ca

package
v1.3.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: May 1, 2023 License: Apache-2.0 Imports: 10 Imported by: 3

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func MakeX509 added in v0.5.1

func MakeX509(ctx context.Context, principal identity.Principal, publicKey crypto.PublicKey) (*x509.Certificate, error)

func VerifyCertChain added in v0.5.1

func VerifyCertChain(certs []*x509.Certificate, signer crypto.Signer) error

Types

type CertificateAuthority

type CertificateAuthority interface {
	CreateCertificate(context.Context, identity.Principal, crypto.PublicKey) (*CodeSigningCertificate, error)
	TrustBundle(ctx context.Context) ([][]*x509.Certificate, error)
	Close() error
}

CertificateAuthority implements certificate creation with a detached SCT and fetching the CA trust bundle.

type CodeSigningCertificate

type CodeSigningCertificate struct {
	FinalCertificate *x509.Certificate
	FinalChain       []*x509.Certificate
	// contains filtered or unexported fields
}

func CreateCSCFromDER

func CreateCSCFromDER(cert []byte, chain []*x509.Certificate) (*CodeSigningCertificate, error)

func CreateCSCFromPEM

func CreateCSCFromPEM(cert string, chain []string) (*CodeSigningCertificate, error)

func (*CodeSigningCertificate) CertPEM

func (c *CodeSigningCertificate) CertPEM() (string, error)

func (*CodeSigningCertificate) ChainPEM

func (c *CodeSigningCertificate) ChainPEM() ([]string, error)

type CodeSigningPreCertificate

type CodeSigningPreCertificate struct {
	// PreCert contains the precertificate. Not a valid certificate due to a critical poison extension.
	PreCert *x509.Certificate
	// CertChain contains the certificate chain to verify the precertificate.
	CertChain []*x509.Certificate
	// PrivateKey contains the signing key used to sign the precertificate. Will be used to sign the certificate.
	// Included in case the signing key is rotated in between precertificate generation and final issuance.
	PrivateKey crypto.Signer
}

CodeSigningPreCertificate holds a precertificate and chain.

type EmbeddedSCTCA

type EmbeddedSCTCA interface {
	CreatePrecertificate(context.Context, identity.Principal, crypto.PublicKey) (*CodeSigningPreCertificate, error)
	IssueFinalCertificate(ctx context.Context, precert *CodeSigningPreCertificate, sct *ct.SignedCertificateTimestamp) (*CodeSigningCertificate, error)
}

EmbeddedSCTCA implements precertificate and certificate issuance. Certificates will contain an embedded SCT.

type SignerCerts added in v0.5.1

type SignerCerts struct {
	// Signer signs issued certificates
	Signer crypto.Signer
	// Certs contains the chain of certificates from intermediate to root
	Certs []*x509.Certificate
}

SignerCerts holds a certificate chain and signer.

func (*SignerCerts) GetSignerWithChain added in v0.5.1

func (s *SignerCerts) GetSignerWithChain() ([]*x509.Certificate, crypto.Signer)

type SignerCertsMutex added in v0.5.1

type SignerCertsMutex struct {
	sync.RWMutex

	// Certs contains the chain of certificates from intermediate to root
	Certs []*x509.Certificate
	// Signer signs issued certificates
	Signer crypto.Signer
}

SignerCertsMutex holds a certificate chain and signer, and holds a reader lock when accessing the chain and signer. Use if a separate thread can concurrently update the chain and signer.

func (*SignerCertsMutex) GetSignerWithChain added in v0.5.1

func (s *SignerCertsMutex) GetSignerWithChain() ([]*x509.Certificate, crypto.Signer)

type SignerWithChain added in v0.5.1

type SignerWithChain interface {
	GetSignerWithChain() ([]*x509.Certificate, crypto.Signer)
}

SignerWithChain provides a getter for a CA's certificate chain and signing key.

type ValidationError

type ValidationError error

ValidationError indicates that there is an issue with the content in the HTTP Request that should result in an HTTP 400 Bad Request error being returned to the client

Directories

Path Synopsis
googleca
v1

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL