ca

package
v1.12.2 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Nov 17, 2023 License: Apache-2.0 Imports: 25 Imported by: 2

Documentation

Index

Constants

View Source
const (
	// TrustBundleK8sName is the name of the kubernetes secret that holds the
	// issuer certificate key pair and trust anchors, and configmap that holds
	// the trust anchors.
	TrustBundleK8sName = "dapr-trust-bundle" /* #nosec */
)

Variables

This section is empty.

Functions

This section is empty.

Types

type Bundle

type Bundle struct {
	TrustAnchors []byte
	IssChainPEM  []byte
	IssKeyPEM    []byte
	IssChain     []*x509.Certificate
	IssKey       any
}

Bundle is the bundle of certificates and keys used by the CA.

func GenerateBundle

func GenerateBundle(rootKey crypto.Signer, trustDomain string, allowedClockSkew time.Duration, overrideCATTL *time.Duration) (Bundle, error)

type SignRequest

type SignRequest struct {
	// Public key of the certificate request.
	PublicKey crypto.PublicKey

	// Signature of the certificate request.
	SignatureAlgorithm x509.SignatureAlgorithm

	// TrustDomain is the trust domain of the client.
	TrustDomain string

	// Namespace is the namespace of the client.
	Namespace string

	// AppID is the app id of the client.
	AppID string

	// Optional DNS names to add to the certificate.
	DNS []string
}

SignRequest signs a certificate request with the issuer certificate.

type Signer

type Signer interface {
	// SignIdentity signs a certificate request with the issuer certificate. Note
	// that this does not include the trust anchors, and does not perform _any_
	// kind of validation on the request; authz should already have happened
	// before this point.
	// If given true, then the certificate duration will be given the largest
	// possible according to the signing certificate.
	// TODO: @joshvanl: Remove bool value in v1.13 as the inject no longer needs
	// to request other identities.
	SignIdentity(context.Context, *SignRequest, bool) ([]*x509.Certificate, error)

	// TrustAnchors returns the trust anchors for the CA in PEM format.
	TrustAnchors() []byte
}

Signer is the interface for the CA.

func New

func New(ctx context.Context, conf config.Config) (Signer, error)

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL