pki

package
v0.27.4 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Sep 13, 2024 License: Apache-2.0 Imports: 38 Imported by: 4

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func GetConfigPath 

func GetConfigPath() string

GetConfigPath returns the directory where the configuration files are stored based on the $(step path).

func GetDBPath 

func GetDBPath() string

GetDBPath returns the path where the file-system persistence is stored based on the $(step path).

func GetOTTKeyPath 

func GetOTTKeyPath() string

GetOTTKeyPath returns the path where the one-time token key is stored based on the $(step path).

func GetProfileConfigPath added in v0.18.0 

func GetProfileConfigPath() string

GetProfileConfigPath returns the directory where the profile configuration files are stored based on the $(step path).

func GetProvisionerKey 

func GetProvisionerKey(caURL, rootFile, kid string) (string, error)

GetProvisionerKey returns the encrypted provisioner key with the for the given kid.

func GetProvisioners 

func GetProvisioners(caURL, rootFile string) (provisioner.List, error)

GetProvisioners returns the map of provisioners on the given CA.

func GetPublicPath 

func GetPublicPath() string

GetPublicPath returns the directory where the public keys are stored based on the $(step path).

func GetRootCAPath 

func GetRootCAPath() string

GetRootCAPath returns the path where the root CA is stored based on the $(step path).

func GetSecretsPath 

func GetSecretsPath() string

GetSecretsPath returns the directory where the private keys are stored based on the $(step path).

func GetTemplatesPath added in v0.14.0 

func GetTemplatesPath() string

GetTemplatesPath returns the path where the templates are stored.

Types

type ConfigOption added in v0.17.0 

type ConfigOption func(c *authconfig.Config) error

ConfigOption is the type for modifiers over the auth config object.

type DeploymentType added in v0.17.0 

type DeploymentType int

DeploymentType defines witch type of deployment a user is initializing 

const (
	// StandaloneDeployment is a deployment where all the components like keys,
	// provisioners, admins, certificates and others are managed by the user.
	StandaloneDeployment DeploymentType = iota
	// LinkedDeployment is a deployment where the keys are managed by the user,
	// but provisioners, admins and the record of certificates are managed in
	// the cloud.
	LinkedDeployment
	// HostedDeployment is a deployment where all the components are managed in
	// the cloud by smallstep.com/certificate-manager.
	HostedDeployment
)

func (DeploymentType) String added in v0.17.0 

func (d DeploymentType) String() string

String returns the string version of the deployment type.

type Option 

type Option func(p *PKI)

Option is the type of a configuration option on the pki constructor.

func WithACME added in v0.17.0 

func WithACME() Option

WithACME enables acme provisioner in step-ca.

func WithAddress added in v0.17.0 

func WithAddress(s string) Option

WithAddress sets the listen address of step-ca.

func WithAdmin added in v0.17.0 

func WithAdmin() Option

WithAdmin enables the admin api in step-ca.

func WithCaURL added in v0.17.0 

func WithCaURL(s string) Option

WithCaURL sets the default ca-url of step-ca.

func WithDNSNames added in v0.17.0 

func WithDNSNames(s []string) Option

WithDNSNames sets the SANs of step-ca.

func WithDeploymentType added in v0.17.0 

func WithDeploymentType(dt DeploymentType) Option

WithDeploymentType defines the deployment type of step-ca.

func WithHelm added in v0.17.0 

func WithHelm() Option

WithHelm configures the pki to create a helm values.yaml.

func WithKMS added in v0.17.5 

func WithKMS(name string) Option

WithKMS enables the kms with the given name.

func WithKeyURIs added in v0.17.5 

func WithKeyURIs(rootKey, intermediateKey, hostKey, userKey string) Option

WithKeyURIs defines the key uris for X.509 and SSH keys.

func WithNoDB added in v0.17.0 

func WithNoDB() Option

WithNoDB disables the db in step-ca.

func WithPKIOnly added in v0.17.0 

func WithPKIOnly() Option

WithPKIOnly will only generate the PKI without the step-ca config files.

func WithProvisioner added in v0.17.0 

func WithProvisioner(s string) Option

WithProvisioner defines the name of the default provisioner.

func WithSSH added in v0.17.0 

func WithSSH() Option

WithSSH enables ssh in step-ca.

func WithSuperAdminSubject added in v0.23.0 

func WithSuperAdminSubject(s string) Option

WithSuperAdminSubject defines the subject of the first super admin for use with the Admin API. The admin will belong to the first JWK provisioner.

type PKI 

type PKI struct {
	linkedca.Configuration
	Defaults linkedca.Defaults
	// contains filtered or unexported fields
}

PKI represents the Public Key Infrastructure used by a certificate authority.

func New 

func New(o apiv1.Options, opts ...Option) (*PKI, error)

New creates a new PKI configuration.

func (*PKI) CreateCertificateAuthorityResponse added in v0.15.6 

func (p *PKI) CreateCertificateAuthorityResponse(cert *x509.Certificate, key crypto.PrivateKey) *apiv1.CreateCertificateAuthorityResponse

CreateCertificateAuthorityResponse returns a CreateCertificateAuthorityResponse that can be used as a parent of a CreateCertificateAuthority request.

func (*PKI) GenerateConfig 

func (p *PKI) GenerateConfig(opt ...ConfigOption) (*authconfig.Config, error)

GenerateConfig returns the step certificates configuration.

func (*PKI) GenerateIntermediateCertificate 

func (p *PKI) GenerateIntermediateCertificate(name, org, resource string, parent *apiv1.CreateCertificateAuthorityResponse, pass []byte) error

GenerateIntermediateCertificate generates an intermediate certificate with the given name and using the default key type.

func (*PKI) GenerateKeyPairs 

func (p *PKI) GenerateKeyPairs(pass []byte) error

GenerateKeyPairs generates the key pairs used by the certificate authority.

func (*PKI) GenerateRootCertificate 

func (p *PKI) GenerateRootCertificate(name, org, resource string, pass []byte) (*apiv1.CreateCertificateAuthorityResponse, error)

GenerateRootCertificate generates a root certificate with the given name and using the default key type.

func (*PKI) GenerateSSHSigningKeys 

func (p *PKI) GenerateSSHSigningKeys(password []byte) error

GenerateSSHSigningKeys generates and encrypts a private key used for signing SSH user certificates and a private key used for signing host certificates.

func (*PKI) GetCAConfigPath 

func (p *PKI) GetCAConfigPath() string

GetCAConfigPath returns the path of the CA configuration file.

func (*PKI) GetCertificateAuthority added in v0.15.5 

func (p *PKI) GetCertificateAuthority() error

GetCertificateAuthority attempts to load the certificate authority from the RA.

func (*PKI) GetRootFingerprint 

func (p *PKI) GetRootFingerprint() string

GetRootFingerprint returns the root fingerprint.

func (*PKI) Save 

func (p *PKI) Save(opt ...ConfigOption) error

Save stores the pki on a json file that will be used as the certificate authority configuration.

func (*PKI) WriteFiles added in v0.17.0 

func (p *PKI) WriteFiles() error

WriteFiles writes on disk the previously generated files.

func (*PKI) WriteHelmTemplate added in v0.17.0 

func (p *PKI) WriteHelmTemplate(w io.Writer) error

WriteHelmTemplate a helm template to configure the smallstep/step-certificates helm chart.

func (*PKI) WriteRootCertificate 

func (p *PKI) WriteRootCertificate(rootCrt *x509.Certificate, rootKey interface{}, pass []byte) error

WriteRootCertificate writes to the buffer the given certificate and key if given.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.