Documentation ¶
Overview ¶
Package generator implements the HTTP handlers for certificate generation.
Index ¶
- func CSRValidate(req *csr.CertificateRequest) error
- func NewCertGeneratorHandler(validator Validator, caFile, caKeyFile string, policy *config.Signing) (http.Handler, error)
- func NewCertGeneratorHandlerFromSigner(validator Validator, signer signer.Signer) http.Handler
- func NewHandler(validator Validator) (http.Handler, error)
- type CertGeneratorHandler
- type CertRequest
- type Handler
- type Sum
- type Validator
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func CSRValidate ¶
func CSRValidate(req *csr.CertificateRequest) error
CSRValidate contains the default validation logic for certificate requests to the API server. This follows the Baseline Requirements for the Issuance and Management of Publicly-Trusted Certificates, v.1.1.6, from the CA/Browser Forum (https://cabforum.org). Specifically, section 10.2.3 ("Information Requirements"), states:
"Applicant information MUST include, but not be limited to, at least one Fully-Qualified Domain Name or IP address to be included in the Certificate’s SubjectAltName extension."
func NewCertGeneratorHandler ¶
func NewCertGeneratorHandler(validator Validator, caFile, caKeyFile string, policy *config.Signing) (http.Handler, error)
NewCertGeneratorHandler builds a new handler for generating certificates directly from certificate requests; the validator covers the certificate request and the CA's key and certificate are used to sign the generated request. If remote is not an empty string, the handler will send signature requests to the CFSSL instance contained in remote.
func NewCertGeneratorHandlerFromSigner ¶
NewCertGeneratorHandlerFromSigner returns a handler directly from the signer and validation function.
Types ¶
type CertGeneratorHandler ¶
type CertGeneratorHandler struct {
// contains filtered or unexported fields
}
A CertGeneratorHandler accepts JSON-encoded certificate requests and returns a new private key and signed certificate; it handles sending the CSR to the server.
func (*CertGeneratorHandler) Handle ¶
func (cg *CertGeneratorHandler) Handle(w http.ResponseWriter, r *http.Request) error
Handle responds to requests for the CA to generate a new private key and certificate on behalf of the client. The format for these requests is documented in the API documentation.
type CertRequest ¶
type CertRequest struct { Key string `json:"private_key"` CSR string `json:"certificate_request"` Sums map[string]Sum `json:"sums"` }
A CertRequest stores a PEM-encoded private key and corresponding CSR; this is returned from the CSR generation endpoint.
type Handler ¶
type Handler struct {
// contains filtered or unexported fields
}
A Handler accepts JSON-encoded certificate requests and returns a new private key and certificate request.
type Validator ¶
type Validator func(*csr.CertificateRequest) error
Validator is a type of function that contains the logic for validating a certificate request.