ca

package
v0.0.0-...-a1f2fe4 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Nov 28, 2017 License: Apache-2.0 Imports: 18 Imported by: 0

Documentation

Index

Constants

View Source 
const URIScheme = "spiffe"

URIScheme is the URI scheme for Istio identities.

Variables

This section is empty.

Functions

func GenCSR 

func GenCSR(options CertOptions) ([]byte, []byte, error)

GenCSR generates a X.509 certificate sign request and private key with the given options.

func GenCSRTemplate 

func GenCSRTemplate(options CertOptions) x509.CertificateRequest

GenCSRTemplate generates a certificateRequest template with the given options.

func GenCert 

func GenCert(options CertOptions) ([]byte, []byte)

GenCert generates a X.509 certificate and a private key with the given options.

func LoadSignerCredsFromFiles 

func LoadSignerCredsFromFiles(signerCertFile string, signerPrivFile string) (*x509.Certificate, crypto.PrivateKey, error)

LoadSignerCredsFromFiles loads the signer cert&key from the given files. 

signerCertFile: cert file name
signerPrivFile: private key file name

Types

type CertOptions 

type CertOptions struct {
	// Comma-separated hostnames and IPs to generate a certificate for.
	// This can also be set to the identity running the workload,
	// like kubernetes service account.
	Host string

	// The validity bounds of the issued certificate.
	NotBefore, NotAfter time.Time

	// Signer certificate (PEM encoded).
	SignerCert *x509.Certificate

	// Signer private key (PEM encoded).
	SignerPriv crypto.PrivateKey

	// Organization for this certificate.
	Org string

	// Whether this certificate should be a Cerificate Authority.
	IsCA bool

	// Whether this cerificate is self-signed.
	IsSelfSigned bool

	// Whether this certificate is for a client.
	IsClient bool

	// Whether this certificate is for a server.
	IsServer bool

	// The size of RSA private key to be generated.
	RSAKeySize int
}

CertOptions contains options for generating a new certificate.

type CertificateAuthority 

type CertificateAuthority interface {
	Sign(csrPEM []byte) ([]byte, error)
	GetRootCertificate() []byte
}

CertificateAuthority contains methods to be supported by a CA.

type IstioCA 

type IstioCA struct {
	// contains filtered or unexported fields
}

IstioCA generates keys and certificates for Istio identities.

func NewIstioCA 

func NewIstioCA(opts *IstioCAOptions) (*IstioCA, error)

NewIstioCA returns a new IstioCA instance.

func NewSelfSignedIstioCA 

func NewSelfSignedIstioCA(caCertTTL, certTTL time.Duration, org string, namespace string,
	core corev1.SecretsGetter) (*IstioCA, error)

NewSelfSignedIstioCA returns a new IstioCA instance using self-signed certificate.

func (*IstioCA) GetRootCertificate 

func (ca *IstioCA) GetRootCertificate() []byte

GetRootCertificate returns the PEM-encoded root certificate.

func (*IstioCA) Sign 

func (ca *IstioCA) Sign(csrPEM []byte) ([]byte, error)

Sign takes a PEM-encoded certificate signing request and returns a signed certificate.

type IstioCAOptions 

type IstioCAOptions struct {
	CertChainBytes   []byte
	CertTTL          time.Duration
	SigningCertBytes []byte
	SigningKeyBytes  []byte
	RootCertBytes    []byte
}

IstioCAOptions holds the configurations for creating an Istio CA.

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.