trust

package
v0.10.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 21, 2023 License: Apache-2.0 Imports: 17 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type CachingSignerGen 

type CachingSignerGen struct {
	SignerGen SignerGen
	Interval  time.Duration
	// contains filtered or unexported fields
}

CachingSignerGen is a SignerGen that can cache the previously generated Signer for some time.

func (*CachingSignerGen) Generate 

func (s *CachingSignerGen) Generate(ctx context.Context) (trust.Signer, error)

Generate generates a signer using the SignerGen or returns the cached signer. An error is only returned if the previous signer is empty, and no signer can be generated.

type CryptoLoader 

type CryptoLoader struct {
	trust.DB
	// Dir is the directory where the AS certificates and private keys are
	// loaded from.
	Dir string
	// TRCDirs are optional directories from which TRCs are loaded.
	TRCDirs []string
}

CryptoLoader loads chains from the given directory or the DB.

func (CryptoLoader) Chains 

func (l CryptoLoader) Chains(ctx context.Context,
	query trust.ChainQuery) ([][]*x509.Certificate, error)

Chains loads chains from disk, stores them to DB, and returns the result from DB. The fallback mode is always the result of the DB.

func (CryptoLoader) SignedTRC 

func (l CryptoLoader) SignedTRC(ctx context.Context, id cppki.TRCID) (cppki.SignedTRC, error)

type LoadingRing 

type LoadingRing struct {
	Dir string
}

LoadingRing is a key ring that loads the private keys from the configured directory.

func (LoadingRing) PrivateKeys 

func (r LoadingRing) PrivateKeys(ctx context.Context) ([]crypto.Signer, error)

PrivateKeys loads all private keys that are in PKCS#8 format from the directory.

type RenewingSigner 

type RenewingSigner struct {
	SignerGen SignerGen
}

RenewingSigner is a signer that automatically picks up new key/cert material.

func (RenewingSigner) Sign 

func (s RenewingSigner) Sign(
	ctx context.Context,
	msg []byte,
	associatedData ...[]byte,
) (*cryptopb.SignedMessage, error)

Sign signs the message with the latest available Signer.

func (RenewingSigner) SignCMS 

func (s RenewingSigner) SignCMS(ctx context.Context, msg []byte) ([]byte, error)

SignCMS signs the message with the latest available Signer.

type SignerGen 

type SignerGen interface {
	Generate(ctx context.Context) (trust.Signer, error)
}

SignerGen generates signers.

type TLSCertificateLoader added in v0.9.0 

type TLSCertificateLoader struct {
	SignerGen SignerGen
}

TLSCertificateLoader is a wrapper for a SignerGen, converting the trust.Signer to an equivalent tls.Certificate.

func (TLSCertificateLoader) Get added in v0.9.0 

func (l TLSCertificateLoader) Get(ctx context.Context) (*tls.Certificate, error)

Get returns the certificate representing the Signer generated by the SignerGen.

func (TLSCertificateLoader) GetCertificate added in v0.9.0 

func (l TLSCertificateLoader) GetCertificate(
	hello *tls.ClientHelloInfo,
) (*tls.Certificate, error)

GetCertificate returns the certificate representing the Signer generated by the SignerGen. This function can be bound to tls.Config.GetCertificate.

func (TLSCertificateLoader) GetClientCertificate added in v0.9.0 

func (l TLSCertificateLoader) GetClientCertificate(
	reqInfo *tls.CertificateRequestInfo,
) (*tls.Certificate, error)

GetClientCertificate returns the certificate representing the Signer generated by the SignerGen. This function can be bound to tls.Config.GetClientCertificate.

Source Files

View all Source files

Directories

Path Synopsis
Package mock_trust is a generated GoMock package.
 Package mock_trust is a generated GoMock package.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.