Documentation
¶
Index ¶
- type CaStorage
- type CrlStorage
- type CsrStorage
- type IssueStorage
- type PkiClient
- type PkiService
- func (p *PkiService) Issue(ctx context.Context, format IssueStorage, args pkg.IssueArgs) (pkg.IssueResult, error)
- func (p *PkiService) ReadAcme(ctx context.Context, format IssueStorage, commonName string) (pkg.IssueResult, error)
- func (p *PkiService) Revoke(ctx context.Context, serial string) error
- func (p *PkiService) Sign(ctx context.Context, sink CsrStorage, args pkg.SignatureArgs) error
- func (p *PkiService) Tidy(ctx context.Context) error
- func (p *PkiService) Verify(cert *x509.Certificate) error
- type RenewStrategy
- type StorageImplementation
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type CrlStorage ¶
type CsrStorage ¶
type IssueStorage ¶
type IssueStorage interface {
WriteCert(cert *pkg.CertData) error
ReadCert() (*x509.Certificate, error)
}
IssueStorage defines pluggable sink to write certificate data to.
type PkiClient ¶
type PkiClient interface {
// Issue issues a new certificate from the PKI
Issue(ctx context.Context, args pkg.IssueArgs) (*pkg.CertData, error)
// Sign signs a CSR
Sign(ctx context.Context, csr string, args pkg.SignatureArgs) (*pkg.Signature, error)
// Revoke revokes a certificate by its serial number
Revoke(ctx context.Context, serial string) error
// ReadAcme reads a previously acquired letsencrypt certificate from Vault
ReadAcme(ctx context.Context, commonName string) (*pkg.CertData, error)
// Tidy cleans up the PKI blob storage of dangling certificates
Tidy(ctx context.Context) error
// FetchCa returns the CA for the configured mount
FetchCa(binary bool) ([]byte, error)
// FetchCaChain returns the whole CA chain for the configured mount
FetchCaChain() ([]byte, error)
// FetchCrl returns the CRL of the configured mount
FetchCrl(binary bool) ([]byte, error)
}
type PkiService ¶
type PkiService struct {
// contains filtered or unexported fields
}
func NewPkiService ¶
func NewPkiService(pki PkiClient, strategy RenewStrategy) (*PkiService, error)
func (*PkiService) Issue ¶
func (p *PkiService) Issue(ctx context.Context, format IssueStorage, args pkg.IssueArgs) (pkg.IssueResult, error)
func (*PkiService) ReadAcme ¶
func (p *PkiService) ReadAcme(ctx context.Context, format IssueStorage, commonName string) (pkg.IssueResult, error)
func (*PkiService) Sign ¶
func (p *PkiService) Sign(ctx context.Context, sink CsrStorage, args pkg.SignatureArgs) error
func (*PkiService) Verify ¶
func (p *PkiService) Verify(cert *x509.Certificate) error
type RenewStrategy ¶
type RenewStrategy interface {
Renew(cert *x509.Certificate) (bool, error)
}
type StorageImplementation ¶
type StorageImplementation interface {
Read() ([]byte, error)
CanRead() error
Write([]byte) error
CanWrite() error
}
StorageImplementation is a simple wrapper around a key artifact (cert, key, ca, crl, csr). This enables decoupling from the actual resource (file-based, kubernetes, network, ..) and make it interchangeable.
Source Files
Click to show internal directories.
Click to hide internal directories.