server

package

v0.0.0-...-a91455d Latest Latest Go to latest Published: Apr 3, 2019 License: Apache-2.0 Imports: 50 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/rkcloudchain/rksync-ca

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
func GetAttrExtension(ca *CA, attrReqs []*api.AttributeRequest, id, profile string) (*signer.Extension, error)
func LoadPEMCertPool(certFiles []string) (*x509.CertPool, error)
func ReadBody(r *http.Request, body interface{}) error
func ReadBodyBytes(r *http.Request) ([]byte, error)
func TryReadBody(r *http.Request, body interface{}) (bool, error)
type Accessor
- func NewDBAccessor(db *dbutil.DB) *Accessor
type CA
type CertDBAccessor
- func NewCertDBAccessor(db *dbutil.DB) *CertDBAccessor
type CertRecord
type Server

Constants ¶

View Source

const (

	// CAChainParentFirstEnvVar is the name of the environment variable that needs to be set
	// for server to return CA chain in parent-first order
	CAChainParentFirstEnvVar = "CA_CHAIN_PARENT_FIRST"
)

Variables ¶

This section is empty.

Functions ¶

func GetAttrExtension ¶

func GetAttrExtension(ca *CA, attrReqs []*api.AttributeRequest, id, profile string) (*signer.Extension, error)

GetAttrExtension returns an attribute extension to place into a signing request

func LoadPEMCertPool ¶

func LoadPEMCertPool(certFiles []string) (*x509.CertPool, error)

LoadPEMCertPool loads a pool of PEM certificate from list of files

func ReadBody ¶

func ReadBody(r *http.Request, body interface{}) error

ReadBody reads the request body and JSON unmarshals into 'body'

func ReadBodyBytes ¶

func ReadBodyBytes(r *http.Request) ([]byte, error)

ReadBodyBytes reads the request body and returns bytes

func TryReadBody ¶

func TryReadBody(r *http.Request, body interface{}) (bool, error)

TryReadBody reads the request body into 'body' if not empty

Types ¶

type Accessor ¶

type Accessor struct {
	// contains filtered or unexported fields
}

Accessor implements db.Accessor interface

func NewDBAccessor ¶

func NewDBAccessor(db *dbutil.DB) *Accessor

NewDBAccessor si a constructor for the database API

func (*Accessor) DeleteUser ¶

func (d *Accessor) DeleteUser(id string) (registry.User, error)

DeleteUser deletes user from database

func (*Accessor) GetUser ¶

func (d *Accessor) GetUser(id string, attrs []string) (registry.User, error)

GetUser gets user from database

func (*Accessor) InsertUser ¶

func (d *Accessor) InsertUser(user *registry.UserInfo) error

InsertUser inserts user into database

func (*Accessor) SetDB ¶

func (d *Accessor) SetDB(db *dbutil.DB)

SetDB changes the underlying sql.DB object Accessor is manipulating.

func (*Accessor) UpdateUser ¶

func (d *Accessor) UpdateUser(user *registry.UserInfo, updatePass bool) error

UpdateUser updates user in database

type CA ¶

type CA struct {
	// The home directory for the CA
	HomeDir string
	// The CA's configuration
	Config *config.CAConfig
	// contains filtered or unexported fields
}

CA represents a certificate authority which signs, issues and revokes certificates

type CertDBAccessor ¶

type CertDBAccessor struct {
	// contains filtered or unexported fields
}

CertDBAccessor implements certdb.Accessor interface

func NewCertDBAccessor ¶

func NewCertDBAccessor(db *dbutil.DB) *CertDBAccessor

NewCertDBAccessor returns a new Accessor

func (*CertDBAccessor) GetCertificate ¶

func (d *CertDBAccessor) GetCertificate(serial, aki string) (crs []certdb.CertificateRecord, err error)

GetCertificate gets a CertificateRecord indexed by serial.

func (*CertDBAccessor) GetCertificateWithID ¶

func (d *CertDBAccessor) GetCertificateWithID(serial, aki string) (crs CertRecord, err error)

GetCertificateWithID gets a CertRecord indexed by serial

func (*CertDBAccessor) GetCertificatesByID ¶

func (d *CertDBAccessor) GetCertificatesByID(id string) (crs []CertRecord, err error)

