Documentation ¶
Index ¶
- Constants
- Variables
- type Client
- func (c *Client) CanGenerateCSR(ctx context.Context) (bool, error)
- func (c *Client) GetCertificates(ctx context.Context) (map[string]*x509.Certificate, error)
- func (c *Client) Install(ctx context.Context, certID string, minKeySize uint32, params pkix.Name, ...) error
- func (c *Client) RevokeCertificates(ctx context.Context, certIDs []string) ([]string, map[string]string, error)
- func (c *Client) Rotate(ctx context.Context, certID string, minKeySize uint32, params pkix.Name, ...) error
- type Info
- type Manager
- func (cm *Manager) GenCSR(subject pkix.Name) ([]byte, error)
- func (cm *Manager) GetCertInfo() ([]*Info, error)
- func (cm *Manager) Install(certID string, pemCert []byte, pemCACerts [][]byte) error
- func (cm *Manager) RegisterNotifier(f Notifier)
- func (cm *Manager) Revoke(revoke []string) ([]string, map[string]string, error)
- func (cm *Manager) Rotate(certID string, pemCert []byte, pemCACerts [][]byte) (func(), func(), error)
- func (cm *Manager) TLSCertificates() ([]tls.Certificate, *x509.CertPool)
- type ManagerInterface
- type Notifier
- type Server
- func (s *Server) CanGenerateCSR(ctx context.Context, request *pb.CanGenerateCSRRequest) (*pb.CanGenerateCSRResponse, error)
- func (s *Server) GetCertificates(ctx context.Context, request *pb.GetCertificatesRequest) (*pb.GetCertificatesResponse, error)
- func (s *Server) Install(stream pb.CertificateManagement_InstallServer) error
- func (s *Server) Register(g *grpc.Server)
- func (s *Server) RevokeCertificates(ctx context.Context, request *pb.RevokeCertificatesRequest) (*pb.RevokeCertificatesResponse, error)
- func (s *Server) Rotate(stream pb.CertificateManagement_RotateServer) error
- type Settings
Constants ¶
const RSABitSize = 2048
RSABitSize is the size of the required RSA Private Key.
Variables ¶
var PEMtox509 = func(bytes []byte) (*x509.Certificate, error) { certDERBlock, _ := pem.Decode(bytes) if certDERBlock == nil { return nil, fmt.Errorf("failed to decode PEM block") } certificate, err := x509.ParseCertificate(certDERBlock.Bytes) if err != nil { return nil, fmt.Errorf("failed to decode DER bytes") } certificate.DNSNames = []string{certificate.Issuer.CommonName} return certificate, nil }
PEMtox509 decodes a PEM block into a x509.Certificate.
Functions ¶
This section is empty.
Types ¶
type Client ¶
type Client struct {
// contains filtered or unexported fields
}
Client is a Certificate Management service client.
func (*Client) CanGenerateCSR ¶
CanGenerateCSR checks if the target can generate a CSR.
func (*Client) GetCertificates ¶
GetCertificates gets a map of certificates in the target, certID to certificate
func (*Client) Install ¶
func (c *Client) Install(ctx context.Context, certID string, minKeySize uint32, params pkix.Name, ipAddress string, sign func(*x509.CertificateRequest) (*x509.Certificate, error), caBundle []*x509.Certificate) error
Install installs a certificate.
type Info ¶
type Info struct {
// contains filtered or unexported fields
}
Info contains information about a x509 Certificate.
type Manager ¶
type Manager struct {
// contains filtered or unexported fields
}
Manager manages Certificates and CA Bundles.
func (*Manager) GetCertInfo ¶
GetCertInfo returns all the Certificates, Certificate IDs and updated times.
func (*Manager) RegisterNotifier ¶
RegisterNotifier registers a function that will be called everytime the number of Certificates or CA certificates changes.
func (*Manager) Rotate ¶
func (cm *Manager) Rotate(certID string, pemCert []byte, pemCACerts [][]byte) (func(), func(), error)
Rotate rotates Certificates and optionally updates the CA Bundles.
func (*Manager) TLSCertificates ¶
func (cm *Manager) TLSCertificates() ([]tls.Certificate, *x509.CertPool)
TLSCertificates returns a list of TLS Certificates and a x509 Pool of CA Certificates.
type ManagerInterface ¶
type ManagerInterface interface { Install(string, []byte, [][]byte) error Rotate(string, []byte, [][]byte) (func(), func(), error) GenCSR(pkix.Name) ([]byte, error) GetCertInfo() ([]*Info, error) Revoke([]string) ([]string, map[string]string, error) }
ManagerInterface provides the necessary methods to handle the Certificate Management service.
type Server ¶
type Server struct {
// contains filtered or unexported fields
}
Server is a Certificate Management service.
func NewServer ¶
func NewServer(manager ManagerInterface) *Server
NewServer returns a Certificate Management Server.
func (*Server) CanGenerateCSR ¶
func (s *Server) CanGenerateCSR(ctx context.Context, request *pb.CanGenerateCSRRequest) (*pb.CanGenerateCSRResponse, error)
CanGenerateCSR returns if it can generate CSRs with the given properties.
func (*Server) GetCertificates ¶
func (s *Server) GetCertificates(ctx context.Context, request *pb.GetCertificatesRequest) (*pb.GetCertificatesResponse, error)
GetCertificates returns installed certificates.
func (*Server) Install ¶
func (s *Server) Install(stream pb.CertificateManagement_InstallServer) error
Install installs a certificate.
func (*Server) RevokeCertificates ¶
func (s *Server) RevokeCertificates(ctx context.Context, request *pb.RevokeCertificatesRequest) (*pb.RevokeCertificatesResponse, error)
RevokeCertificates revokes certificates.
type Settings ¶
type Settings struct { CertID string Cert *tls.Certificate CA *x509.Certificate }
Settings contains the certs and CA pool to be passed into the Manager.