server

package

v0.0.0-...-a91455d Latest Latest Go to latest Published: Apr 3, 2019 License: Apache-2.0 Imports: 50 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/rkcloudchain/rksync-ca

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
func GetAttrExtension(ca *CA, attrReqs []*api.AttributeRequest, id, profile string) (*signer.Extension, error)
func LoadPEMCertPool(certFiles []string) (*x509.CertPool, error)
func ReadBody(r *http.Request, body interface{}) error
func ReadBodyBytes(r *http.Request) ([]byte, error)
func TryReadBody(r *http.Request, body interface{}) (bool, error)
type Accessor
- func NewDBAccessor(db *dbutil.DB) *Accessor
type CA
type CertDBAccessor
- func NewCertDBAccessor(db *dbutil.DB) *CertDBAccessor
type CertRecord
type Server

Constants ¶

View Source

const (

	// CAChainParentFirstEnvVar is the name of the environment variable that needs to be set
	// for server to return CA chain in parent-first order
	CAChainParentFirstEnvVar = "CA_CHAIN_PARENT_FIRST"
)

Variables ¶

This section is empty.

Functions ¶

func GetAttrExtension ¶

func GetAttrExtension(ca *CA, attrReqs []*api.AttributeRequest, id, profile string) (*signer.Extension, error)

GetAttrExtension returns an attribute extension to place into a signing request

func LoadPEMCertPool ¶

func LoadPEMCertPool(certFiles []string) (*x509.CertPool, error)

LoadPEMCertPool loads a pool of PEM certificate from list of files

func ReadBody ¶

func ReadBody(r *http.Request, body interface{}) error

ReadBody reads the request body and JSON unmarshals into 'body'

func ReadBodyBytes ¶

func ReadBodyBytes(r *http.Request) ([]byte, error)

ReadBodyBytes reads the request body and returns bytes

func TryReadBody ¶

func TryReadBody(r *http.Request, body interface{}) (bool, error)

TryReadBody reads the request body into 'body' if not empty

Types ¶

type Accessor ¶

type Accessor struct {
	// contains filtered or unexported fields
}

Accessor implements db.Accessor interface

func NewDBAccessor ¶

func NewDBAccessor(db *dbutil.DB) *Accessor

NewDBAccessor si a constructor for the database API

func (*Accessor) DeleteUser ¶

func (d *Accessor) DeleteUser(id string) (registry.User, error)

DeleteUser deletes user from database

func (*Accessor) GetUser ¶

func (d *Accessor) GetUser(id string, attrs []string) (registry.User, error)

GetUser gets user from database

func (*Accessor) InsertUser ¶

func (d *Accessor) InsertUser(user *registry.UserInfo) error

InsertUser inserts user into database

func (*Accessor) SetDB ¶

func (d *Accessor) SetDB(db *dbutil.DB)

SetDB changes the underlying sql.DB object Accessor is manipulating.

func (*Accessor) UpdateUser ¶

func (d *Accessor) UpdateUser(user *registry.UserInfo, updatePass bool) error

UpdateUser updates user in database

type CA ¶

type CA struct {
	// The home directory for the CA
	HomeDir string
	// The CA's configuration
	Config *config.CAConfig
	// contains filtered or unexported fields
}

CA represents a certificate authority which signs, issues and revokes certificates

type CertDBAccessor ¶

type CertDBAccessor struct {
	// contains filtered or unexported fields
}

CertDBAccessor implements certdb.Accessor interface

func NewCertDBAccessor ¶

func NewCertDBAccessor(db *dbutil.DB) *CertDBAccessor

NewCertDBAccessor returns a new Accessor

func (*CertDBAccessor) GetCertificate ¶

func (d *CertDBAccessor) GetCertificate(serial, aki string) (crs []certdb.CertificateRecord, err error)

GetCertificate gets a CertificateRecord indexed by serial.

func (*CertDBAccessor) GetCertificateWithID ¶

func (d *CertDBAccessor) GetCertificateWithID(serial, aki string) (crs CertRecord, err error)

GetCertificateWithID gets a CertRecord indexed by serial

func (*CertDBAccessor) GetCertificatesByID ¶

func (d *CertDBAccessor) GetCertificatesByID(id string) (crs []CertRecord, err error)

