identity

package

v0.14.0-rc.7 Latest Latest Go to latest Published: Mar 4, 2020 License: Apache-2.0 Imports: 18 Imported by: 1

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/smallstep/certificates

Documentation ¶

Index ¶

Constants
Variables
func WriteDefaultIdentity(certChain []api.Certificate, key crypto.PrivateKey) error
func WriteIdentityCertificate(certChain []api.Certificate) error
type Client
- func LoadClient() (*Client, error)
- func (c *Client) ResolveReference(ref *url.URL) *url.URL
type Identity
- func LoadDefaultIdentity() (*Identity, error)
type Renewer
type Type

Constants ¶

View Source

const DefaultLeeway = 1 * time.Minute

DefaultLeeway is the duration for matching not before claims.

Variables ¶

View Source

var DefaultsFile = filepath.Join(config.StepPath(), "config", "defaults.json")

DefaultsFile contains the location of the defaults file.

View Source

var IdentityFile = filepath.Join(config.StepPath(), "config", "identity.json")

IdentityFile contains the location of the identity file.

Functions ¶

func WriteDefaultIdentity ¶

func WriteDefaultIdentity(certChain []api.Certificate, key crypto.PrivateKey) error

WriteDefaultIdentity writes the given certificates and key and the identity.json pointing to the new files.

func WriteIdentityCertificate ¶

func WriteIdentityCertificate(certChain []api.Certificate) error

WriteIdentityCertificate writes the identity certificate in disk.

Types ¶

type Client ¶

type Client struct {
	CaURL *url.URL
	*http.Client
}

Client wraps http.Client with a transport using the step root and identity.

func LoadClient ¶

func LoadClient() (*Client, error)

LoadClient configures an http.Client with the root in $STEPPATH/config/defaults.json and the identity defined in $STEPPATH/config/identity.json

func (*Client) ResolveReference ¶

func (c *Client) ResolveReference(ref *url.URL) *url.URL

ResolveReference resolves the given reference from the CaURL.

type Identity ¶

type Identity struct {
	Type        string `json:"type"`
	Certificate string `json:"crt"`
	Key         string `json:"key"`
}

Identity represents the identity file that can be used to authenticate with the CA.

func LoadDefaultIdentity ¶

func LoadDefaultIdentity() (*Identity, error)

LoadDefaultIdentity loads the default identity.

func (*Identity) GetClientCertificateFunc ¶

func (i *Identity) GetClientCertificateFunc() func(*tls.CertificateRequestInfo) (*tls.Certificate, error)

GetClientCertificateFunc returns a method that can be used as the GetClientCertificate property in a tls.Config.

func (*Identity) Kind ¶

func (i *Identity) Kind() Type

Kind returns the type for the given identity.

func (*Identity) Renew ¶

func (i *Identity) Renew(client Renewer) error

Renew renews the current identity certificate using a client with a renew method.

func (*Identity) TLSCertificate ¶

func (i *Identity) TLSCertificate() (tls.Certificate, error)

TLSCertificate returns a tls.Certificate for the identity.

func (*Identity) Validate ¶

func (i *Identity) Validate() error

Validate validates the identity object.

type Renewer ¶

type Renewer interface {
	GetRootCAs() *x509.CertPool
	Renew(tr http.RoundTripper) (*api.SignResponse, error)
}

Renewer is that interface that a renew client must implement.

type Type ¶

type Type string

Type represents the different types of identity files.

const Disabled Type = ""

Disabled represents a disabled identity type

const MutualTLS Type = "mTLS"

MutualTLS represents the identity using mTLS

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL