authority

package
v0.9.2-rc.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 5, 2019 License: Apache-2.0 Imports: 20 Imported by: 38

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var (
	// DefaultTLSOptions represents the default TLS version as well as the cipher
	// suites used in the TLS certificates.
	DefaultTLSOptions = tlsutil.TLSOptions{
		CipherSuites: x509util.CipherSuites{
			"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305",
			"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
			"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
		},
		MinVersion:    1.2,
		MaxVersion:    1.2,
		Renegotiation: false,
	}
)

Functions

This section is empty.

Types

type AuthConfig 

type AuthConfig struct {
	Provisioners         provisioner.List    `json:"provisioners"`
	Template             *x509util.ASN1DN    `json:"template,omitempty"`
	Claims               *provisioner.Claims `json:"claims,omitempty"`
	DisableIssuedAtCheck bool                `json:"disableIssuedAtCheck,omitempty"`
}

AuthConfig represents the configuration options for the authority.

func (*AuthConfig) Validate 

func (c *AuthConfig) Validate(audiences []string) error

Validate validates the authority configuration.

type Authority 

type Authority struct {
	// contains filtered or unexported fields
}

Authority implements the Certificate Authority internal interface.

func New 

func New(config *Config) (*Authority, error)

New creates and initiates a new Authority type.

func (*Authority) Authorize 

func (a *Authority) Authorize(ott string) ([]provisioner.SignOption, error)

Authorize authorizes a signature request by validating and authenticating a OTT that must be sent w/ the request.

func (*Authority) GetEncryptedKey 

func (a *Authority) GetEncryptedKey(kid string) (string, error)

GetEncryptedKey returns the JWE key corresponding to the given kid argument.

func (*Authority) GetFederation added in v0.8.3 

func (a *Authority) GetFederation() (federation []*x509.Certificate, err error)

GetFederation returns all the root certificates in the federation. This method implements the Authority interface.

func (*Authority) GetProvisioners 

func (a *Authority) GetProvisioners(cursor string, limit int) (provisioner.List, string, error)

GetProvisioners returns a map listing each provisioner and the JWK Key Set with their public keys.

func (*Authority) GetRootCertificate 

func (a *Authority) GetRootCertificate() *x509.Certificate

GetRootCertificate returns the server root certificate.

func (*Authority) GetRootCertificates added in v0.8.3 

func (a *Authority) GetRootCertificates() []*x509.Certificate

GetRootCertificates returns the server root certificates.

In the Authority interface we also have a similar method, GetRoots, at the moment the functionality of these two methods are almost identical, but this method is intended to be used internally by CA HTTP server to load the roots that will be set in the tls.Config while GetRoots will be used by the Authority interface and might have extra checks in the future.

func (*Authority) GetRoots added in v0.8.3 

func (a *Authority) GetRoots() ([]*x509.Certificate, error)

GetRoots returns all the root certificates for this CA. This method implements the Authority interface.

func (*Authority) GetTLSCertificate 

func (a *Authority) GetTLSCertificate() (*tls.Certificate, error)

GetTLSCertificate creates a new leaf certificate to be used by the CA HTTPS server.

func (*Authority) GetTLSOptions 

func (a *Authority) GetTLSOptions() *tlsutil.TLSOptions

GetTLSOptions returns the tls options configured.

func (*Authority) Renew 

func (a *Authority) Renew(oldCert *x509.Certificate) (*x509.Certificate, *x509.Certificate, error)

Renew creates a new Certificate identical to the old certificate, except with a validity window that begins 'now'.

func (*Authority) Root 

func (a *Authority) Root(sum string) (*x509.Certificate, error)

Root returns the certificate corresponding to the given SHA sum argument.

func (*Authority) Sign 

func (a *Authority) Sign(csr *x509.CertificateRequest, signOpts provisioner.Options, extraOpts ...provisioner.SignOption) (*x509.Certificate, *x509.Certificate, error)

Sign creates a signed certificate from a certificate signing request.

type Claims added in v0.8.4 

type Claims struct {
	jose.Claims
	SANs  []string `json:"sans,omitempty"`
	Email string   `json:"email,omitempty"`
	Nonce string   `json:"nonce,omitempty"`
}

Claims extends jose.Claims with step attributes.

type Config 

type Config struct {
	Root             multiString         `json:"root"`
	FederatedRoots   []string            `json:"federatedRoots"`
	IntermediateCert string              `json:"crt"`
	IntermediateKey  string              `json:"key"`
	Address          string              `json:"address"`
	DNSNames         []string            `json:"dnsNames"`
	Logger           json.RawMessage     `json:"logger,omitempty"`
	Monitoring       json.RawMessage     `json:"monitoring,omitempty"`
	AuthorityConfig  *AuthConfig         `json:"authority,omitempty"`
	TLS              *tlsutil.TLSOptions `json:"tls,omitempty"`
	Password         string              `json:"password,omitempty"`
}

Config represents the CA configuration and it's mapped to a JSON object.

func LoadConfiguration 

func LoadConfiguration(filename string) (*Config, error)

LoadConfiguration parses the given filename in JSON format and returns the configuration struct.

func (*Config) Save 

func (c *Config) Save(filename string) error

Save saves the configuration to the given filename.

func (*Config) Validate 

func (c *Config) Validate() error

Validate validates the configuration.

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.