered or unexported fields

Accessor implements db.Accessor interface

func NewDBAccessor

func NewDBAccessor(db *dbutil.DB) *Accessor

NewDBAccessor si a constructor for the database API

func (*Accessor) DeleteUser

func (d *Accessor) DeleteUser(id string) (registry.User, error)

DeleteUser deletes user from database

func (*Accessor) GetUser

func (d *Accessor) GetUser(id string, attrs []string) (registry.User, error)

GetUser gets user from database

func (*Accessor) InsertUser

func (d *Accessor) InsertUser(user *registry.UserInfo) error

InsertUser inserts user into database

func (*Accessor) SetDB

func (d *Accessor) SetDB(db *dbutil.DB)

SetDB changes the underlying sql.DB object Accessor is manipulating.

func (*Accessor) UpdateUser

func (d *Accessor) UpdateUser(user *registry.UserInfo, updatePass bool) error

UpdateUser updates user in database

type CA

type CA struct {
	// The home directory for the CA
	HomeDir string
	// The CA's configuration
	Config *config.CAConfig
	// contains filtered or unexported fields

CA represents a certificate authority which signs, issues and revokes certificates

type CertDBAccessor

type CertDBAccessor struct {
	// contains filtered or unexported fields

CertDBAccessor implements certdb.Accessor interface

func NewCertDBAccessor

func NewCertDBAccessor(db *dbutil.DB) *CertDBAccessor

NewCertDBAccessor returns a new Accessor

func (*CertDBAccessor) GetCertificate

func (d *CertDBAccessor) GetCertificate(serial, aki string) (crs []certdb.CertificateRecord, err error)

GetCertificate gets a CertificateRecord indexed by serial.

func (*CertDBAccessor) GetCertificateWithID

func (d *CertDBAccessor) GetCertificateWithID(serial, aki string) (crs CertRecord, err error)

GetCertificateWithID gets a CertRecord indexed by serial

func (*CertDBAccessor) GetCertificatesByID

func (d *CertDBAccessor) GetCertificatesByID(id string) (crs []CertRecord, err error)

GetCertificatesByID gets a CertRecord indexed by id

func (*CertDBAccessor) GetOCSP

func (d *CertDBAccessor) GetOCSP(serial, aki string) (ors []certdb.OCSPRecord, err error)

GetOCSP retrieves a certdb.OCSPRecord from db by serial.

func (*CertDBAccessor) GetRevokedAndUnexpiredCertificates

func (d *CertDBAccessor) GetRevokedAndUnexpiredCertificates() ([]certdb.CertificateRecord, error)

GetRevokedAndUnexpiredCertificates returns revoked and unexpired certificates

func (*CertDBAccessor) GetRevokedAndUnexpiredCertificatesByLabel

func (d *CertDBAccessor) GetRevokedAndUnexpiredCertificatesByLabel(label string) ([]certdb.CertificateRecord, error)

GetRevokedAndUnexpiredCertificatesByLabel returns revoked and unexpired certificates matching the label

func (*CertDBAccessor) GetRevokedCertificates

func (d *CertDBAccessor) GetRevokedCertificates(expiredAfter, expiredBefore, revokedAfter, revokedBefore time.Time) ([]certdb.CertificateRecord, error)

GetRevokedCertificates returns revoked certificates

func (*CertDBAccessor) GetUnexpiredCertificates

func (d *CertDBAccessor) GetUnexpiredCertificates() (crs []certdb.CertificateRecord, err error)

GetUnexpiredCertificates gets all unexpired certificate from db.

func (*CertDBAccessor) GetUnexpiredOCSPs

func (d *CertDBAccessor) GetUnexpiredOCSPs() (ors []certdb.OCSPRecord, err error)

GetUnexpiredOCSPs retrieves all unexpired certdb.OCSPRecord from db.

func (*CertDBAccessor) InsertCertificate

func (d *CertDBAccessor) InsertCertificate(cr certdb.CertificateRecord) error

InsertCertificate puts a CertificateRecord into db.

func (*CertDBAccessor) InsertOCSP

func (d *CertDBAccessor) InsertOCSP(rr certdb.OCSPRecord) error

InsertOCSP puts a new certdb.OCSPRecord into the db.

func (*CertDBAccessor) RevokeCertificate

func (d *CertDBAccessor) RevokeCertificate(serial, aki string, reasonCode int) error

RevokeCertificate updates a certificate with a given serial number and marks it revoked.

func (*CertDBAccessor) RevokeCertificatesByID

func (d *CertDBAccessor) RevokeCertificatesByID(id string, reasonCode int) (crs []CertRecord, err error)

RevokeCertificatesByID updates all certificates for a given ID and marks them revoked

func (*CertDBAccessor) UpdateOCSP

func (d *CertDBAccessor) UpdateOCSP(serial, aki, body string, expiry time.Time) error

UpdateOCSP updates a ocsp response record with a given serial number.

func (*CertDBAccessor) UpsertOCSP

func (d *CertDBAccessor) UpsertOCSP(serial, aki, body string, expiry time.Time) error

UpsertOCSP update a ocsp response record with a given serial number, or insert the record if it doesn't yet exist in the db

type CertRecord

type CertRecord struct {
	ID string `db:"id"`

CertRecord extends CFSSL CertificateRecord by adding an enrollment ID to the record

type Server

type Server struct {
	// The home directory for the server
	HomeDir string
	// BlockingStart if true makes the Start function blocking
	BlockingStart bool
	// The server's configuration
	Config *config.ServerConfig

	// Server's default CA
	// contains filtered or unexported fields

Server is the rksync-ca server

func (*Server) GetCA

func (s *Server) GetCA() *CA

GetCA returns the CA instance

func (*Server) Init

func (s *Server) Init(renew bool) (err error)

Init initializes a rksync-ca server

func (*Server) Start

func (s *Server) Start() (err error)

Start the rksync-ca server

func (*Server) Stop

func (s *Server) Stop() error

Stop the server

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
t or T : Toggle theme light dark auto
y or Y : Canonical URL