tresor

package
v0.4.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Oct 5, 2020 License: MIT Imports: 13 Imported by: 0

README

Tresor Certificate Provider

The Tresor package is a minimal certificate issuance facility, which leverages Go's crypto libraries to generate a CA, and issue certificates for Envoy-to-xDS communication as well as Envoy-to-Envoy (east-west) between services.

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func NewCA

func NewCA(cn certificate.CommonName, validityPeriod time.Duration, rootCertCountry, rootCertLocality, rootCertOrganization string) (certificate.Certificater, error)

NewCA creates a new Certificate Authority.

func NewCertificateFromPEM

func NewCertificateFromPEM(pemCert pem.Certificate, pemKey pem.PrivateKey, expiration time.Time) (certificate.Certificater, error)

NewCertificateFromPEM is a helper returning a certificate.Certificater from the PEM components given.

Types

type CertManager

type CertManager struct {
	// contains filtered or unexported fields
}

CertManager implements certificate.Manager

func NewCertManager

func NewCertManager(ca certificate.Certificater, validityPeriod time.Duration, certificatesOrganization string) (*CertManager, error)

NewCertManager creates a new CertManager with the passed CA and CA Private Key

func NewFakeCertManager

func NewFakeCertManager(cache *map[certificate.CommonName]certificate.Certificater, validityPeriod time.Duration) *CertManager

NewFakeCertManager creates a fake CertManager used for testing.

func (*CertManager) GetAnnouncementsChannel

func (cm *CertManager) GetAnnouncementsChannel() <-chan interface{}

GetAnnouncementsChannel implements certificate.Manager and returns the channel on which the certificate manager announces changes made to certificates.

func (*CertManager) GetCertificate

func (cm *CertManager) GetCertificate(cn certificate.CommonName) (certificate.Certificater, error)

GetCertificate returns a certificate given its Common Name (CN)

func (*CertManager) GetRootCertificate

func (cm *CertManager) GetRootCertificate() (certificate.Certificater, error)

GetRootCertificate returns the root certificate.

func (*CertManager) IssueCertificate

func (cm *CertManager) IssueCertificate(cn certificate.CommonName, validityPeriod *time.Duration) (certificate.Certificater, error)

IssueCertificate implements certificate.Manager and returns a newly issued certificate.

func (*CertManager) ListCertificates added in v0.1.0

func (cm *CertManager) ListCertificates() ([]certificate.Certificater, error)

ListCertificates lists all certificates issued

func (*CertManager) ListIssuedCertificates

func (cm *CertManager) ListIssuedCertificates() []certificate.Certificater

ListIssuedCertificates implements CertificateDebugger interface and returns the list of issued certificates.

func (*CertManager) RotateCertificate

func (cm *CertManager) RotateCertificate(cn certificate.CommonName) (certificate.Certificater, error)

RotateCertificate implements certificate.Manager and rotates an existing certificate.

type Certificate

type Certificate struct {
	// contains filtered or unexported fields
}

Certificate implements certificate.Certificater

func LoadCA

func LoadCA(certFilePEM string, keyFilePEM string) (*Certificate, error)

LoadCA loads the certificate and its key from the supplied PEM files.

func NewFakeCertificate added in v0.4.1

func NewFakeCertificate() *Certificate

NewFakeCertificate is a helper creating Certificates for unit tests.

func (Certificate) GetCertificateChain

func (c Certificate) GetCertificateChain() []byte

GetCertificateChain implements certificate.Certificater and returns the certificate chain.

func (Certificate) GetCommonName

func (c Certificate) GetCommonName() certificate.CommonName

GetCommonName implements certificate.Certificater and returns the CN of the cert.

func (Certificate) GetExpiration

func (c Certificate) GetExpiration() time.Time

GetExpiration implements certificate.Certificater and returns the time the given certificate expires.

func (Certificate) GetIssuingCA

func (c Certificate) GetIssuingCA() []byte

GetIssuingCA implements certificate.Certificater and returns the root certificate for the given cert.

func (Certificate) GetPrivateKey

func (c Certificate) GetPrivateKey() []byte

GetPrivateKey implements certificate.Certificater and returns the private key of the cert.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL