Documentation
¶
Index ¶
Constants ¶
View Source
const ( // TrustBundleK8sName is the name of the kubernetes secret that holds the // issuer certificate key pair and trust anchors, and configmap that holds // the trust anchors. TrustBundleK8sName = "dapr-trust-bundle" /* #nosec */ )
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Bundle ¶
type Bundle struct {
TrustAnchors []byte
IssChainPEM []byte
IssKeyPEM []byte
IssChain []*x509.Certificate
IssKey any
}
Bundle is the bundle of certificates and keys used by the CA.
type SignRequest ¶
type SignRequest struct {
// Public key of the certificate request.
PublicKey crypto.PublicKey
// Signature of the certificate request.
SignatureAlgorithm x509.SignatureAlgorithm
// TrustDomain is the trust domain of the client.
TrustDomain string
// Namespace is the namespace of the client.
Namespace string
// AppID is the app id of the client.
AppID string
// Optional DNS names to add to the certificate.
DNS []string
}
SignRequest signs a certificate request with the issuer certificate.
type Signer ¶
type Signer interface {
// SignIdentity signs a certificate request with the issuer certificate. Note
// that this does not include the trust anchors, and does not perform _any_
// kind of validation on the request; authz should already have happened
// before this point.
// If given true, then the certificate duration will be given the largest
// possible according to the signing certificate.
// TODO: @joshvanl: Remove bool value in v1.13 as the inject no longer needs
// to request other identities.
SignIdentity(context.Context, *SignRequest, bool) ([]*x509.Certificate, error)
// TrustAnchors returns the trust anchors for the CA in PEM format.
TrustAnchors() []byte
}
Signer is the interface for the CA.
Source Files
Click to show internal directories.
Click to hide internal directories.