rsa_signingservice

package

v2.0.0-...-98cc131 Latest Latest Go to latest Published: Jul 26, 2023 License: Apache-2.0 Imports: 18 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

README ¶

Signing Service

The type rsa-signingservice forwards the signing to a signing server. The calculated digest is sent as signing request together with the used hash algorithm

The URL of the signing service is passed YAML document instead of a private key.

It must has the field url with the desired server address.

The required credentials are taken from the crednetials context using the consumer id Signingserver.gardener.cloud. If uses a hostpath matcher using the identity attrutes scheme, hostname, port and pathprefix derived from the given server URL.

The expected credential properties are:

clientCert: the client certificate used as TLS certificate and to authenticate the caller.
privateKey: the private key for the client certificate.
caCerts: the CA used to validate the identity of the signining server.

Documentation ¶

Index ¶

Constants
type Handler
- func (h Handler) Algorithm() string
- func (h Handler) Sign(cctx credentials.Context, digest string, hash crypto.Hash, issuer string, ...) (signature *signing.Signature, err error)
type Key
- func PrivateKey(k interface{}) (*Key, error)
type SigningServerSigner
- func NewSigningClient(serverURL string) (*SigningServerSigner, error)
- func (signer *SigningServerSigner) Sign(cctx credentials.Context, signatureAlgo string, hashAlgo crypto.Hash, ...) (*signing.Signature, error)

Constants ¶

View Source

const (
	AcceptHeader = "Accept"

	// MediaTypePEM defines the media type for PEM formatted data.
	MediaTypePEM = "application/x-pem-file"
)

View Source

const (
	CONSUMER_TYPE = "Signingserver.gardener.cloud"

	ID_HOSTNAME   = hostpath.ID_HOSTNAME
	ID_PORT       = hostpath.ID_PORT
	ID_PATHPREFIX = hostpath.ID_PATHPREFIX
	ID_SCHEME     = hostpath.ID_SCHEME
	CLIENT_CERT   = "clientCert"
	PRIVATE_KEY   = "privateKey"
	CA_CERTS      = "caCerts"
)

View Source

const (
	Algorithm = rsa.Algorithm
	Name      = "rsa-signingservice"
)

Algorithm defines the type for the RSA PKCS #1 v1.5 signature algorithm.

View Source

const SignaturePEMBlockAlgorithmHeader = "Algorithm"

SignaturePEMBlockAlgorithmHeader defines the header in a signature pem block where the signature algorithm is defined.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type Handler ¶

type Handler struct{}

Handler is a signatures.Signer compatible struct to sign with RSASSA-PKCS1-V1_5. using a signature service.

func (Handler) Algorithm ¶

func (h Handler) Algorithm() string

func (Handler) Sign ¶

func (h Handler) Sign(cctx credentials.Context, digest string, hash crypto.Hash, issuer string, key interface{}) (signature *signing.Signature, err error)

type Key ¶

type Key struct {
	URL string `json:"url"`
}

func PrivateKey ¶

func PrivateKey(k interface{}) (*Key, error)

type SigningServerSigner ¶

type SigningServerSigner struct {
	ServerURL *url.URL
}

func NewSigningClient ¶

func NewSigningClient(serverURL string) (*SigningServerSigner, error)

func (*SigningServerSigner) Sign ¶

func (signer *SigningServerSigner) Sign(cctx credentials.Context, signatureAlgo string, hashAlgo crypto.Hash, digest string, issuer string, key interface{}) (*signing.Signature, error)

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL