tresor

package
v1.0.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jan 25, 2022 License: Apache-2.0 Imports: 18 Imported by: 0

README

Tresor Certificate Provider

The Tresor package is a minimal certificate issuance facility, which leverages Go's crypto libraries to generate a CA, and issue certificates for Envoy-to-xDS communication as well as Envoy-to-Envoy (east-west) between services.

Documentation

Overview

Package tresor implements the certificate.Manager interface for Tresor, a custom certificate provider in OSM.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func NewCA

func NewCA(cn certificate.CommonName, validityPeriod time.Duration, rootCertCountry, rootCertLocality, rootCertOrganization string) (certificate.Certificater, error)

NewCA creates a new Certificate Authority.

func NewCertificateFromPEM

func NewCertificateFromPEM(pemCert pem.Certificate, pemKey pem.PrivateKey, expiration time.Time) (certificate.Certificater, error)

NewCertificateFromPEM is a helper returning a certificate.Certificater from the PEM components given.

Types

type CertManager

type CertManager struct {
	// contains filtered or unexported fields
}

CertManager implements certificate.Manager

func NewCertManager

func NewCertManager(
	ca certificate.Certificater,
	certificatesOrganization string,
	cfg configurator.Configurator,
	serviceCertValidityDuration time.Duration,
	keySize int,
	msgBroker *messaging.Broker) (*CertManager, error)

NewCertManager creates a new CertManager with the passed CA and CA Private Key

func NewFakeCertManager

func NewFakeCertManager(cfg configurator.Configurator) *CertManager

NewFakeCertManager creates a fake CertManager used for testing.

func NewFakeCertManagerForRotation added in v0.11.1

func NewFakeCertManagerForRotation(cfg configurator.Configurator, msgBroker *messaging.Broker) *CertManager

NewFakeCertManagerForRotation creates a fake CertManager used for testing certificate rotation

func (*CertManager) GetCertificate

func (cm *CertManager) GetCertificate(cn certificate.CommonName) (certificate.Certificater, error)

GetCertificate returns a certificate given its Common Name (CN)

func (*CertManager) GetRootCertificate

func (cm *CertManager) GetRootCertificate() (certificate.Certificater, error)

GetRootCertificate returns the root certificate.

func (*CertManager) IssueCertificate

func (cm *CertManager) IssueCertificate(cn certificate.CommonName, validityPeriod time.Duration) (certificate.Certificater, error)

IssueCertificate implements certificate.Manager and returns a newly issued certificate.

func (*CertManager) ListCertificates added in v0.1.0

func (cm *CertManager) ListCertificates() ([]certificate.Certificater, error)

ListCertificates lists all certificates issued

func (*CertManager) ListIssuedCertificates

func (cm *CertManager) ListIssuedCertificates() []certificate.Certificater

ListIssuedCertificates implements CertificateDebugger interface and returns the list of issued certificates.

func (*CertManager) ReleaseCertificate added in v0.6.0

func (cm *CertManager) ReleaseCertificate(cn certificate.CommonName)

ReleaseCertificate is called when a cert will no longer be needed and should be removed from the system.

func (*CertManager) RotateCertificate

func (cm *CertManager) RotateCertificate(cn certificate.CommonName) (certificate.Certificater, error)

RotateCertificate implements certificate.Manager and rotates an existing certificate.

type Certificate

type Certificate struct {
	// contains filtered or unexported fields
}

Certificate implements certificate.Certificater

func NewFakeCertificate added in v0.4.1

func NewFakeCertificate() *Certificate

NewFakeCertificate is a helper creating Certificates for unit tests.

func (Certificate) GetCertificateChain

func (c Certificate) GetCertificateChain() []byte

GetCertificateChain implements certificate.Certificater and returns the certificate chain.

func (Certificate) GetCommonName

func (c Certificate) GetCommonName() certificate.CommonName

GetCommonName implements certificate.Certificater and returns the CN of the cert.

func (Certificate) GetExpiration

func (c Certificate) GetExpiration() time.Time

GetExpiration implements certificate.Certificater and returns the time the given certificate expires.

func (Certificate) GetIssuingCA

func (c Certificate) GetIssuingCA() []byte

GetIssuingCA implements certificate.Certificater and returns the root certificate for the given cert.

func (Certificate) GetPrivateKey

func (c Certificate) GetPrivateKey() []byte

GetPrivateKey implements certificate.Certificater and returns the private key of the cert.

func (Certificate) GetSerialNumber added in v0.6.0

func (c Certificate) GetSerialNumber() certificate.SerialNumber

GetSerialNumber returns the serial number of the given certificate.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL