Documentation
¶
Index ¶
- Variables
- func CertExpirationDate(cfg *arc_config.Config) (*time.Time, error)
- func CertExpiresIn(notAfter *time.Time) int64
- func CheckAndRenewCert(cfg *arc_config.Config, renewURI string, renewThreshold int64, ...) (int64, error)
- func CreateSignReqCert(commonName, organization, organizationalUnit string, privKey interface{}) (csreq []byte, err error)
- func CreateSignReqCertAndPrivKey(commonName, organization, organizationalUnit string) (csreq, key []byte, err error)
- func CreateTestToken(db *sql.DB, subject string) string
- func CreateToken(db *sql.DB, authorization *auth.Authorization, payload TokenRequest) (string, error)
- func GetTestToken(db *sql.DB, token string) (string, error)
- func PruneCertificates(db *sql.DB) (int64, error)
- func PruneTokens(db *sql.DB) (int64, error)
- func RenewCert(cfg *arc_config.Config, renewURI string, httpClientInsecureSkipVerify bool) error
- func SaveCertificate(certPEMBlock []byte, cfg *arc_config.Config) error
- func SendCertificateRequest(client *http.Client, endpoint string, cfg *arc_config.Config) ([]byte, error)
- func SetupSigner(caCertFile, caKeyFile, configFile string) (err error)
- func Sign(csr []byte, subject signer.Subject, profile string) ([]byte, error)
- func SignToken(db *sql.DB, token string, csr []byte) (*[]byte, string, error)
- type SignForbidden
- type Subject
- type TokenRequest
Constants ¶
This section is empty.
Variables ¶
View Source
var ( TLS_CERTIFICATE_MISSING = "TLS client authentication required for certificate renewal." TLS_CRT_SUBJECT_MISSING = "TLS client authentication requires certificat with CommonName, OrganizationalUnit and Organization." TLS_CRT_REQUEST_INVALID = "Certificate request invalid. " )
View Source
var ( RENEW_CFG_PRIVKEY_MISSING = "configuration is nil or TLS client private key not found." RENEW_TLS_CERTIFICATE_MISSING = "no TLS Certificate found to check expiration date." RENEW_CFG_CERT_PATH_MISSING = "configuration is nil or client cert path is missing." )
View Source
var ErrorInvalidCommonName = errors.New("invalid Common Name provided")
Functions ¶
func CertExpirationDate ¶
func CertExpirationDate(cfg *arc_config.Config) (*time.Time, error)
CertExpirationDate return the notAfter attribute of the cert
func CertExpiresIn ¶
CertExpiresIn returns expiration time in hours (int64)
func CheckAndRenewCert ¶
func CheckAndRenewCert(cfg *arc_config.Config, renewURI string, renewThreshold int64, httpClientInsecureSkipVerify bool) (int64, error)
CheckAndRenewCert check with the threshold and renew the cert int64 --> hours left to the expiration date. If int64 > 0 means that hoursLeft > threshold and there is no need to renew the cert error --> something wrong happend
func CreateSignReqCert ¶
func CreateSignReqCert(commonName, organization, organizationalUnit string, privKey interface{}) (csreq []byte, err error)
CreateSignReqCert Creates a signing request cert PEM Block from a private key
func CreateSignReqCertAndPrivKey ¶
func CreateSignReqCertAndPrivKey(commonName, organization, organizationalUnit string) (csreq, key []byte, err error)
CreateSignReqCertAndPrivKey Creates a signing request cert and private key SignatureAlgorithm is x509.ECDSAWithSHA256
func CreateTestToken ¶
CreateTestToken save a test token in the db
func CreateToken ¶
func CreateToken(db *sql.DB, authorization *auth.Authorization, payload TokenRequest) (string, error)
CreateToken return a new sign token
func GetTestToken ¶
GetTestToken get a saved token
func RenewCert ¶
func RenewCert(cfg *arc_config.Config, renewURI string, httpClientInsecureSkipVerify bool) error
RenewCert renew the cert
func SaveCertificate ¶
func SaveCertificate(certPEMBlock []byte, cfg *arc_config.Config) error
func SendCertificateRequest ¶
func SetupSigner ¶
SetupSigner initializes the Signer
Types ¶
type SignForbidden ¶
type SignForbidden struct {
Msg string
}
SignForbidden should be used to return a 403
func (SignForbidden) Error ¶
func (e SignForbidden) Error() string
type TokenRequest ¶
Source Files
Click to show internal directories.
Click to hide internal directories.