crypki

package
v0.0.13 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 8, 2023 License: Apache-2.0 Imports: 19 Imported by: 0

Documentation

Overview

Package crypki provides the signer client to request CSR request from crypki servers.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func EstablishClientConn 

func EstablishClientConn(ctx context.Context, endpoint string, opts ...grpc.DialOption) (conn *grpc.ClientConn, err error)

EstablishClientConn establishes a GRPC connection to the crypki endpoint.

func GetDefaultExtension 

func GetDefaultExtension() map[string]string

GetDefaultExtension returns default extensions for user SSH certificate.

func TLSConfiguration 

func TLSConfiguration(conf *SignerConfig) (*tls.Config, error)

TLSConfiguration creates a new SignerConfig for tls connection.

Types

type Signer 

type Signer struct {
	// contains filtered or unexported fields
}

Signer encapsulates the Crypki client.

func NewSigner 

func NewSigner(conf SignerConfig) (*Signer, error)

NewSigner creates a Signer by SignerConfig.

func NewSignerWithGensignConf 

func NewSignerWithGensignConf(gensignConf config.GensignConfig) (*Signer, error)

NewSignerWithGensignConf creates a Signer by GensignConfig.

func (*Signer) DialOptions 

func (s *Signer) DialOptions() (options []grpc.DialOption)

DialOptions clones the dialOptions.

func (*Signer) Endpoints 

func (s *Signer) Endpoints() (endpoints []string)

Endpoints clones the endpoints.

func (*Signer) Sign 

func (s *Signer) Sign(ctx context.Context, request *pb.SSHCertificateSigningRequest) (certs []ssh.PublicKey, comments []string, err error)

Sign makes a signing request against Crypki Server.

type SignerConfig 

type SignerConfig struct {
	// TLSClientKeyFile is the client key to authenticate requestor's identity at Crypki.
	TLSClientKeyFile string `mapstructure:"tls_client_key_file" validate:"required"`
	// TLSClientKeyFile is the client cert to authenticate requestor's identity at Crypki.
	TLSClientCertFile string `mapstructure:"tls_client_cert_file" validate:"required"`
	// TLSCACertFiles is the list of certification authority certs to verify Crypki server cert.
	TLSCACertFiles []string `mapstructure:"tls_ca_cert_files" validate:"required"`
	// CrypkiEndpoints is the endpoint list of the crypki servers.
	// It is recommended to put IPs or secondary DNS name into the list.
	// Signer tries to send the certificate request to the crypki server in the order of CrypkiEndpoints.
	// If any return success, the signed certificate will be returned to the caller.
	CrypkiEndpoints []string `mapstructure:"crypki_endpoints" validate:"required"`
	// CrypkiPort is the port number of the crypki servers.
	CrypkiPort uint `mapstructure:"crypki_port" validate:"required"`
	// Retries is the number of retry times to request certificate from a crypki server endpoint.
	Retries uint `mapstructure:"retries"`
	// PerTryTimeout is the RPC timeout per call.
	PerTryTimeout time.Duration `mapstructure:"per_try_timeout"`
}

SignerConfig contains the signer data from the config file.

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.