trust

package
v0.6.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 4, 2020 License: Apache-2.0 Imports: 22 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type CACertLoader 

type CACertLoader struct {
	IA  addr.IA
	Dir string
	DB  trust.DB
}

CACertLoader loads CA certificates from disk.

func (CACertLoader) CACerts 

func (l CACertLoader) CACerts(ctx context.Context) ([]*x509.Certificate, error)

CACerts returns a list of CA certificates from disk that are verifiable with an active TRC .

type CACertProvider 

type CACertProvider interface {
	// CACerts returns a list of CA certificates that are verifiable with an
	// active TRC.
	CACerts(ctx context.Context) ([]*x509.Certificate, error)
}

CACertProvider provides verifiable CA certificates.

type CachingPolicyGen 

type CachingPolicyGen struct {
	PolicyGen PolicyGen
	Interval  time.Duration
	// contains filtered or unexported fields
}

CachingPolicyGen is a PolicyGen that can cache the previously generated CASigner for some time.

func (*CachingPolicyGen) Generate 

func (s *CachingPolicyGen) Generate(ctx context.Context) (cppki.CAPolicy, error)

Generate generates a CAPolicy using the PolicyGen or returns the cached CAPolicy.

type CachingSignerGen 

type CachingSignerGen struct {
	SignerGen SignerGen
	Interval  time.Duration
	// contains filtered or unexported fields
}

CachingSignerGen is a SignerGen that can cache the previously generated Signer for some time.

func (*CachingSignerGen) Generate 

func (s *CachingSignerGen) Generate(ctx context.Context) (trust.Signer, error)

Generate generates a signer using the SignerGen or returns the cached signer. An error is only returned if the previous signer is empty, and no signer can be generated.

type ChainBuilder 

type ChainBuilder struct {
	PolicyGen PolicyGen
}

ChainBuilder creates a certificate chain with the generated policy.

func (ChainBuilder) CreateChain 

func (c ChainBuilder) CreateChain(ctx context.Context,
	csr *x509.CertificateRequest) ([]*x509.Certificate, error)

CreateChain creates a certificate chain with the latest available CA policy.

type ClientLoader 

type ClientLoader struct {
	Dir      string
	ClientDB renewal.DB
}

ClientLoader loads client chains from the given directory into the DB.

func (ClientLoader) LoadClientChains 

func (l ClientLoader) LoadClientChains(ctx context.Context) error

LoadClientChains loads the client chains into the DB.

type CryptoLoader 

type CryptoLoader struct {
	Dir string
	trust.DB
}

CryptoLoader loads chains from the given directory or the DB.

func (CryptoLoader) Chains 

func (l CryptoLoader) Chains(ctx context.Context,
	query trust.ChainQuery) ([][]*x509.Certificate, error)

Chains loads chains from disk, stores them to DB, and returns the result from DB. The fallback mode is always the result of the DB.

type LoadingPolicyGen 

type LoadingPolicyGen struct {
	Validity     time.Duration
	KeyRing      trust.KeyRing
	CertProvider CACertProvider
}

LoadingPolicyGen generates a CAPolicy from the keys and certificates available on the file system.

func (LoadingPolicyGen) Generate 

func (g LoadingPolicyGen) Generate(ctx context.Context) (cppki.CAPolicy, error)

Generate fetches private keys from the key ring and searches active CA certificates that authenticate the corresponding public key. The returned policy uses the private which is backed by the CA certificate with the highest expiration time.

type LoadingRing 

type LoadingRing struct {
	Dir string
}

LoadingRing is a key ring that loads the private keys from the configured directory.

func (LoadingRing) PrivateKeys 

func (r LoadingRing) PrivateKeys(ctx context.Context) ([]crypto.Signer, error)

PrivateKeys loads all private keys that are in PKCS#8 format from the directory.

type PolicyGen 

type PolicyGen interface {
	Generate(context.Context) (cppki.CAPolicy, error)
}

PolicyGen generates a new CA policy.

type RenewingSigner 

type RenewingSigner struct {
	SignerGen SignerGen
}

RenewingSigner is a signer that automatically picks up new key/cert material.

func (RenewingSigner) Sign 

func (s RenewingSigner) Sign(ctx context.Context, msg []byte,
	associatedData ...[]byte) (*cryptopb.SignedMessage, error)

Sign signs the message with the latest available Signer.

type SignerGen 

type SignerGen interface {
	Generate(ctx context.Context) (trust.Signer, error)
}

SignerGen generates signers.

Source Files

View all Source files

Directories

Path Synopsis
mock_grpc
Package mock_grpc is a generated GoMock package.
 Package mock_grpc is a generated GoMock package.
internal
metrics
Package mock_trust is a generated GoMock package.
 Package mock_trust is a generated GoMock package.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.