Documentation
¶
Index ¶
- Constants
- Variables
- func AbsTLSClient(cfg *ClientTLSConfig, configDir string) error
- func AbsTLSServer(cfg *ServerTLSConfig, configDir string) error
- func GetClientTLSConfig(cfg *ClientTLSConfig, csp cccsp.CCCSP) (*tls.Config, error)
- func UnmarshalConfig(cfg interface{}, vp *viper.Viper, configFile string, server bool) error
- type CAConfig
- type CAConfigDB
- type CAConfigRegistry
- type CAInfo
- type CRLConfig
- type ClientAuth
- type ClientConfig
- type ClientTLSConfig
- type IntermediateCA
- type KeyCertFiles
- type ParentServer
- type ServerConfig
- type ServerTLSConfig
Constants ¶
View Source
const ( // DefaultServerPort is the default listening port for the rksync-ca server DefaultServerPort = 8054 // DefaultServerAddr is the default listening address for the rksync-ca server DefaultServerAddr = "0.0.0.0" )
Variables ¶
View Source
var DefaultCipherSuites = []uint16{ tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, tls.TLS_RSA_WITH_AES_128_GCM_SHA256, tls.TLS_RSA_WITH_AES_256_GCM_SHA384, }
DefaultCipherSuites is a set of strong TLS cipher suites
Functions ¶
func AbsTLSClient ¶
func AbsTLSClient(cfg *ClientTLSConfig, configDir string) error
AbsTLSClient makes TLS client files absolute
func AbsTLSServer ¶
func AbsTLSServer(cfg *ServerTLSConfig, configDir string) error
AbsTLSServer makes TLS server files absolute
func GetClientTLSConfig ¶
GetClientTLSConfig creates a tls.Config oject from certs and roots
Types ¶
type CAConfig ¶
type CAConfig struct {
Version string `skip:"true"`
CA CAInfo
Signing *cfsslcfg.Signing `skip:"true"`
CSR api.CSRInfo
Intermediate IntermediateCA
Registry CAConfigRegistry
CRL CRLConfig
Client *ClientConfig `skip:"true"`
DB CAConfigDB
}
CAConfig is the CA instance's configuration
type CAConfigDB ¶
type CAConfigDB struct {
Type string `def:"mariadb" help:"Type of database"`
Datasource string `help:"Data source which is database specific"`
}
CAConfigDB is the database part of the server's config
type CAConfigRegistry ¶
type CAConfigRegistry struct {
MaxEnrollments int `def:"-1" help:"Maximum number of enrollments"`
}
CAConfigRegistry is the registry part of the server's config
type CAInfo ¶
type CAInfo struct {
Name string `opt:"n" help:"Certificate Authority name"`
Keyfile string `help:"PEM-encoded CA key file"`
Certfile string `def:"ca-cert.pem" help:"PEM-encoded CA certificate file"`
Chainfile string `def:"ca-chain.pem" help:"PEM-encoded CA chain file"`
}
CAInfo is the CA information on a rksync-ca
type CRLConfig ¶
type CRLConfig struct {
Expiry time.Duration `def:"24h" help:"Expiration for the CRL generated by the gencrl request"`
}
CRLConfig contains configuration options used by the gencrl request handler
type ClientAuth ¶
type ClientAuth struct {
Type string `def:"noclientcert" help:"Policy the server will follow for TLS Client Authentication"`
CertFiles []string `help:"A list of comma-separated PEM-encoded trusted certificate files"`
}
ClientAuth defines the key material needed to verify client certificates
type ClientConfig ¶
type ClientConfig struct {
URL string
TLS ClientTLSConfig
Debug bool
LogLevel string
CAName string
CSR api.CSRInfo
}
ClientConfig is the rksync-ca client's config
type ClientTLSConfig ¶
type ClientTLSConfig struct {
Enabled bool `skip:"true"`
CertFiles []string `help:"A list of comma-separated PEM-encoded trusted certificate file"`
Client KeyCertFiles
}
ClientTLSConfig defines the key material for a TLS client
type IntermediateCA ¶
type IntermediateCA struct {
ParentServer ParentServer
TLS ClientTLSConfig
}
IntermediateCA contains parent server information, TLS configuration, and enrollment request for an intermediate CA
type KeyCertFiles ¶
type KeyCertFiles struct {
KeyFile string `help:"PEM-encoded key file when mutual authentication is enabled"`
CertFile string `help:"PEM-encoded certificate file when mutual anthenticate is enabled"`
}
KeyCertFiles defines the files need for client on TLS
type ParentServer ¶
type ParentServer struct {
URL string `opt:"u" help:"URL of the parent rksync-ca-server"`
CAName string `help:"Name of the CA to connect to"`
}
ParentServer contains URL for the parent server and the name of CA inside the server to connect to
type ServerConfig ¶
type ServerConfig struct {
// Listening port for the server
Port int `def:"8054" opt:"p" help:"Listening port of rksync-ca-server"`
// Bind address for the server
Address string `def:"0.0.0.0" help:"Listening address of rksync-ca-server"`
// Enables debug logging
Debug bool `def:"false" opt:"d" help:"Enable debug level logging" hide:"true"`
// Sets the logging level on the server
LogLevel string `help:"Set logging level (info, warning, debug, error, fatal)"`
// CACfg is the default CA's config
CACfg CAConfig `skip:"true"`
// TLS for the server's listening endpoint
TLS ServerTLSConfig
// Size limit of an acceptable CRL in bytes
CRLSizeLimit int `def:"51200" help:"Size limit of an acceptable CRL in bytes"`
}
ServerConfig is the rksync-ca server's configuration
type ServerTLSConfig ¶
type ServerTLSConfig struct {
Enabled bool `help:"Enable TLS on the listening port"`
CertFile string `def:"tls-cert.pem" help:"PEM-encoded TLS certificate file for server's listening port"`
KeyFile string `help:"PEM-encoded TLS key for server's listening port"`
ClientAuth ClientAuth
}
ServerTLSConfig defines key material for a TLS server
Source Files
Click to show internal directories.
Click to hide internal directories.