pki

package
v0.28.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Oct 29, 2024 License: Apache-2.0 Imports: 38 Imported by: 4

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func GetConfigPath

func GetConfigPath() string

GetConfigPath returns the directory where the configuration files are stored based on the $(step path).

func GetDBPath

func GetDBPath() string

GetDBPath returns the path where the file-system persistence is stored based on the $(step path).

func GetOTTKeyPath

func GetOTTKeyPath() string

GetOTTKeyPath returns the path where the one-time token key is stored based on the $(step path).

func GetProfileConfigPath added in v0.18.0

func GetProfileConfigPath() string

GetProfileConfigPath returns the directory where the profile configuration files are stored based on the $(step path).

func GetProvisionerKey

func GetProvisionerKey(caURL, rootFile, kid string) (string, error)

GetProvisionerKey returns the encrypted provisioner key with the for the given kid.

func GetProvisioners

func GetProvisioners(caURL, rootFile string) (provisioner.List, error)

GetProvisioners returns the map of provisioners on the given CA.

func GetPublicPath

func GetPublicPath() string

GetPublicPath returns the directory where the public keys are stored based on the $(step path).

func GetRootCAPath

func GetRootCAPath() string

GetRootCAPath returns the path where the root CA is stored based on the $(step path).

func GetSecretsPath

func GetSecretsPath() string

GetSecretsPath returns the directory where the private keys are stored based on the $(step path).

func GetTemplatesPath added in v0.14.0

func GetTemplatesPath() string

GetTemplatesPath returns the path where the templates are stored.

Types

type ConfigOption added in v0.17.0

type ConfigOption func(c *authconfig.Config) error

ConfigOption is the type for modifiers over the auth config object.

type DeploymentType added in v0.17.0

type DeploymentType int

DeploymentType defines witch type of deployment a user is initializing

const (
	// StandaloneDeployment is a deployment where all the components like keys,
	// provisioners, admins, certificates and others are managed by the user.
	StandaloneDeployment DeploymentType = iota
	// LinkedDeployment is a deployment where the keys are managed by the user,
	// but provisioners, admins and the record of certificates are managed in
	// the cloud.
	LinkedDeployment
	// HostedDeployment is a deployment where all the components are managed in
	// the cloud by smallstep.com/certificate-manager.
	HostedDeployment
)

func (DeploymentType) String added in v0.17.0

func (d DeploymentType) String() string

String returns the string version of the deployment type.

type Option

type Option func(p *PKI)

Option is the type of a configuration option on the pki constructor.

func WithACME added in v0.17.0

func WithACME() Option

WithACME enables acme provisioner in step-ca.

func WithAddress added in v0.17.0

func WithAddress(s string) Option

WithAddress sets the listen address of step-ca.

func WithAdmin added in v0.17.0

func WithAdmin() Option

WithAdmin enables the admin api in step-ca.

func WithCaURL added in v0.17.0

func WithCaURL(s string) Option

WithCaURL sets the default ca-url of step-ca.

func WithDNSNames added in v0.17.0

func WithDNSNames(s []string) Option

WithDNSNames sets the SANs of step-ca.

func WithDeploymentType added in v0.17.0

func WithDeploymentType(dt DeploymentType) Option

WithDeploymentType defines the deployment type of step-ca.

func WithHelm added in v0.17.0

func WithHelm() Option

WithHelm configures the pki to create a helm values.yaml.

func WithKMS added in v0.17.5

func WithKMS(name string) Option

WithKMS enables the kms with the given name.

func WithKeyURIs added in v0.17.5

func WithKeyURIs(rootKey, intermediateKey, hostKey, userKey string) Option

WithKeyURIs defines the key uris for X.509 and SSH keys.

func WithNoDB added in v0.17.0

func WithNoDB() Option

WithNoDB disables the db in step-ca.

func WithPKIOnly added in v0.17.0

func WithPKIOnly() Option

WithPKIOnly will only generate the PKI without the step-ca config files.

func WithProvisioner added in v0.17.0

func WithProvisioner(s string) Option

WithProvisioner defines the name of the default provisioner.

func WithSSH added in v0.17.0

func WithSSH() Option

WithSSH enables ssh in step-ca.

func WithSuperAdminSubject added in v0.23.0

func WithSuperAdminSubject(s string) Option

WithSuperAdminSubject defines the subject of the first super admin for use with the Admin API. The admin will belong to the first JWK provisioner.

type PKI

type PKI struct {
	linkedca.Configuration
	Defaults linkedca.Defaults
	// contains filtered or unexported fields
}

PKI represents the Public Key Infrastructure used by a certificate authority.

func New

func New(o apiv1.Options, opts ...Option) (*PKI, error)

New creates a new PKI configuration.

func (*PKI) CreateCertificateAuthorityResponse added in v0.15.6

func (p *PKI) CreateCertificateAuthorityResponse(cert *x509.Certificate, key crypto.PrivateKey) *apiv1.CreateCertificateAuthorityResponse

CreateCertificateAuthorityResponse returns a CreateCertificateAuthorityResponse that can be used as a parent of a CreateCertificateAuthority request.

func (*PKI) GenerateConfig

func (p *PKI) GenerateConfig(opt ...ConfigOption) (*authconfig.Config, error)

GenerateConfig returns the step certificates configuration.

func (*PKI) GenerateIntermediateCertificate

func (p *PKI) GenerateIntermediateCertificate(name, org, resource string, parent *apiv1.CreateCertificateAuthorityResponse, pass []byte) error

GenerateIntermediateCertificate generates an intermediate certificate with the given name and using the default key type.

func (*PKI) GenerateKeyPairs

func (p *PKI) GenerateKeyPairs(pass []byte) error

GenerateKeyPairs generates the key pairs used by the certificate authority.

func (*PKI) GenerateRootCertificate

func (p *PKI) GenerateRootCertificate(name, org, resource string, pass []byte) (*apiv1.CreateCertificateAuthorityResponse, error)

GenerateRootCertificate generates a root certificate with the given name and using the default key type.

func (*PKI) GenerateSSHSigningKeys

func (p *PKI) GenerateSSHSigningKeys(password []byte) error

GenerateSSHSigningKeys generates and encrypts a private key used for signing SSH user certificates and a private key used for signing host certificates.

func (*PKI) GetCAConfigPath

func (p *PKI) GetCAConfigPath() string

GetCAConfigPath returns the path of the CA configuration file.

func (*PKI) GetCertificateAuthority added in v0.15.5

func (p *PKI) GetCertificateAuthority() error

GetCertificateAuthority attempts to load the certificate authority from the RA.

func (*PKI) GetRootFingerprint

func (p *PKI) GetRootFingerprint() string

GetRootFingerprint returns the root fingerprint.

func (*PKI) Save

func (p *PKI) Save(opt ...ConfigOption) error

Save stores the pki on a json file that will be used as the certificate authority configuration.

func (*PKI) WriteFiles added in v0.17.0

func (p *PKI) WriteFiles() error

WriteFiles writes on disk the previously generated files.

func (*PKI) WriteHelmTemplate added in v0.17.0

func (p *PKI) WriteHelmTemplate(w io.Writer) error

WriteHelmTemplate a helm template to configure the smallstep/step-certificates helm chart.

func (*PKI) WriteRootCertificate

func (p *PKI) WriteRootCertificate(rootCrt *x509.Certificate, rootKey interface{}, pass []byte) error

WriteRootCertificate writes to the buffer the given certificate and key if given.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL