Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Server ¶
type Server struct {
// contains filtered or unexported fields
}
Server implements IstioCAService and IstioCertificateService and provides the services on the specified port.
func New ¶
func New(ca ca.CertificateAuthority, ttl time.Duration, forCA bool, hostlist []string, port int, trustDomain string) (*Server, error)
New creates a new instance of `IstioCAServiceServer`.
func (*Server) CreateCertificate ¶
func (s *Server) CreateCertificate(ctx context.Context, request *pb.IstioCertificateRequest) ( *pb.IstioCertificateResponse, error)
CreateCertificate handles an incoming certificate signing request (CSR). It does authentication and authorization. Upon validated, signs a certificate that: the SAN is the identity of the caller in authentication result. the subject public key is the public key in the CSR. the validity duration is the ValidityDuration in request, or default value if the given duration is invalid. it is signed by the CA signing key.
func (*Server) HandleCSR ¶
func (s *Server) HandleCSR(ctx context.Context, request *pb.CsrRequest) (*pb.CsrResponse, error)
HandleCSR handles an incoming certificate signing request (CSR). It does proper validation (e.g. authentication) and upon validated, signs the CSR and returns the resulting certificate. If not approved, reason for refusal to sign is returned as part of the response object. [TODO](myidpt): Deprecate this function.
Source Files
Directories