certificates

package

v0.0.0-...-baf11bc Latest Latest Go to latest Published: Jul 2, 2020 License: Apache-2.0 Imports: 14 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/kfurgol/compass

Documentation ¶

Index ¶

func ToCertificationResult(encodedChain EncodedCertificateChain) externalschema.CertificationResult
type CSRSubject
type CSRSubjectConsts
- func (s CSRSubjectConsts) ToString(commonName string) string
type Cache
- func NewCertificateCache() Cache
type CertificateUtility
- func NewCertificateUtility(certificateValidityTime time.Duration) CertificateUtility
type EncodedCertificateChain
type Loader
- func NewCertificateLoader(certificatesCache Cache, repository secrets.Repository, ...) Loader
type Service
- func NewCertificateService(certificateCache Cache, certUtil CertificateUtility, ...) Service

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func ToCertificationResult ¶

func ToCertificationResult(encodedChain EncodedCertificateChain) externalschema.CertificationResult

Types ¶

type CSRSubject ¶

type CSRSubject struct {
	CommonName string
	CSRSubjectConsts
}

type CSRSubjectConsts ¶

type CSRSubjectConsts struct {
	Country            string
	Organization       string
	OrganizationalUnit string
	Locality           string
	Province           string
}

func (CSRSubjectConsts) ToString ¶

func (s CSRSubjectConsts) ToString(commonName string) string

type Cache ¶

type Cache interface {
	Put(certName string, data map[string][]byte)
	Get(certName string) (map[string][]byte, apperrors.AppError)
}

func NewCertificateCache ¶

func NewCertificateCache() Cache

type CertificateUtility ¶

type CertificateUtility interface {
	LoadCert(encodedData []byte) (*x509.Certificate, apperrors.AppError)
	LoadKey(encodedData []byte) (*rsa.PrivateKey, apperrors.AppError)
	LoadCSR(encodedData []byte) (*x509.CertificateRequest, apperrors.AppError)
	CheckCSRValues(csr *x509.CertificateRequest, subject CSRSubject) apperrors.AppError
	SignCSR(caCrt *x509.Certificate, csr *x509.CertificateRequest, caKey *rsa.PrivateKey) ([]byte, apperrors.AppError)
	AddCertificateHeaderAndFooter(crtRaw []byte) []byte
}

func NewCertificateUtility ¶

func NewCertificateUtility(certificateValidityTime time.Duration) CertificateUtility

type EncodedCertificateChain ¶

type EncodedCertificateChain struct {
	CertificateChain  string
	ClientCertificate string
	CaCertificate     string
}

type Loader ¶

type Loader interface {
	Run()
}

func NewCertificateLoader ¶

func NewCertificateLoader(certificatesCache Cache,
	repository secrets.Repository,
	caSecretName types.NamespacedName,
	rootCACertificateSecretName types.NamespacedName) Loader

type Service ¶

type Service interface {
	// SignCSR takes encoded CSR, validates subject and generates Certificate based on CA stored in secret
	// returns base64 encoded certificate chain
	SignCSR(encodedCSR []byte, subject CSRSubject) (EncodedCertificateChain, apperrors.AppError)
}

func NewCertificateService ¶

func NewCertificateService(
	certificateCache Cache,
	certUtil CertificateUtility,
	caSecretName, rootCACertificateSecretName string,
	caCertificateSecretKey, caKeySecretKey, rootCACertificateSecretKey string) Service

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
mocks

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL