Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func AddChallenge ¶
Types ¶
type CertificateAuthority ¶
type CertificateAuthority struct {
// RawCert is an optional field to determine if signing cert/key pairs have changed
RawCert []byte
// RawKey is an optional field to determine if signing cert/key pairs have changed
RawKey []byte
Certificate *x509.Certificate
PrivateKey crypto.Signer
Backdate time.Duration
Now func() time.Time
}
CertificateAuthority implements a certificate authority that supports policy based signing. It's used by the signing controller.
func (*CertificateAuthority) Sign ¶
func (ca *CertificateAuthority) Sign(crDER []byte, policy SigningPolicy) ([]byte, error)
Sign signs a certificate request, applying a SigningPolicy and returns a DER encoded x509 certificate.
type HealthChecker ¶
type HealthChecker interface {
Check() error
}
func ExampleHealthCheckerFromIssuerAndSecretData ¶
func ExampleHealthCheckerFromIssuerAndSecretData(*scepissuerapi.SCEPIssuerSpec, map[string][]byte) (HealthChecker, error)
type HealthCheckerBuilder ¶
type HealthCheckerBuilder func(*scepissuerapi.SCEPIssuerSpec, map[string][]byte) (HealthChecker, error)
type PermissiveSigningPolicy ¶
type PermissiveSigningPolicy struct {
// TTL is the certificate TTL. It's used to calculate the NotAfter value of
// the certificate.
TTL time.Duration
// Usages are the allowed usages of a certificate.
Usages []capi.KeyUsage
}
PermissiveSigningPolicy is the signing policy historically used by the local signer.
- It forwards all SANs from the original signing request.
- It sets allowed usages as configured in the policy.
- It sets NotAfter based on the TTL configured in the policy.
- It zeros all extensions.
- It sets BasicConstraints to true.
- It sets IsCA to false.
type Signer ¶
type Signer interface {
Sign([]byte) ([]byte, error)
SignWithPrivateKey([]byte, *rsa.PrivateKey) ([]byte, error)
}
func ExampleSignerFromIssuerAndSecretData ¶
func ExampleSignerFromIssuerAndSecretData(*scepissuerapi.SCEPIssuerSpec, map[string][]byte) (Signer, error)
func ScepSignerFromIssuerAndSecretData ¶
func ScepSignerFromIssuerAndSecretData(issuerSpec *scepissuerapi.SCEPIssuerSpec, data map[string][]byte) (Signer, error)
type SignerBuilder ¶
type SignerBuilder func(*scepissuerapi.SCEPIssuerSpec, map[string][]byte) (Signer, error)
type SigningPolicy ¶
type SigningPolicy interface {
// contains filtered or unexported methods
}
SigningPolicy validates a CertificateRequest before it's signed by the CertificateAuthority. It may default or otherwise mutate a certificate template.
Source Files
Click to show internal directories.
Click to hide internal directories.