v0.0.0-...-03b241a Latest Latest

This package is not in the latest version of its module.

Go to latest
Published: Aug 25, 2020 License: Apache-2.0 Imports: 18 Imported by: 0




View Source
const DefaultLeeway = 1 * time.Minute

DefaultLeeway is the duration for matching not before claims.


View Source
var DefaultsFile = filepath.Join(config.StepPath(), "config", "defaults.json")

DefaultsFile contains the location of the defaults file.

View Source
var IdentityFile = filepath.Join(config.StepPath(), "config", "identity.json")

IdentityFile contains the location of the identity file.


func WriteDefaultIdentity

func WriteDefaultIdentity(certChain []api.Certificate, key crypto.PrivateKey) error

WriteDefaultIdentity writes the given certificates and key and the identity.json pointing to the new files.

func WriteIdentityCertificate

func WriteIdentityCertificate(certChain []api.Certificate) error

WriteIdentityCertificate writes the identity certificate in disk.


type Client

type Client struct {
	CaURL *url.URL

Client wraps http.Client with a transport using the step root and identity.

func LoadClient

func LoadClient() (*Client, error)

LoadClient configures an http.Client with the root in $STEPPATH/config/defaults.json and the identity defined in $STEPPATH/config/identity.json

func (*Client) ResolveReference

func (c *Client) ResolveReference(ref *url.URL) *url.URL

ResolveReference resolves the given reference from the CaURL.

type Identity

type Identity struct {
	Type        string `json:"type"`
	Certificate string `json:"crt"`
	Key         string `json:"key"`

Identity represents the identity file that can be used to authenticate with the CA.

func LoadDefaultIdentity

func LoadDefaultIdentity() (*Identity, error)

LoadDefaultIdentity loads the default identity.

func (*Identity) GetClientCertificateFunc

func (i *Identity) GetClientCertificateFunc() func(*tls.CertificateRequestInfo) (*tls.Certificate, error)

GetClientCertificateFunc returns a method that can be used as the GetClientCertificate property in a tls.Config.

func (*Identity) Kind

func (i *Identity) Kind() Type

Kind returns the type for the given identity.

func (*Identity) Renew

func (i *Identity) Renew(client Renewer) error

Renew renews the current identity certificate using a client with a renew method.

func (*Identity) TLSCertificate

func (i *Identity) TLSCertificate() (tls.Certificate, error)

TLSCertificate returns a tls.Certificate for the identity.

func (*Identity) Validate

func (i *Identity) Validate() error

Validate validates the identity object.

type Renewer

type Renewer interface {
	GetRootCAs() *x509.CertPool
	Renew(tr http.RoundTripper) (*api.SignResponse, error)

Renewer is that interface that a renew client must implement.

type Type

type Type string

Type represents the different types of identity files.

const Disabled Type = ""

Disabled represents a disabled identity type

const MutualTLS Type = "mTLS"

MutualTLS represents the identity using mTLS

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL