Documentation ¶
Overview ¶
Package local implements certificate signature functionality for CFSSL.
Index ¶
- func OverrideHosts(template *x509.Certificate, hosts []string)
- func PopulateSubjectFromCSR(s *signer.Subject, req pkix.Name) pkix.Name
- type Signer
- func (s *Signer) Certificate(label, profile string) (*x509.Certificate, error)
- func (s *Signer) GetDBAccessor() certdb.Accessor
- func (s *Signer) Info(req info.Req) (resp *info.Resp, err error)
- func (s *Signer) Policy() *config.Signing
- func (s *Signer) SetDBAccessor(dba certdb.Accessor)
- func (s *Signer) SetPolicy(policy *config.Signing)
- func (s *Signer) SetReqModifier(func(*http.Request, []byte))
- func (s *Signer) SigAlgo() x509.SignatureAlgorithm
- func (s *Signer) Sign(req signer.SignRequest) (cert []byte, err error)
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func OverrideHosts ¶
func OverrideHosts(template *x509.Certificate, hosts []string)
OverrideHosts fills template's IPAddresses, EmailAddresses, and DNSNames with the content of hosts, if it is not nil.
Types ¶
type Signer ¶
type Signer struct {
// contains filtered or unexported fields
}
Signer contains a signer that uses the standard library to support both ECDSA and RSA CA keys.
func NewSigner ¶
func NewSigner(priv crypto.Signer, cert *x509.Certificate, sigAlgo x509.SignatureAlgorithm, policy *config.Signing) (*Signer, error)
NewSigner creates a new Signer directly from a private key and certificate, with optional policy.
func NewSignerFromFile ¶
NewSignerFromFile generates a new local signer from a caFile and a caKey file, both PEM encoded.
func (*Signer) Certificate ¶
func (s *Signer) Certificate(label, profile string) (*x509.Certificate, error)
Certificate returns the signer's certificate.
func (*Signer) GetDBAccessor ¶
GetDBAccessor returns the signers' cert db accessor
func (*Signer) SetDBAccessor ¶
SetDBAccessor sets the signers' cert db accessor
func (*Signer) SetReqModifier ¶
SetReqModifier does nothing for local
func (*Signer) SigAlgo ¶
func (s *Signer) SigAlgo() x509.SignatureAlgorithm
SigAlgo returns the RSA signer's signature algorithm.