pki

Documentation

Index

• Constants
• type CaSink
• type CertData
  • func (certData *CertData) AsContainer() string
  • func (cert *CertData) HasCaData() bool
  • func (cert *CertData) HasCertificate() bool
  • func (cert *CertData) HasPrivateKey() bool
• type CrlSink
• type CsrSink
• type IssueOutcome
• type IssueSink
• type Pki
• type PkiCli
  • func NewPki(pki Pki, strategy issue_strategies.IssueStrategy) (*PkiCli, error)
  • func (p *PkiCli) Issue(format IssueSink, opts *conf.Config) (IssueOutcome, error)
  • func (p *PkiCli) ReadAcme(format IssueSink, opts *conf.Config) (bool, error)
  • func (p *PkiCli) Revoke(serial string) error
  • func (p *PkiCli) Sign(sink CsrSink, opts *conf.Config) error
  • func (p *PkiCli) Tidy() error
• type Signature
  • func (cert *Signature) HasCaData() bool
• type StorageImplementation

Constants

const (
	Issued    = 0
	NotNeeded = 1
	Error     = 2
)

Types

type CaSink

type CaSink interface {
	WriteCa(certData []byte) error
}

type CertData

type CertData struct {
	PrivateKey  []byte
	Certificate []byte
	CaData      []byte
	Csr         []byte
}

func (*CertData) AsContainer

func (certData *CertData) AsContainer() string

func (*CertData) HasCaData

func (cert *CertData) HasCaData() bool

func (*CertData) HasCertificate

func (cert *CertData) HasCertificate() bool

func (*CertData) HasPrivateKey

func (cert *CertData) HasPrivateKey() bool

type CrlSink

type CrlSink interface {
	WriteCrl(crlData []byte) error
}

type CsrSink

type CsrSink interface {
	ReadCsr() ([]byte, error)
	WriteSignature(cert *Signature) error
}

type IssueOutcome

type IssueOutcome int

type IssueSink

type IssueSink interface {
	WriteCert(cert *CertData) error
	ReadCert() (*x509.Certificate, error)
}

IssueSink defines pluggable sink to write certificate data to.

type Pki

type Pki interface {
	// Issue issues a new certificate from the PKI
	Issue(opts *conf.Config) (*CertData, error)

	// Sign signs a CSR
	Sign(csr string, opts *conf.Config) (*Signature, error)

	// Revoke revokes a certificate by its serial number
	Revoke(serial string) error

	ReadAcme(commonName string, config *conf.Config) (*CertData, error)

	// Tidy cleans up the PKI blob storage of dangling certificates
	Tidy() error

	// Cleanup cleans up the used resources of the client is not related to PKI operations
	Cleanup() error
}

type PkiCli

type PkiCli struct {
	// contains filtered or unexported fields
}

func NewPki

func NewPki(pki Pki, strategy issue_strategies.IssueStrategy) (*PkiCli, error)

func (*PkiCli) Issue

func (p *PkiCli) Issue(format IssueSink, opts *conf.Config) (IssueOutcome, error)

func (*PkiCli) ReadAcme

func (p *PkiCli) ReadAcme(format IssueSink, opts *conf.Config) (bool, error)

func (*PkiCli) Revoke

func (p *PkiCli) Revoke(serial string) error

func (*PkiCli) Sign

func (p *PkiCli) Sign(sink CsrSink, opts *conf.Config) error

func (*PkiCli) Tidy

func (p *PkiCli) Tidy() error

type Signature

type Signature struct {
	Certificate []byte
	CaData      []byte
	Serial      string
}

func (*Signature) HasCaData

func (cert *Signature) HasCaData() bool

type StorageImplementation

type StorageImplementation interface {
	Read() ([]byte, error)
	CanRead() error
	Write([]byte) error
	CanWrite() error
}

StorageImplementation is a simple wrapper around a key artifact (cert, key, ca, crl, csr). This enables decoupling from the actual resource (file-based, kubernetes, network, ..) and make it interchangeable.