Documentation
¶
Index ¶
- Constants
- func CreateCertificateAuthorityExtension(typ Type, certificateID string, keyValuePairs ...string) (pkix.Extension, error)
- func FindCertificateAuthorityExtension(cert *x509.Certificate) (pkix.Extension, bool)
- func Register(t Type, fn CertificateAuthorityServiceNewFunc)
- func RemoveCertificateAuthorityExtension(cert *x509.Certificate)
- type CertificateAuthorityExtension
- type CertificateAuthorityGetter
- type CertificateAuthorityService
- type CertificateAuthorityServiceNewFunc
- type CreateCertificateRequest
- type CreateCertificateResponse
- type GetCertificateAuthorityRequest
- type GetCertificateAuthorityResponse
- type Options
- type RenewCertificateRequest
- type RenewCertificateResponse
- type RevokeCertificateRequest
- type RevokeCertificateResponse
- type Type
Constants ¶
const ( // DefaultCAS is a CertificateAuthorityService using software. DefaultCAS = "" // SoftCAS is a CertificateAuthorityService using software. SoftCAS = "softcas" // CloudCAS is a CertificateAuthorityService using Google Cloud CAS. CloudCAS = "cloudcas" )
Variables ¶
This section is empty.
Functions ¶
func CreateCertificateAuthorityExtension ¶
func CreateCertificateAuthorityExtension(typ Type, certificateID string, keyValuePairs ...string) (pkix.Extension, error)
CreateCertificateAuthorityExtension returns a X.509 extension that shows the CAS type, id and a list of optional key value pairs.
func FindCertificateAuthorityExtension ¶
func FindCertificateAuthorityExtension(cert *x509.Certificate) (pkix.Extension, bool)
FindCertificateAuthorityExtension returns the certificate authority extension from a signed certificate.
func Register ¶
func Register(t Type, fn CertificateAuthorityServiceNewFunc)
Register adds to the registry a method to create a KeyManager of type t.
func RemoveCertificateAuthorityExtension ¶
func RemoveCertificateAuthorityExtension(cert *x509.Certificate)
RemoveCertificateAuthorityExtension removes the certificate authority extension from a certificate template.
Types ¶
type CertificateAuthorityExtension ¶
type CertificateAuthorityExtension struct {
Type string
CertificateID string `asn1:"optional,omitempty"`
KeyValuePairs []string `asn1:"optional,omitempty"`
}
CertificateAuthorityExtension type is used to encode the certificate authority extension.
type CertificateAuthorityGetter ¶
type CertificateAuthorityGetter interface {
GetCertificateAuthority(req *GetCertificateAuthorityRequest) (*GetCertificateAuthorityResponse, error)
}
CertificateAuthorityGetter is an interface implemented by a CertificateAuthorityService that has a method to get the root certificate.
type CertificateAuthorityService ¶
type CertificateAuthorityService interface {
CreateCertificate(req *CreateCertificateRequest) (*CreateCertificateResponse, error)
RenewCertificate(req *RenewCertificateRequest) (*RenewCertificateResponse, error)
RevokeCertificate(req *RevokeCertificateRequest) (*RevokeCertificateResponse, error)
}
CertificateAuthorityService is the interface implemented to support external certificate authorities.
type CertificateAuthorityServiceNewFunc ¶
type CertificateAuthorityServiceNewFunc func(ctx context.Context, opts Options) (CertificateAuthorityService, error)
CertificateAuthorityServiceNewFunc is the type that represents the method to initialize a new CertificateAuthorityService.
func LoadCertificateAuthorityServiceNewFunc ¶
func LoadCertificateAuthorityServiceNewFunc(t Type) (CertificateAuthorityServiceNewFunc, bool)
LoadCertificateAuthorityServiceNewFunc returns the function initialize a KayManager.
type CreateCertificateRequest ¶
type CreateCertificateRequest struct {
Template *x509.Certificate
Lifetime time.Duration
Backdate time.Duration
RequestID string
}
CreateCertificateRequest is the request used to sign a new certificate.
type CreateCertificateResponse ¶
type CreateCertificateResponse struct {
Certificate *x509.Certificate
CertificateChain []*x509.Certificate
}
CreateCertificateResponse is the response to a create certificate request.
type GetCertificateAuthorityRequest ¶
type GetCertificateAuthorityRequest struct {
Name string
}
GetCertificateAuthorityRequest is the request used to get the root certificate from a CAS.
type GetCertificateAuthorityResponse ¶
type GetCertificateAuthorityResponse struct {
RootCertificate *x509.Certificate
}
GetCertificateAuthorityResponse is the response that contains the root certificate.
type Options ¶
type Options struct {
// The type of the CAS to use.
Type string `json:"type"`
// Path to the credentials file used in CloudCAS
CredentialsFile string `json:"credentialsFile"`
// CertificateAuthority reference. In CloudCAS the format is
// `projects/*/locations/*/certificateAuthorities/*`.
CertificateAuthority string `json:"certificateAuthority"`
// Issuer and signer are the issuer certificate and signer used in SoftCAS.
// They are configured in ca.json crt and key properties.
Issuer *x509.Certificate `json:"-"`
Signer crypto.Signer `json:"-"`
}
Options represents the configuration options used to select and configure the CertificateAuthorityService (CAS) to use.
type RenewCertificateRequest ¶
type RenewCertificateRequest struct {
Template *x509.Certificate
Lifetime time.Duration
Backdate time.Duration
RequestID string
}
RenewCertificateRequest is the request used to re-sign a certificate.
type RenewCertificateResponse ¶
type RenewCertificateResponse struct {
Certificate *x509.Certificate
CertificateChain []*x509.Certificate
}
RenewCertificateResponse is the response to a renew certificate request.
type RevokeCertificateRequest ¶
type RevokeCertificateRequest struct {
Certificate *x509.Certificate
Reason string
ReasonCode int
RequestID string
}
RevokeCertificateRequest is the request used to revoke a certificate.
type RevokeCertificateResponse ¶
type RevokeCertificateResponse struct {
Certificate *x509.Certificate
CertificateChain []*x509.Certificate
}
RevokeCertificateResponse is the response to a revoke certificate request.
Source Files