GetCertificatesByID gets a CertRecord indexed by id

func (*CertDBAccessor) GetOCSP ¶

func (d *CertDBAccessor) GetOCSP(serial, aki string) (ors []certdb.OCSPRecord, err error)

GetOCSP retrieves a certdb.OCSPRecord from db by serial.

func (*CertDBAccessor) GetRevokedAndUnexpiredCertificates ¶

func (d *CertDBAccessor) GetRevokedAndUnexpiredCertificates() ([]certdb.CertificateRecord, error)

GetRevokedAndUnexpiredCertificates returns revoked and unexpired certificates

func (*CertDBAccessor) GetRevokedAndUnexpiredCertificatesByLabel ¶

func (d *CertDBAccessor) GetRevokedAndUnexpiredCertificatesByLabel(label string) ([]certdb.CertificateRecord, error)

GetRevokedAndUnexpiredCertificatesByLabel returns revoked and unexpired certificates matching the label

func (*CertDBAccessor) GetRevokedCertificates ¶

func (d *CertDBAccessor) GetRevokedCertificates(expiredAfter, expiredBefore, revokedAfter, revokedBefore time.Time) ([]certdb.CertificateRecord, error)

GetRevokedCertificates returns revoked certificates

func (*CertDBAccessor) GetUnexpiredCertificates ¶

func (d *CertDBAccessor) GetUnexpiredCertificates() (crs []certdb.CertificateRecord, err error)

GetUnexpiredCertificates gets all unexpired certificate from db.

func (*CertDBAccessor) GetUnexpiredOCSPs ¶

func (d *CertDBAccessor) GetUnexpiredOCSPs() (ors []certdb.OCSPRecord, err error)

GetUnexpiredOCSPs retrieves all unexpired certdb.OCSPRecord from db.

func (*CertDBAccessor) InsertCertificate ¶

func (d *CertDBAccessor) InsertCertificate(cr certdb.CertificateRecord) error

InsertCertificate puts a CertificateRecord into db.

func (*CertDBAccessor) InsertOCSP ¶

func (d *CertDBAccessor) InsertOCSP(rr certdb.OCSPRecord) error

InsertOCSP puts a new certdb.OCSPRecord into the db.

func (*CertDBAccessor) RevokeCertificate ¶

func (d *CertDBAccessor) RevokeCertificate(serial, aki string, reasonCode int) error

RevokeCertificate updates a certificate with a given serial number and marks it revoked.

func (*CertDBAccessor) RevokeCertificatesByID ¶

func (d *CertDBAccessor) RevokeCertificatesByID(id string, reasonCode int) (crs []CertRecord, err error)

RevokeCertificatesByID updates all certificates for a given ID and marks them revoked

func (*CertDBAccessor) UpdateOCSP ¶

func (d *CertDBAccessor) UpdateOCSP(serial, aki, body string, expiry time.Time) error

UpdateOCSP updates a ocsp response record with a given serial number.

func (*CertDBAccessor) UpsertOCSP ¶

func (d *CertDBAccessor) UpsertOCSP(serial, aki, body string, expiry time.Time) error

UpsertOCSP update a ocsp response record with a given serial number, or insert the record if it doesn't yet exist in the db

type CertRecord ¶

type CertRecord struct {
	ID string `db:"id"`
	certdb.CertificateRecord
}

CertRecord extends CFSSL CertificateRecord by adding an enrollment ID to the record

type Server ¶

type Server struct {
	// The home directory for the server
	HomeDir string
	// BlockingStart if true makes the Start function blocking
	BlockingStart bool
	// The server's configuration
	Config *config.ServerConfig

	// Server's default CA
	CA
	// contains filtered or unexported fields
}

Server is the rksync-ca server

func (*Server) GetCA ¶

func (s *Server) GetCA() *CA

GetCA returns the CA instance

func (*Server) Init ¶

func (s *Server) Init(renew bool) (err error)

Init initializes a rksync-ca server

func (*Server) Start ¶

func (s *Server) Start() (err error)

Start the rksync-ca server

func (*Server) Stop ¶

func (s *Server) Stop() error

Stop the server

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL