trust

package
v0.9.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Oct 16, 2023 License: Apache-2.0 Imports: 17 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type CachingSignerGen

type CachingSignerGen struct {
	SignerGen SignerGen
	Interval  time.Duration
	// contains filtered or unexported fields
}

CachingSignerGen is a SignerGen that can cache the previously generated Signer for some time.

func (*CachingSignerGen) Generate

func (s *CachingSignerGen) Generate(ctx context.Context) (trust.Signer, error)

Generate generates a signer using the SignerGen or returns the cached signer. An error is only returned if the previous signer is empty, and no signer can be generated.

type CryptoLoader

type CryptoLoader struct {
	trust.DB
	// Dir is the directory where the AS certificates and private keys are
	// loaded from.
	Dir string
	// TRCDirs are optional directories from which TRCs are loaded.
	TRCDirs []string
}

CryptoLoader loads chains from the given directory or the DB.

func (CryptoLoader) Chains

func (l CryptoLoader) Chains(ctx context.Context,
	query trust.ChainQuery) ([][]*x509.Certificate, error)

Chains loads chains from disk, stores them to DB, and returns the result from DB. The fallback mode is always the result of the DB.

func (CryptoLoader) SignedTRC

func (l CryptoLoader) SignedTRC(ctx context.Context, id cppki.TRCID) (cppki.SignedTRC, error)

type LoadingRing

type LoadingRing struct {
	Dir string
}

LoadingRing is a key ring that loads the private keys from the configured directory.

func (LoadingRing) PrivateKeys

func (r LoadingRing) PrivateKeys(ctx context.Context) ([]crypto.Signer, error)

PrivateKeys loads all private keys that are in PKCS#8 format from the directory.

type RenewingSigner

type RenewingSigner struct {
	SignerGen SignerGen
}

RenewingSigner is a signer that automatically picks up new key/cert material.

func (RenewingSigner) Sign

func (s RenewingSigner) Sign(
	ctx context.Context,
	msg []byte,
	associatedData ...[]byte,
) (*cryptopb.SignedMessage, error)

Sign signs the message with the latest available Signer.

func (RenewingSigner) SignCMS

func (s RenewingSigner) SignCMS(ctx context.Context, msg []byte) ([]byte, error)

SignCMS signs the message with the latest available Signer.

type SignerGen

type SignerGen interface {
	Generate(ctx context.Context) (trust.Signer, error)
}

SignerGen generates signers.

type TLSCertificateLoader added in v0.9.0

type TLSCertificateLoader struct {
	SignerGen SignerGen
}

TLSCertificateLoader is a wrapper for a SignerGen, converting the trust.Signer to an equivalent tls.Certificate.

func (TLSCertificateLoader) Get added in v0.9.0

Get returns the certificate representing the Signer generated by the SignerGen.

func (TLSCertificateLoader) GetCertificate added in v0.9.0

func (l TLSCertificateLoader) GetCertificate(
	hello *tls.ClientHelloInfo,
) (*tls.Certificate, error)

GetCertificate returns the certificate representing the Signer generated by the SignerGen. This function can be bound to tls.Config.GetCertificate.

func (TLSCertificateLoader) GetClientCertificate added in v0.9.0

func (l TLSCertificateLoader) GetClientCertificate(
	reqInfo *tls.CertificateRequestInfo,
) (*tls.Certificate, error)

GetClientCertificate returns the certificate representing the Signer generated by the SignerGen. This function can be bound to tls.Config.GetClientCertificate.

Directories

Path Synopsis
Package mock_trust is a generated GoMock package.
Package mock_trust is a generated GoMock package.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL