Documentation
¶
Overview ¶
Package cert contains certificate specifications and certificate-specific management.
Index ¶
- type CA
- type File
- type Spec
- func (spec *Spec) Backoff() time.Duration
- func (spec *Spec) Certificate() *x509.Certificate
- func (spec *Spec) Dequeue()
- func (spec *Spec) Identity() *core.Identity
- func (spec *Spec) IsQueued() bool
- func (spec *Spec) Lifespan() time.Duration
- func (spec *Spec) Queue()
- func (spec *Spec) Ready() bool
- func (spec *Spec) RefreshKeys() error
- func (spec *Spec) ResetBackoff()
- func (spec *Spec) String() string
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type CA ¶
type CA struct {
Remote string `json:"remote" yaml:"remote"`
Label string `json:"label" yaml:"label"`
Profile string `json:"profile" yaml:"profile"`
AuthKey string `json:"auth_key" yaml:"auth_key"`
}
A CA contains the core details for a CFSSL CA.
type File ¶
type File struct {
Path string `json:"path" yaml:"path"`
Owner string `json:"owner" yaml:"owner"`
Group string `json:"group" yaml:"group"`
Mode string `json:"mode" yaml:"mode"`
// contains filtered or unexported fields
}
File contains path and ownership information for a file.
type Spec ¶
type Spec struct {
// The service is the service that uses this certificate. If
// this field is not empty, the action below will be applied
// to this service upon certificate renewal. It can also be
// used to describe what this certificate is for.
Service string `json:"service" yaml:"service"`
// Action is one of empty, "nop", "reload", or "restart" (see
// the svcmgr package for details).
Action string `json:"action" yaml:"action"`
// Request contains the CSR metadata needed to request a
// certificate.
Request *csr.CertificateRequest `json:"request" yaml:"request"`
// Key contains the file metadata for the private key.
Key *File `json:"private_key" yaml:"private_key"`
// Cert contains the file metadata for the certificate.
Cert *File `json:"certificate" yaml:"certificate"`
// CA specifies the certificate authority that should be used.
CA CA `json:"authority" yaml:"authority"`
// Path points to the on-disk location of the certificate
// spec.
Path string
// contains filtered or unexported fields
}
A Spec contains information needed to monitor and renew a certificate.
func (*Spec) Certificate ¶
func (spec *Spec) Certificate() *x509.Certificate
Certificate returns the x509.Certificate associated with the spec if one exists.
func (*Spec) Dequeue ¶
func (spec *Spec) Dequeue()
Dequeue marks the spec as having been removed from the renewal queue.
func (*Spec) Ready ¶
Ready returns true if the key pair specified by the Spec exists; it doesn't check whether it needs to be renewed.
func (*Spec) RefreshKeys ¶
RefreshKeys will make sure the key pair in the Spec has loaded keys and has a valid certificate. It will handle any persistence, check that the certificate is valid (i.e. that its expiry date is within the Before date), and handle certificate reissuance as needed.
func (*Spec) ResetBackoff ¶
func (spec *Spec) ResetBackoff()
ResetBackoff resets the spec's backoff.
Source Files