Documentation ¶
Index ¶
- func GetConfigPath() string
- func GetDBPath() string
- func GetOTTKeyPath() string
- func GetProvisionerKey(caURL, rootFile, kid string) (string, error)
- func GetProvisioners(caURL, rootFile string) (provisioner.List, error)
- func GetPublicPath() string
- func GetRootCAPath() string
- func GetSecretsPath() string
- func GetTemplatesPath() string
- type Option
- type PKI
- func (p *PKI) CreateCertificateAuthorityResponse(cert *x509.Certificate, key crypto.PrivateKey) *apiv1.CreateCertificateAuthorityResponse
- func (p *PKI) GenerateConfig(opt ...Option) (*authconfig.Config, error)
- func (p *PKI) GenerateIntermediateCertificate(name, org, resource string, parent *apiv1.CreateCertificateAuthorityResponse, ...) error
- func (p *PKI) GenerateKeyPairs(pass []byte) error
- func (p *PKI) GenerateRootCertificate(name, org, resource string, pass []byte) (*apiv1.CreateCertificateAuthorityResponse, error)
- func (p *PKI) GenerateSSHSigningKeys(password []byte) error
- func (p *PKI) GetCAConfigPath() string
- func (p *PKI) GetCertificateAuthority() error
- func (p *PKI) GetRootFingerprint() string
- func (p *PKI) Save(opt ...Option) error
- func (p *PKI) SetAddress(s string)
- func (p *PKI) SetCAURL(s string)
- func (p *PKI) SetDNSNames(s []string)
- func (p *PKI) SetProvisioner(s string)
- func (p *PKI) TellPKI()
- func (p *PKI) WriteIntermediateCertificate(crt *x509.Certificate, key interface{}, pass []byte) error
- func (p *PKI) WriteRootCertificate(rootCrt *x509.Certificate, rootKey interface{}, pass []byte) error
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func GetConfigPath ¶
func GetConfigPath() string
GetConfigPath returns the directory where the configuration files are stored based on the STEPPATH environment variable.
func GetDBPath ¶
func GetDBPath() string
GetDBPath returns the path where the file-system persistence is stored based on the STEPPATH environment variable.
func GetOTTKeyPath ¶
func GetOTTKeyPath() string
GetOTTKeyPath returns the path where the one-time token key is stored based on the STEPPATH environment variable.
func GetProvisionerKey ¶
GetProvisionerKey returns the encrypted provisioner key with the for the given kid.
func GetProvisioners ¶
func GetProvisioners(caURL, rootFile string) (provisioner.List, error)
GetProvisioners returns the map of provisioners on the given CA.
func GetPublicPath ¶
func GetPublicPath() string
GetPublicPath returns the directory where the public keys are stored based on the STEPPATH environment variable.
func GetRootCAPath ¶
func GetRootCAPath() string
GetRootCAPath returns the path where the root CA is stored based on the STEPPATH environment variable.
func GetSecretsPath ¶
func GetSecretsPath() string
GetSecretsPath returns the directory where the private keys are stored based on the STEPPATH environment variable.
func GetTemplatesPath ¶ added in v0.14.0
func GetTemplatesPath() string
GetTemplatesPath returns the path where the templates are stored.
Types ¶
type Option ¶
type Option func(c *authconfig.Config) error
Option is the type for modifiers over the auth config object.
func WithDefaultDB ¶
func WithDefaultDB() Option
WithDefaultDB is a configuration modifier that adds a default DB stanza to the authority config.
type PKI ¶
type PKI struct {
// contains filtered or unexported fields
}
PKI represents the Public Key Infrastructure used by a certificate authority.
func (*PKI) CreateCertificateAuthorityResponse ¶ added in v0.15.6
func (p *PKI) CreateCertificateAuthorityResponse(cert *x509.Certificate, key crypto.PrivateKey) *apiv1.CreateCertificateAuthorityResponse
CreateCertificateAuthorityResponse returns a CreateCertificateAuthorityResponse that can be used as a parent of a CreateCertificateAuthority request.
func (*PKI) GenerateConfig ¶
func (p *PKI) GenerateConfig(opt ...Option) (*authconfig.Config, error)
GenerateConfig returns the step certificates configuration.
func (*PKI) GenerateIntermediateCertificate ¶
func (p *PKI) GenerateIntermediateCertificate(name, org, resource string, parent *apiv1.CreateCertificateAuthorityResponse, pass []byte) error
GenerateIntermediateCertificate generates an intermediate certificate with the given name and using the default key type.
func (*PKI) GenerateKeyPairs ¶
GenerateKeyPairs generates the key pairs used by the certificate authority.
func (*PKI) GenerateRootCertificate ¶
func (p *PKI) GenerateRootCertificate(name, org, resource string, pass []byte) (*apiv1.CreateCertificateAuthorityResponse, error)
GenerateRootCertificate generates a root certificate with the given name and using the default key type.
func (*PKI) GenerateSSHSigningKeys ¶
GenerateSSHSigningKeys generates and encrypts a private key used for signing SSH user certificates and a private key used for signing host certificates.
func (*PKI) GetCAConfigPath ¶
GetCAConfigPath returns the path of the CA configuration file.
func (*PKI) GetCertificateAuthority ¶ added in v0.15.5
GetCertificateAuthority attempts to load the certificate authority from the RA.
func (*PKI) GetRootFingerprint ¶
GetRootFingerprint returns the root fingerprint.
func (*PKI) Save ¶
Save stores the pki on a json file that will be used as the certificate authority configuration.
func (*PKI) SetAddress ¶
SetAddress sets the listening address of the CA.
func (*PKI) SetDNSNames ¶
SetDNSNames sets the dns names of the CA.
func (*PKI) SetProvisioner ¶
SetProvisioner sets the provisioner name of the OTT keys.
func (*PKI) TellPKI ¶
func (p *PKI) TellPKI()
TellPKI outputs the locations of public and private keys generated generated for a new PKI. Generally this will consist of a root certificate and key and an intermediate certificate and key.
func (*PKI) WriteIntermediateCertificate ¶ added in v0.15.2
func (p *PKI) WriteIntermediateCertificate(crt *x509.Certificate, key interface{}, pass []byte) error
WriteIntermediateCertificate writes to disk the given certificate and key.
func (*PKI) WriteRootCertificate ¶
func (p *PKI) WriteRootCertificate(rootCrt *x509.Certificate, rootKey interface{}, pass []byte) error
WriteRootCertificate writes to disk the given certificate and key.