authority

package
v0.9.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Mar 26, 2019 License: Apache-2.0 Imports: 20 Imported by: 38

Documentation

Index

Constants

This section is empty.

Variables

View Source
var (
	// DefaultTLSOptions represents the default TLS version as well as the cipher
	// suites used in the TLS certificates.
	DefaultTLSOptions = tlsutil.TLSOptions{
		CipherSuites: x509util.CipherSuites{
			"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305",
			"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
			"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
		},
		MinVersion:    1.2,
		MaxVersion:    1.2,
		Renegotiation: false,
	}
)

Functions

This section is empty.

Types

type AuthConfig

type AuthConfig struct {
	Provisioners         provisioner.List    `json:"provisioners"`
	Template             *x509util.ASN1DN    `json:"template,omitempty"`
	Claims               *provisioner.Claims `json:"claims,omitempty"`
	DisableIssuedAtCheck bool                `json:"disableIssuedAtCheck,omitempty"`
}

AuthConfig represents the configuration options for the authority.

func (*AuthConfig) Validate

func (c *AuthConfig) Validate(audiences []string) error

Validate validates the authority configuration.

type Authority

type Authority struct {
	// contains filtered or unexported fields
}

Authority implements the Certificate Authority internal interface.

func New

func New(config *Config) (*Authority, error)

New creates and initiates a new Authority type.

func (*Authority) Authorize

func (a *Authority) Authorize(ott string) ([]provisioner.SignOption, error)

Authorize authorizes a signature request by validating and authenticating a OTT that must be sent w/ the request.

func (*Authority) GetEncryptedKey

func (a *Authority) GetEncryptedKey(kid string) (string, error)

GetEncryptedKey returns the JWE key corresponding to the given kid argument.

func (*Authority) GetFederation added in v0.8.3

func (a *Authority) GetFederation() (federation []*x509.Certificate, err error)

GetFederation returns all the root certificates in the federation. This method implements the Authority interface.

func (*Authority) GetProvisioners

func (a *Authority) GetProvisioners(cursor string, limit int) (provisioner.List, string, error)

GetProvisioners returns a map listing each provisioner and the JWK Key Set with their public keys.

func (*Authority) GetRootCertificate

func (a *Authority) GetRootCertificate() *x509.Certificate

GetRootCertificate returns the server root certificate.

func (*Authority) GetRootCertificates added in v0.8.3

func (a *Authority) GetRootCertificates() []*x509.Certificate

GetRootCertificates returns the server root certificates.

In the Authority interface we also have a similar method, GetRoots, at the moment the functionality of these two methods are almost identical, but this method is intended to be used internally by CA HTTP server to load the roots that will be set in the tls.Config while GetRoots will be used by the Authority interface and might have extra checks in the future.

func (*Authority) GetRoots added in v0.8.3

func (a *Authority) GetRoots() ([]*x509.Certificate, error)

GetRoots returns all the root certificates for this CA. This method implements the Authority interface.

func (*Authority) GetTLSCertificate

func (a *Authority) GetTLSCertificate() (*tls.Certificate, error)

GetTLSCertificate creates a new leaf certificate to be used by the CA HTTPS server.

func (*Authority) GetTLSOptions

func (a *Authority) GetTLSOptions() *tlsutil.TLSOptions

GetTLSOptions returns the tls options configured.

func (*Authority) Renew

func (a *Authority) Renew(oldCert *x509.Certificate) (*x509.Certificate, *x509.Certificate, error)

Renew creates a new Certificate identical to the old certificate, except with a validity window that begins 'now'.

func (*Authority) Root

func (a *Authority) Root(sum string) (*x509.Certificate, error)

Root returns the certificate corresponding to the given SHA sum argument.

func (*Authority) Sign

Sign creates a signed certificate from a certificate signing request.

type Claims added in v0.8.4

type Claims struct {
	jose.Claims
	SANs  []string `json:"sans,omitempty"`
	Email string   `json:"email,omitempty"`
	Nonce string   `json:"nonce,omitempty"`
}

Claims extends jose.Claims with step attributes.

type Config

type Config struct {
	Root             multiString         `json:"root"`
	FederatedRoots   []string            `json:"federatedRoots"`
	IntermediateCert string              `json:"crt"`
	IntermediateKey  string              `json:"key"`
	Address          string              `json:"address"`
	DNSNames         []string            `json:"dnsNames"`
	Logger           json.RawMessage     `json:"logger,omitempty"`
	Monitoring       json.RawMessage     `json:"monitoring,omitempty"`
	AuthorityConfig  *AuthConfig         `json:"authority,omitempty"`
	TLS              *tlsutil.TLSOptions `json:"tls,omitempty"`
	Password         string              `json:"password,omitempty"`
}

Config represents the CA configuration and it's mapped to a JSON object.

func LoadConfiguration

func LoadConfiguration(filename string) (*Config, error)

LoadConfiguration parses the given filename in JSON format and returns the configuration struct.

func (*Config) Save

func (c *Config) Save(filename string) error

Save saves the configuration to the given filename.

func (*Config) Validate

func (c *Config) Validate() error

Validate validates the configuration.

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL