cert

package

v0.0.0-...-232e0ad Latest Latest Go to latest Published: Apr 26, 2018 License: BSD-2-Clause Imports: 21 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/dqminh/certmgr

Links

Open Source Insights

Documentation ¶

Overview ¶

Package cert contains certificate specifications and certificate-specific management.

Index ¶

type CA
- func (ca *CA) Load() error
- func (ca *CA) Refresh() (bool, error)
type File
type Spec
- func Load(path, remote string, before time.Duration) (*Spec, error)

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type CA ¶

type CA struct {
	Name        string `json:"name" yaml:"name"`
	Remote      string `json:"remote" yaml:"remote"`
	Label       string `json:"label" yaml:"label"`
	Profile     string `json:"profile" yaml:"profile"`
	AuthKey     string `json:"auth_key" yaml:"auth_key"`
	AuthKeyFile string `json:"auth_key_file" yaml:"auth_key_file"`
	File        *File  `json:"file,omitempty" yaml:"file,omitempty"`
	// contains filtered or unexported fields
}

A CA contains the core details for a CFSSL CA. There are two ways to use this: fill out Name to refer to a global CA (e.g. as defined in the config file) or fill out Remote, Label, Profile, and AuthKey.

func (*CA) Load ¶

func (ca *CA) Load() error

Load reads the CA certificate from the configured remote, and if a File section is present in the config, it will attempt to write the CA certificate to disk.

func (*CA) Refresh ¶

func (ca *CA) Refresh() (bool, error)

Refresh fetches the latest CA cert. If it has changed, write the new CA cert and return true.

type File ¶

type File struct {
	Path  string `json:"path" yaml:"path"`
	Owner string `json:"owner" yaml:"owner"`
	Group string `json:"group" yaml:"group"`
	Mode  string `json:"mode" yaml:"mode"`
	// contains filtered or unexported fields
}

File contains path and ownership information for a file.

func (*File) Parse ¶

func (f *File) Parse(hint string) (err error)

Parse sets up the File structure from its string parameters; the hint is used to provide a hint as to what file is being processed for use in error messages. This includes validating that the user and group referenced exist; providing sensible defaults, and processing the mode. The method is intended to allow set up after unmarshalling from a configuration file.

func (*File) Remove ¶

func (f *File) Remove() error

Remove deletes the file specified by the Path field.

func (*File) Set ¶

func (f *File) Set() error

Set ensures the file has the right owner/group and mode.

type Spec ¶

type Spec struct {

	// This defines the service manager to use.  This should be defined
	// globally rather than per cert- it's allowed here to allow cert
	// definitions to use a servicemanager of 'command' to allow freeform
	// invocations.
	ServiceManager string `json:"svcmgr" yaml:"svcmgr"`

	// The service is the service that uses this certificate. If
	// this field is not empty, the action below will be applied
	// to this service upon certificate renewal. It can also be
	// used to describe what this certificate is for.
	Service string `json:"service" yaml:"service"`

	// Action is one of empty, "nop", "reload", or "restart" (see
	// the svcmgr package for details).
	Action string `json:"action" yaml:"action"`

	// Request contains the CSR metadata needed to request a
	// certificate.
	Request *csr.CertificateRequest `json:"request" yaml:"request"`

	// Key contains the file metadata for the private key.
	Key *File `json:"private_key" yaml:"private_key"`

	// Cert contains the file metadata for the certificate.
	Cert *File `json:"certificate" yaml:"certificate"`

	// CA specifies the certificate authority that should be used.
	CA CA `json:"authority" yaml:"authority"`

	// Path points to the on-disk location of the certificate
	// spec.
	Path string
	// contains filtered or unexported fields
}

A Spec contains information needed to monitor and renew a certificate.

func Load ¶

func Load(path, remote string, before time.Duration) (*Spec, error)

Load reads a spec from a JSON configuration file.

func (*Spec) Backoff ¶

func (spec *Spec) Backoff() time.Duration

Backoff returns the backoff delay.

func (*Spec) Certificate ¶

func (spec *Spec) Certificate() *x509.Certificate

Certificate returns the x509.Certificate associated with the spec if one exists.

func (*Spec) Dequeue ¶

func (spec *Spec) Dequeue()

Dequeue marks the spec as having been removed from the renewal queue.

func (*Spec) Identity ¶

func (spec *Spec) Identity() (*core.Identity, error)

Identity creates a transport package identity for the certificate.

func (*Spec) IsQueued ¶

func (spec *Spec) IsQueued() bool

IsQueued returns true if the spec is already queued for renewal.

func (*Spec) Lifespan ¶

func (spec *Spec) Lifespan() time.Duration

Lifespan returns a time.Duration for the certificate's validity.

func (*Spec) Queue ¶

func (spec *Spec) Queue()

Queue marks the spec as being queued for renewal.

func (*Spec) Ready ¶

func (spec *Spec) Ready() bool

Ready returns true if the key pair specified by the Spec exists; it doesn't check whether it needs to be renewed.

func (*Spec) RefreshKeys ¶

func (spec *Spec) RefreshKeys() error

RefreshKeys will make sure the key pair in the Spec has loaded keys and has a valid certificate. It will handle any persistence, check that the certificate is valid (i.e. that its expiry date is within the Before date), and handle certificate reissuance as needed.

func (*Spec) ResetBackoff ¶

func (spec *Spec) ResetBackoff()

ResetBackoff resets the spec's backoff.

func (*Spec) String ¶

func (spec *Spec) String() string

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL