cert

package
v0.0.0-...-ca2f5af Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Mar 12, 2021 License: Apache-2.0 Imports: 17 Imported by: 0

Documentation

Index

Constants

View Source
const RSABitSize = 2048

RSABitSize is the size of the required RSA Private Key.

Variables

View Source
var PEMtox509 = func(bytes []byte) (*x509.Certificate, error) {
	certDERBlock, _ := pem.Decode(bytes)
	if certDERBlock == nil {
		return nil, fmt.Errorf("failed to decode PEM block")
	}
	certificate, err := x509.ParseCertificate(certDERBlock.Bytes)
	if err != nil {
		return nil, fmt.Errorf("failed to decode DER bytes")
	}
	certificate.DNSNames = []string{certificate.Issuer.CommonName}
	return certificate, nil
}

PEMtox509 decodes a PEM block into a x509.Certificate.

Functions

This section is empty.

Types

type Client

type Client struct {
	// contains filtered or unexported fields
}

Client is a Certificate Management service client.

func NewClient

func NewClient(c *grpc.ClientConn) *Client

NewClient returns a new Client.

func (*Client) CanGenerateCSR

func (c *Client) CanGenerateCSR(ctx context.Context) (bool, error)

CanGenerateCSR checks if the target can generate a CSR.

func (*Client) GetCertificates

func (c *Client) GetCertificates(ctx context.Context) (map[string]*x509.Certificate, error)

GetCertificates gets a map of certificates in the target, certID to certificate

func (*Client) Install

func (c *Client) Install(ctx context.Context, certID string, minKeySize uint32, params pkix.Name, ipAddress string, sign func(*x509.CertificateRequest) (*x509.Certificate, error), caBundle []*x509.Certificate) error

Install installs a certificate.

func (*Client) RevokeCertificates

func (c *Client) RevokeCertificates(ctx context.Context, certIDs []string) ([]string, map[string]string, error)

RevokeCertificates revokes certificates in the target, returns revoked certificates, a map of certID to error for the ones that failed to be revoked.

func (*Client) Rotate

func (c *Client) Rotate(ctx context.Context, certID string, minKeySize uint32, params pkix.Name, ipAddress string, sign func(*x509.CertificateRequest) (*x509.Certificate, error), caBundle []*x509.Certificate, validate func() error) error

Rotate rotates a certificate.

type Info

type Info struct {
	// contains filtered or unexported fields
}

Info contains information about a x509 Certificate.

type Manager

type Manager struct {
	// contains filtered or unexported fields
}

Manager manages Certificates and CA Bundles.

func NewManager

func NewManager(settings *Settings) *Manager

NewManager returns a Manager.

func (*Manager) GenCSR

func (cm *Manager) GenCSR(subject pkix.Name) ([]byte, error)

GenCSR generates and returns a CSR based on the provided parameters.

func (*Manager) GetCertInfo

func (cm *Manager) GetCertInfo() ([]*Info, error)

GetCertInfo returns all the Certificates, Certificate IDs and updated times.

func (*Manager) Install

func (cm *Manager) Install(certID string, pemCert []byte, pemCACerts [][]byte) error

Install installs new Certificates and optionally updates the CA Bundles.

func (*Manager) RegisterNotifier

func (cm *Manager) RegisterNotifier(f Notifier)

RegisterNotifier registers a function that will be called everytime the number of Certificates or CA certificates changes.

func (*Manager) Revoke

func (cm *Manager) Revoke(revoke []string) ([]string, map[string]string, error)

Revoke revokes Certificates.

func (*Manager) Rotate

func (cm *Manager) Rotate(certID string, pemCert []byte, pemCACerts [][]byte) (func(), func(), error)

Rotate rotates Certificates and optionally updates the CA Bundles.

func (*Manager) TLSCertificates

func (cm *Manager) TLSCertificates() ([]tls.Certificate, *x509.CertPool)

TLSCertificates returns a list of TLS Certificates and a x509 Pool of CA Certificates.

type ManagerInterface

type ManagerInterface interface {
	Install(string, []byte, [][]byte) error
	Rotate(string, []byte, [][]byte) (func(), func(), error)
	GenCSR(pkix.Name) ([]byte, error)
	GetCertInfo() ([]*Info, error)
	Revoke([]string) ([]string, map[string]string, error)
}

ManagerInterface provides the necessary methods to handle the Certificate Management service.

type Notifier

type Notifier func(int, int)

Notifier is called with number of Certificates and CA Certificates.

type Server

type Server struct {
	// contains filtered or unexported fields
}

Server is a Certificate Management service.

func NewServer

func NewServer(manager ManagerInterface) *Server

NewServer returns a Certificate Management Server.

func (*Server) CanGenerateCSR

func (s *Server) CanGenerateCSR(ctx context.Context, request *pb.CanGenerateCSRRequest) (*pb.CanGenerateCSRResponse, error)

CanGenerateCSR returns if it can generate CSRs with the given properties.

func (*Server) GetCertificates

func (s *Server) GetCertificates(ctx context.Context, request *pb.GetCertificatesRequest) (*pb.GetCertificatesResponse, error)

GetCertificates returns installed certificates.

func (*Server) Install

Install installs a certificate.

func (*Server) Register

func (s *Server) Register(g *grpc.Server)

Register registers the server into the gRPC server provided.

func (*Server) RevokeCertificates

func (s *Server) RevokeCertificates(ctx context.Context, request *pb.RevokeCertificatesRequest) (*pb.RevokeCertificatesResponse, error)

RevokeCertificates revokes certificates.

func (*Server) Rotate

Rotate allows rotating a certificate.

type Settings

type Settings struct {
	CertID string
	Cert   *tls.Certificate
	CA     *x509.Certificate
}

Settings contains the certs and CA pool to be passed into the Manager.

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL