Documentation ¶
Index ¶
- Constants
- Variables
- type StandardPaths
- type XKeyProvider
- func (sp *XKeyProvider) Certificate() *x509.Certificate
- func (sp *XKeyProvider) CertificateRequest(_ *csr.CertificateRequest) ([]byte, error)
- func (sp *XKeyProvider) Check() error
- func (sp *XKeyProvider) Generate(algo string, size int) (err error)
- func (sp *XKeyProvider) Load() (err error)
- func (sp *XKeyProvider) Persistent() bool
- func (sp *XKeyProvider) Ready() bool
- func (sp *XKeyProvider) SetCertificatePEM(certPEM []byte) error
- func (sp *XKeyProvider) SetPrivateKeyPEM(pem []byte) error
- func (sp *XKeyProvider) SignCSR(tpl *x509.CertificateRequest) ([]byte, error)
- func (sp *XKeyProvider) SignalFailure(err error) bool
- func (sp *XKeyProvider) Store() error
- func (sp *XKeyProvider) X509KeyPair() (tls.Certificate, error)
Constants ¶
const ( DefaultPrivateKeyPath = "/var/run/xkey/key.pem" DefaultCertificatePath = "/var/run/xkey/cert.pem" )
Variables ¶
var ( // ErrMissingKeyPath is returned if the XKeyProvider has // specified a certificate path but not a key path. ErrMissingKeyPath = errors.New("transport: standard provider is missing a private key path to accompany the certificate path") // ErrMissingCertPath is returned if the XKeyProvider has // specified a private key path but not a certificate path. ErrMissingCertPath = errors.New("transport: standard provider is missing a certificate path to accompany the certificate path") )
ErrCertificateUnavailable is returned when a key is available, but there is no accompanying certificate.
Functions ¶
This section is empty.
Types ¶
type StandardPaths ¶
type StandardPaths struct { KeyFile string `json:"private_key"` CertFile string `json:"certificate"` }
StandardPaths contains a path to a key file and certificate file.
type XKeyProvider ¶
type XKeyProvider struct { Paths StandardPaths `json:"paths"` *spiffe.IDGIdentity `json:"idg_identity"` DiskStore bool CSRConf keygen.CSRConf // contains filtered or unexported fields }
XKeyProvider provides unencrypted PEM-encoded certificates and private keys. If paths are provided, the key and certificate will be stored on disk.
func NewXKeyProvider ¶
func NewXKeyProvider(id *spiffe.IDGIdentity) (*XKeyProvider, error)
NewXKeyProvider sets up new XKeyProvider from the information contained in an Identity.
func (*XKeyProvider) Certificate ¶
func (sp *XKeyProvider) Certificate() *x509.Certificate
Certificate returns the associated certificate, or nil if one isn't ready.
func (*XKeyProvider) CertificateRequest ¶
func (sp *XKeyProvider) CertificateRequest(_ *csr.CertificateRequest) ([]byte, error)
CertificateRequest takes some metadata about a certificate request, and attempts to produce a certificate signing request suitable for sending to a certificate authority.
func (*XKeyProvider) Check ¶
func (sp *XKeyProvider) Check() error
Check ensures that the paths are valid for the provider.
func (*XKeyProvider) Generate ¶
func (sp *XKeyProvider) Generate(algo string, size int) (err error)
Generate generates a new private key.
func (*XKeyProvider) Load ¶
func (sp *XKeyProvider) Load() (err error)
Load a private key and certificate from disk.
func (*XKeyProvider) Persistent ¶
func (sp *XKeyProvider) Persistent() bool
Persistent returns true if the key and certificate will be stored on disk.
func (*XKeyProvider) Ready ¶
func (sp *XKeyProvider) Ready() bool
Ready returns true if the provider has a key and certificate loaded. The certificate should be checked by the end user for validity.
func (*XKeyProvider) SetCertificatePEM ¶
func (sp *XKeyProvider) SetCertificatePEM(certPEM []byte) error
SetCertificatePEM receives a PEM-encoded certificate and loads it into the provider.
func (*XKeyProvider) SetPrivateKeyPEM ¶
func (sp *XKeyProvider) SetPrivateKeyPEM(pem []byte) error
SetPrivateKeyPEM ...
func (*XKeyProvider) SignCSR ¶
func (sp *XKeyProvider) SignCSR(tpl *x509.CertificateRequest) ([]byte, error)
SignCSR takes a template certificate request and signs it.
func (*XKeyProvider) SignalFailure ¶
func (sp *XKeyProvider) SignalFailure(err error) bool
SignalFailure is provided to implement the KeyProvider interface, and always returns false.
func (*XKeyProvider) Store ¶
func (sp *XKeyProvider) Store() error
Store writes the key and certificate to disk, if necessary.
func (*XKeyProvider) X509KeyPair ¶
func (sp *XKeyProvider) X509KeyPair() (tls.Certificate, error)
X509KeyPair returns a tls.Certificate for the provider.