Documentation
¶
Index ¶
- func MakeX509(ctx context.Context, principal identity.Principal, publicKey crypto.PublicKey) (*x509.Certificate, error)
- func VerifyCertChain(certs []*x509.Certificate, signer crypto.Signer) error
- type CertificateAuthority
- type CodeSigningCertificate
- type CodeSigningPreCertificate
- type EmbeddedSCTCA
- type SignerCerts
- type SignerCertsMutex
- type SignerWithChain
- type ValidationError
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func VerifyCertChain ¶ added in v0.5.1
func VerifyCertChain(certs []*x509.Certificate, signer crypto.Signer) error
Types ¶
type CertificateAuthority ¶
type CertificateAuthority interface {
CreateCertificate(context.Context, identity.Principal, crypto.PublicKey) (*CodeSigningCertificate, error)
TrustBundle(ctx context.Context) ([][]*x509.Certificate, error)
Close() error
}
CertificateAuthority implements certificate creation with a detached SCT and fetching the CA trust bundle.
type CodeSigningCertificate ¶
type CodeSigningCertificate struct {
FinalCertificate *x509.Certificate
FinalChain []*x509.Certificate
// contains filtered or unexported fields
}
func CreateCSCFromDER ¶
func CreateCSCFromDER(cert []byte, chain []*x509.Certificate) (*CodeSigningCertificate, error)
func CreateCSCFromPEM ¶
func CreateCSCFromPEM(cert string, chain []string) (*CodeSigningCertificate, error)
func (*CodeSigningCertificate) CertPEM ¶
func (c *CodeSigningCertificate) CertPEM() (string, error)
func (*CodeSigningCertificate) ChainPEM ¶
func (c *CodeSigningCertificate) ChainPEM() ([]string, error)
type CodeSigningPreCertificate ¶
type CodeSigningPreCertificate struct {
// PreCert contains the precertificate. Not a valid certificate due to a critical poison extension.
PreCert *x509.Certificate
// CertChain contains the certificate chain to verify the precertificate.
CertChain []*x509.Certificate
// PrivateKey contains the signing key used to sign the precertificate. Will be used to sign the certificate.
// Included in case the signing key is rotated in between precertificate generation and final issuance.
PrivateKey crypto.Signer
}
CodeSigningPreCertificate holds a precertificate and chain.
type EmbeddedSCTCA ¶
type EmbeddedSCTCA interface {
CreatePrecertificate(context.Context, identity.Principal, crypto.PublicKey) (*CodeSigningPreCertificate, error)
IssueFinalCertificate(ctx context.Context, precert *CodeSigningPreCertificate, sct *ct.SignedCertificateTimestamp) (*CodeSigningCertificate, error)
}
EmbeddedSCTCA implements precertificate and certificate issuance. Certificates will contain an embedded SCT.
type SignerCerts ¶ added in v0.5.1
type SignerCerts struct {
// Signer signs issued certificates
Signer crypto.Signer
// Certs contains the chain of certificates from intermediate to root
Certs []*x509.Certificate
}
SignerCerts holds a certificate chain and signer.
func (*SignerCerts) GetSignerWithChain ¶ added in v0.5.1
func (s *SignerCerts) GetSignerWithChain() ([]*x509.Certificate, crypto.Signer)
type SignerCertsMutex ¶ added in v0.5.1
type SignerCertsMutex struct {
sync.RWMutex
// Certs contains the chain of certificates from intermediate to root
Certs []*x509.Certificate
// Signer signs issued certificates
Signer crypto.Signer
}
SignerCertsMutex holds a certificate chain and signer, and holds a reader lock when accessing the chain and signer. Use if a separate thread can concurrently update the chain and signer.
func (*SignerCertsMutex) GetSignerWithChain ¶ added in v0.5.1
func (s *SignerCertsMutex) GetSignerWithChain() ([]*x509.Certificate, crypto.Signer)
type SignerWithChain ¶ added in v0.5.1
type SignerWithChain interface {
GetSignerWithChain() ([]*x509.Certificate, crypto.Signer)
}
SignerWithChain provides a getter for a CA's certificate chain and signing key.
type ValidationError ¶
type ValidationError error
ValidationError indicates that there is an issue with the content in the HTTP Request that should result in an HTTP 400 Bad Request error being returned to the client
Source Files
¶
Directories
Click to show internal directories.
Click to hide internal directories.