Documentation
¶
Overview ¶
Package gcsca implements the sign.CertificateAuthority interface with GCS backing.
Index ¶
- Constants
- Variables
- type CertificateAuthority
- func (ca *CertificateAuthority) AddFlags(cmd *cobra.Command)
- func (ca *CertificateAuthority) CABundle(ctx context.Context, keyVersionName string) ([]byte, error)
- func (ca *CertificateAuthority) Certificate(ctx context.Context, keyVersionName string) ([]byte, error)
- func (ca *CertificateAuthority) Finalize(ctx context.Context, m styp.CertificateAuthorityMutation) error
- func (ca *CertificateAuthority) Flush()
- func (ca *CertificateAuthority) InitContext(ctx context.Context) (context.Context, error)
- func (ca *CertificateAuthority) NewMutation() styp.CertificateAuthorityMutation
- func (ca *CertificateAuthority) PersistentPreRunE(c *cobra.Command, _ []string) error
- func (ca *CertificateAuthority) PrepareResources(ctx context.Context) error
- func (ca *CertificateAuthority) PrimaryRootKeyVersion(ctx context.Context) (string, error)
- func (ca *CertificateAuthority) PrimarySigningKeyVersion(ctx context.Context) (string, error)
- func (ca *CertificateAuthority) Wipeout(ctx context.Context) error
Constants ¶
const ManifestObjectName = "keyManifest.textproto"
ManifestObjectName is the objectName for the CA's key manifest file.
Variables ¶
var ( // ErrKeyExists is the error that Finalize returns if a mutation attempts to add an existing key and // Overwrite is not true. ErrKeyExists = errors.New("key exists in certificate authority") )
Functions ¶
This section is empty.
Types ¶
type CertificateAuthority ¶
type CertificateAuthority struct {
// RootPath is the object name for the root key certificate in the context's private bucket.
RootPath string
// PrivateBucket is the GCS bucket the CA certs reside in.
PrivateBucket string
// SigningCertDirInGCS is the path to the directory that stores signing key certificates in the
// GCS bucket.
SigningCertDirInGCS string
// Storage is a storage client the CA uses to read and write files.
Storage storagei.Client
// SigningKeyPrefix is the expected keyVersionName prefix for certificate bundles.
SigningKeyPrefix string
// contains filtered or unexported fields
}
CertificateAuthority implements both the sign.CertificateAuthority interface with GCS backing, and cmd.CommandComponent
func (*CertificateAuthority) AddFlags ¶
func (ca *CertificateAuthority) AddFlags(cmd *cobra.Command)
AddFlags adds any implementation-specific flags for the command component.
func (*CertificateAuthority) CABundle ¶
func (ca *CertificateAuthority) CABundle(ctx context.Context, keyVersionName string) ([]byte, error)
CABundle returns the intermediate..root certificate chain as consecutive PEM blocks for the signing key.
func (*CertificateAuthority) Certificate ¶
func (ca *CertificateAuthority) Certificate(ctx context.Context, keyVersionName string) ([]byte, error)
Certificate returns the certificate for the named key in DER format.
func (*CertificateAuthority) Finalize ¶
func (ca *CertificateAuthority) Finalize(ctx context.Context, m styp.CertificateAuthorityMutation) error
Finalize persists the changes to the CA represented by the given mutation.
func (*CertificateAuthority) Flush ¶
func (ca *CertificateAuthority) Flush()
Flush forces the next manifest use to read from storage.
func (*CertificateAuthority) InitContext ¶
InitContext modifies the keys.Context in ctx to use this implementation of the certificate authority interface.
func (*CertificateAuthority) NewMutation ¶
func (ca *CertificateAuthority) NewMutation() styp.CertificateAuthorityMutation
NewMutation returns a new CertificateAuthorityMutation.
func (*CertificateAuthority) PersistentPreRunE ¶
func (ca *CertificateAuthority) PersistentPreRunE(c *cobra.Command, _ []string) error
PersistentPreRunE returns an error if the results of the parsed flags constitute an error.
func (*CertificateAuthority) PrepareResources ¶
func (ca *CertificateAuthority) PrepareResources(ctx context.Context) error
PrepareResources ensures all necessary resources are present for the CA to function. This is needed for bootstrapping. Specifically this ensures the storage bucket exists.
func (*CertificateAuthority) PrimaryRootKeyVersion ¶
func (ca *CertificateAuthority) PrimaryRootKeyVersion(ctx context.Context) (string, error)
PrimaryRootKeyVersion returns the keyVersionName of the active root key.
func (*CertificateAuthority) PrimarySigningKeyVersion ¶
func (ca *CertificateAuthority) PrimarySigningKeyVersion(ctx context.Context) (string, error)
PrimarySigningKeyVersion returns the keyVersionName of the active signing key.
Source Files