Documentation ¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type CACertLoader ¶
CACertLoader loads CA certificates from disk.
func (CACertLoader) CACerts ¶
func (l CACertLoader) CACerts(ctx context.Context) ([]*x509.Certificate, error)
CACerts returns a list of CA certificates from disk that are verifiable with an active TRC .
type CACertProvider ¶
type CACertProvider interface { // CACerts returns a list of CA certificates that are verifiable with an // active TRC. CACerts(ctx context.Context) ([]*x509.Certificate, error) }
CACertProvider provides verifiable CA certificates.
type CachingPolicyGen ¶
type CachingPolicyGen struct { PolicyGen PolicyGen Interval time.Duration // contains filtered or unexported fields }
CachingPolicyGen is a PolicyGen that can cache the previously generated CASigner for some time.
type CachingSignerGen ¶
type CachingSignerGen struct { SignerGen SignerGen Interval time.Duration // contains filtered or unexported fields }
CachingSignerGen is a SignerGen that can cache the previously generated Signer for some time.
type ChainBuilder ¶
type ChainBuilder struct {
PolicyGen PolicyGen
}
ChainBuilder creates a certificate chain with the generated policy.
func (ChainBuilder) CreateChain ¶
func (c ChainBuilder) CreateChain(ctx context.Context, csr *x509.CertificateRequest) ([]*x509.Certificate, error)
CreateChain creates a certificate chain with the latest available CA policy.
type ClientLoader ¶
ClientLoader loads client chains from the given directory into the DB.
func (ClientLoader) LoadClientChains ¶
func (l ClientLoader) LoadClientChains(ctx context.Context) error
LoadClientChains loads the client chains into the DB.
type CryptoLoader ¶
CryptoLoader loads chains from the given directory or the DB.
func (CryptoLoader) Chains ¶
func (l CryptoLoader) Chains(ctx context.Context, query trust.ChainQuery) ([][]*x509.Certificate, error)
Chains loads chains from disk, stores them to DB, and returns the result from DB. The fallback mode is always the result of the DB.
type LoadingPolicyGen ¶
type LoadingPolicyGen struct { Validity time.Duration KeyRing trust.KeyRing CertProvider CACertProvider }
LoadingPolicyGen generates a CAPolicy from the keys and certificates available on the file system.
type LoadingRing ¶
type LoadingRing struct {
Dir string
}
LoadingRing is a key ring that loads the private keys from the configured directory.
func (LoadingRing) PrivateKeys ¶
PrivateKeys loads all private keys that are in PKCS#8 format from the directory.
type RenewingSigner ¶
type RenewingSigner struct {
SignerGen SignerGen
}
RenewingSigner is a signer that automatically picks up new key/cert material.
func (RenewingSigner) Sign ¶
func (s RenewingSigner) Sign(ctx context.Context, msg []byte, associatedData ...[]byte) (*cryptopb.SignedMessage, error)
Sign signs the message with the latest available Signer.