GetCertificatesByID gets a CertRecord indexed by id

func (*CertDBAccessor) GetOCSP ¶

func (d *CertDBAccessor) GetOCSP(serial, aki string) (ors []certdb.OCSPRecord, err error)

GetOCSP retrieves a certdb.OCSPRecord from db by serial.

func (*CertDBAccessor) GetRevokedAndUnexpiredCertificates ¶

func (d *CertDBAccessor) GetRevokedAndUnexpiredCertificates() ([]certdb.CertificateRecord, error)

GetRevokedAndUnexpiredCertificates returns revoked and unexpired certificates

func (*CertDBAccessor) GetRevokedAndUnexpiredCertificatesByLabel ¶

func (d *CertDBAccessor) GetRevokedAndUnexpiredCertificatesByLabel(label string) ([]certdb.CertificateRecord, error)

GetRevokedAndUnexpiredCertificatesByLabel returns revoked and unexpired certificates matching the label

func (*CertDBAccessor) GetRevokedCertificates ¶

func (d *CertDBAccessor) GetRevokedCertificates(expiredAfter, expiredBefore, revokedAfter, revokedBefore time.Time) ([]certdb.CertificateRecord, error)

GetRevokedCertificates returns revoked certificates

func (*CertDBAccessor) GetUnexpiredCertificates ¶

func (d *CertDBAccessor) GetUnexpiredCertificates() (crs []certdb.CertificateRecord, err error)

GetUnexpiredCertificates gets all unexpired certificate from db.

func (*CertDBAccessor) GetUnexpiredOCSPs ¶

func (d *CertDBAccessor) GetUnexpiredOCSPs() (ors []certdb.OCSPRecord, err error)

GetUnexpiredOCSPs retrieves all unexpired certdb.OCSPRecord from db.

func (*CertDBAccessor) InsertCertificate ¶

func (d *CertDBAccessor) InsertCertificate(cr certdb.CertificateRecord) error

InsertCertificate puts a CertificateRecord into db.

func (*CertDBAccessor) InsertOCSP ¶

func (d *CertDBAccessor) InsertOCSP(rr certdb.OCSPRecord) error

InsertOCSP puts a new certdb.OCSPRecord into the db.

func (*CertDBAccessor) RevokeCertificate ¶

func (d *CertDBAccessor) RevokeCertificate(serial, aki string, reasonCode int) error

RevokeCertificate updates a certificate with a given serial number and marks it revoked.

func (*CertDBAccessor) RevokeCertificatesByID ¶

func (d *CertDBAccessor) RevokeCertificatesByID(id string, reasonCode int) (crs []CertRecord, err error)

RevokeCertificatesByID updates all certificates for a given ID and marks them revoked

func (*CertDBAccessor) UpdateOCSP ¶

func (d *CertDBAccessor) UpdateOCSP(serial, aki, body string, expiry time.Time) error

UpdateOCSP updates a ocsp response record with a given serial number.

func (*CertDBAccessor) UpsertOCSP ¶

func (d *CertDBAccessor) UpsertOCSP(serial, aki, body string, expiry time.Time) error

UpsertOCSP update a ocsp response record with a given serial number, or insert the record if it doesn't yet exist in the db

type CertRecord ¶

type CertRecord struct {
	ID string `db:"id"`
	certdb.CertificateRecord
}

CertRecord extends CFSSL CertificateRecord by adding an enrollment ID to the record

type Server ¶

type Server struct {
	// The home directory for the server
	HomeDir string
	// BlockingStart if true makes the Start function blocking
	BlockingStart bool
	// The server's configuration
	Config *config.ServerConfig

	// Server's default CA
	CA
	// contains filtered or unexported fields
}

Server is the rksync-ca server

func (*Server) GetCA ¶

func (s *Server) GetCA() *CA

GetCA returns the CA instance

func (*Server) Init ¶

func (s *Server) Init(renew bool) (err error)

Init initializes a rksync-ca server

func (*Server) Start ¶

func (s *Server) Start() (err error)

Start the rksync-ca server

func (*Server) Stop ¶

func (s *Server) Stop() error

Stop the server

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL