Documentation
¶
Index ¶
Constants ¶
const ( // ConfigKey is the key in the map holding the marshalled CTLog config. ConfigKey = "config" // PrivateKey is the key in the map holding the encrypted PEM private key // for CTLog. PrivateKey = "private" // PublicKey is the key in the map holding the PEM public key for CTLog. PublicKey = "public" // LegacyRootCAKey is the key for when we only supported a single entry // in the config. LegacyRootCAKey = "rootca" )
Variables ¶
This section is empty.
Functions ¶
func DecryptExistingPrivateKey ¶
func DecryptExistingPrivateKey(privateKey []byte, password string) (crypto.PrivateKey, crypto.PublicKey, error)
DecryptExistingPrivateKey reads in an encrypted private key, decrypts with the given password, and returns private, public keys for it.
Types ¶
type Config ¶
type Config struct {
PrivKey crypto.PrivateKey
PrivKeyPassword string
PubKey crypto.PublicKey
LogID int64
LogPrefix string
// Address of the gRPC Trillian Admin Server (host:port)
TrillianServerAddr string
// FulcioCerts contains one or more Root certificates for Fulcio.
// It may contain more than one if Fulcio key is rotated for example, so
// there will be a period of time when we allow both. It might also contain
// multiple Root Certificates, if we choose to support admitting certificates from fulcio instances run by others
FulcioCerts [][]byte
}
Config abstracts the proto munging to/from bytes suitable for working with secrets / configmaps. Note that we keep fulcioCerts here though technically they are not part of the config, however because we create a secret/CM that we then mount, they need to be synced.
func Unmarshal ¶
Unmarshal converts serialized (from secret, or configmap) form of the proto and secrets and constructs a CTLogConfig. Note however that because we do not update public/private keys once set we do not roundtrip these into their original forms.
func (*Config) AddFulcioRoot ¶
AddFulcioRoot will add the specified fulcioRoot to the list of trusted Fulcios. If it already exists, it's a nop. The fulcioRoot should come from the call to fetch a PublicFulcio root and is the ChainPEM from the fulcioclient RootResponse.
func (*Config) MarshalConfig ¶
MarshalConfig marshals the CTLogConfig into a format that can be handed to the CTLog in form of a secret or configmap. Returns a map with the following keys: config - CTLog configuration private - CTLog private key, PEM encoded and encrypted with the password public - CTLog public key, PEM encoded fulcio-%d - For each fulcioCerts, contains one entry so we can support multiple.
func (*Config) RemoveFulcioRoot ¶
RemoveFulcioRoot will remove the specified fulcioRoot from the list of trusted Fulcios. If
Source Files