Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func NewCertificateAuthorityDatabaseImpl ¶
func NewCertificateAuthorityDatabaseImpl(driver string, name string) (cadb core.CertificateAuthorityDatabase, err error)
NewCertificateAuthorityDatabaseImpl constructs a Database for the Certificate Authority.
Types ¶
type CertificateAuthorityDatabaseImpl ¶
type CertificateAuthorityDatabaseImpl struct {
// contains filtered or unexported fields
}
CertificateAuthorityDatabaseImpl represents a database used by the CA; it enforces transaction semantics, and is effectively single-threaded.
func (*CertificateAuthorityDatabaseImpl) Begin ¶
func (cadb *CertificateAuthorityDatabaseImpl) Begin() (err error)
Begin starts a Database transaction. There can only be one in this object at a time.
func (*CertificateAuthorityDatabaseImpl) Commit ¶
func (cadb *CertificateAuthorityDatabaseImpl) Commit() (err error)
Commit makes permanent a database transaction; there must be an active transaction when called.
func (*CertificateAuthorityDatabaseImpl) IncrementAndGetSerial ¶
func (cadb *CertificateAuthorityDatabaseImpl) IncrementAndGetSerial() (val int, err error)
IncrementAndGetSerial returns the next-available serial number, incrementing it in the database before returning. There must be an active transaction to call this method. Callers should Begin the transaction, call this method, perform any other work, and Commit at the end once the certificate is issued.
func (*CertificateAuthorityDatabaseImpl) Rollback ¶
func (cadb *CertificateAuthorityDatabaseImpl) Rollback() (err error)
Rollback cancels the ongoing database transaction; there must be an active transaction when called.
type CertificateAuthorityImpl ¶
type CertificateAuthorityImpl struct {
Signer signer.Signer
OCSPSigner ocsp.Signer
SA core.StorageAuthority
PA core.PolicyAuthority
DB core.CertificateAuthorityDatabase
Prefix int // Prepended to the serial number
ValidityPeriod time.Duration
NotAfter time.Time
// contains filtered or unexported fields
}
CertificateAuthorityImpl represents a CA that signs certificates, CRLs, and OCSP responses.
func NewCertificateAuthorityImpl ¶
func NewCertificateAuthorityImpl(cadb core.CertificateAuthorityDatabase, config Config) (*CertificateAuthorityImpl, error)
NewCertificateAuthorityImpl creates a CA that talks to a remote CFSSL instance. (To use a local signer, simply instantiate CertificateAuthorityImpl directly.) Communications with the CA are authenticated with MACs, using CFSSL's authenticated signature scheme. A CA created in this way issues for a single profile on the remote signer, which is indicated by name in this constructor.
func (*CertificateAuthorityImpl) IssueCertificate ¶
func (ca *CertificateAuthorityImpl) IssueCertificate(csr x509.CertificateRequest, regID int64) (core.Certificate, error)
IssueCertificate attempts to convert a CSR into a signed Certificate, while enforcing all policies.
func (*CertificateAuthorityImpl) RevokeCertificate ¶
func (ca *CertificateAuthorityImpl) RevokeCertificate(serial string) (err error)
type Config ¶
type Config struct {
Server string
AuthKey string
Profile string
TestMode bool
DBDriver string
DBName string
SerialPrefix int
// Path to a PEM-encoded copy of the issuer certificate.
IssuerCert string
// This field is only allowed if TestMode is true, indicating that we are
// signing with a local key. In production we will use an HSM and this
// IssuerKey must be empty (and TestMode must be false). PEM-encoded private
// key used for signing certificates and OCSP responses.
IssuerKey string
// How long issue certificates are valid for, should match expiry field
// in cfssl config.
Expiry string
}
Source Files