creds

package

v0.1.7 Latest Latest Go to latest Published: Aug 4, 2021 License: Apache-2.0 Imports: 26 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/bsycorp/keymaster

Documentation ¶

Index ¶

Constants
func GenerateSubjectKeyId(pub crypto.PublicKey) ([]byte, error)
func RandomSerial() (*big.Int, error)
type Credentials
type EncodedUserKeyPair
type Issuer
- func NewFromConfig(role *api.RoleConfig, config *api.Config) (*Issuer, error)
- func (i *Issuer) IssueFor(u *api.AuthInfo) ([]api.Cred, error)
type KubeIssuer
- func NewKubeIssuer(certPem, keyPem []byte) (*KubeIssuer, error)
- func (issuer *KubeIssuer) GenerateUserKeyPair(cn string, orgs []string, validForSeconds int) (*UserKeyPair, error)
type SSHIssuer
- func (issuer *SSHIssuer) CreateSignedCertificate(ca ssh.Signer, publicKey ssh.PublicKey, privateKey *rsa.PrivateKey, ...) (*Credentials, error)
- func (issuer *SSHIssuer) GenerateKeyPair(user *UserInfo) (ssh.PublicKey, *rsa.PrivateKey, error)
type STSIssuer
- func NewSTSIssuer(STS stsiface.STSAPI, roleArn string) *STSIssuer
- func (i *STSIssuer) IssueFor(u *api.AuthInfo) ([]api.Cred, error)
type UserInfo
type UserKeyPair
- func (kp *UserKeyPair) Encode() *EncodedUserKeyPair

Constants ¶

View Source

const (
	RsaKeyBits     = 2048
	CertFileSuffix = ".cert"
	KeyFileSuffix  = ".key"
)

View Source

const (
	KeyBits            = 2048
	MaxValidForSeconds = 7 * 24 * 3600
)

Variables ¶

This section is empty.

Functions ¶

func GenerateSubjectKeyId ¶

func GenerateSubjectKeyId(pub crypto.PublicKey) ([]byte, error)

GenerateSubjectKeyId generates SubjectKeyId used in Certificate Id is 160-bit SHA-1 hash of the value of the BIT STRING subjectPublicKey

func RandomSerial ¶

func RandomSerial() (*big.Int, error)

Types ¶

type Credentials ¶

type Credentials struct {
	Certificate []byte
	PrivateKey  []byte
}

type EncodedUserKeyPair ¶

type EncodedUserKeyPair struct {
	PublicKeyPEM  []byte
	PrivateKeyPEM []byte
}

type Issuer ¶

type Issuer struct {
	// contains filtered or unexported fields
}

func NewFromConfig ¶

func NewFromConfig(role *api.RoleConfig, config *api.Config) (*Issuer, error)

func (*Issuer) IssueFor ¶

func (i *Issuer) IssueFor(u *api.AuthInfo) ([]api.Cred, error)

type KubeIssuer ¶

type KubeIssuer struct {
	CAKeypair     *tls.Certificate
	CACert        *x509.Certificate
	CACertEncoded string
	Clock         clockwork.Clock
}

func NewKubeIssuer ¶

func NewKubeIssuer(certPem, keyPem []byte) (*KubeIssuer, error)

func (*KubeIssuer) GenerateUserKeyPair ¶

func (issuer *KubeIssuer) GenerateUserKeyPair(cn string, orgs []string, validForSeconds int) (*UserKeyPair, error)

Generate a signed certificate for the specified CN and OrganizationalUnits. These map to the username and roles/groups in kubernetes.

type SSHIssuer ¶

type SSHIssuer struct {
	Random io.Reader
	Clock  clockwork.Clock
}

func (*SSHIssuer) CreateSignedCertificate ¶

func (issuer *SSHIssuer) CreateSignedCertificate(ca ssh.Signer, publicKey ssh.PublicKey, privateKey *rsa.PrivateKey, user *UserInfo, extensions map[string]string, options map[string]string) (*Credentials, error)

func (*SSHIssuer) GenerateKeyPair ¶

func (issuer *SSHIssuer) GenerateKeyPair(user *UserInfo) (ssh.PublicKey, *rsa.PrivateKey, error)

type STSIssuer ¶

type STSIssuer struct {
	STS     stsiface.STSAPI
	RoleArn string
}

func NewSTSIssuer ¶

func NewSTSIssuer(STS stsiface.STSAPI, roleArn string) *STSIssuer

func (*STSIssuer) IssueFor ¶

func (i *STSIssuer) IssueFor(u *api.AuthInfo) ([]api.Cred, error)

type UserInfo ¶

type UserInfo struct {
	Identity        string
	Principals      []string
	ValidForSeconds int
}

type UserKeyPair ¶

type UserKeyPair struct {
	PublicKey  []byte
	PrivateKey []byte
}

func (*UserKeyPair) Encode ¶

func (kp *UserKeyPair) Encode() *EncodedUserKeyPair

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL