pki

package
v1.13.2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Aug 2, 2023 License: GPL-3.0 Imports: 13 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	Issued    = 0
	NotNeeded = 1
	Error     = 2
)

Variables

View Source 
var ErrNoCertFound = errors.New("data not found")

Functions

This section is empty.

Types

type CaSink added in v1.8.0 

type CaSink interface {
	WriteCa(certData []byte) error
}

type CertData added in v1.5.0 

type CertData struct {
	PrivateKey  []byte
	Certificate []byte
	CaData      []byte
	Csr         []byte
}

func (*CertData) AsContainer added in v1.5.0 

func (certData *CertData) AsContainer() string

func (*CertData) HasCaData added in v1.8.0 

func (cert *CertData) HasCaData() bool

func (*CertData) HasCertificate added in v1.5.0 

func (cert *CertData) HasCertificate() bool

func (*CertData) HasPrivateKey added in v1.5.0 

func (cert *CertData) HasPrivateKey() bool

type CrlSink added in v1.8.0 

type CrlSink interface {
	WriteCrl(crlData []byte) error
}

type CsrSink added in v1.8.0 

type CsrSink interface {
	ReadCsr() ([]byte, error)
	WriteSignature(cert *Signature) error
}

type IssueOutcome 

type IssueOutcome int

type IssueSink added in v1.8.0 

type IssueSink interface {
	WriteCert(cert *CertData) error
	ReadCert() (*x509.Certificate, error)
}

IssueSink defines pluggable sink to write certificate data to.

type Pki 

type Pki interface {
	// Issue issues a new certificate from the PKI
	Issue(opts *conf.Config) (*CertData, error)

	// Sign signs a CSR
	Sign(csr string, opts *conf.Config) (*Signature, error)

	// Revoke revokes a certificate by its serial number
	Revoke(serial string) error

	// ReadAcme reads a previously acquired letsencrypt certificate from Vault
	ReadAcme(commonName string, config *conf.Config) (*CertData, error)

	// Tidy cleans up the PKI blob storage of dangling certificates
	Tidy() error

	// Cleanup cleans up the used resources of the client is not related to PKI operations
	Cleanup() error

	// FetchCa returns the CA for the configured mount
	FetchCa(binary bool) ([]byte, error)

	// FetchCaChain returns the whole CA chain for the configured mount
	FetchCaChain() ([]byte, error)

	// FetchCrl returns the CRL of the configured mount
	FetchCrl(binary bool) ([]byte, error)
}

type PkiCli 

type PkiCli struct {
	// contains filtered or unexported fields
}

func NewPki 

func NewPki(pki Pki, strategy issue_strategies.IssueStrategy) (*PkiCli, error)

func (*PkiCli) Issue 

func (p *PkiCli) Issue(format IssueSink, opts *conf.Config) (IssueOutcome, error)

func (*PkiCli) ReadAcme added in v1.9.0 

func (p *PkiCli) ReadAcme(format IssueSink, opts *conf.Config) (bool, error)

func (*PkiCli) Revoke 

func (p *PkiCli) Revoke(serial string) error

func (*PkiCli) Sign added in v1.4.0 

func (p *PkiCli) Sign(sink CsrSink, opts *conf.Config) error

func (*PkiCli) Tidy 

func (p *PkiCli) Tidy() error

func (*PkiCli) Verify added in v1.12.0 

func (p *PkiCli) Verify(cert *x509.Certificate) error

type Signature added in v1.4.0 

type Signature struct {
	Certificate []byte
	CaData      []byte
	Serial      string
}

func (*Signature) HasCaData added in v1.8.0 

func (cert *Signature) HasCaData() bool

type StorageImplementation added in v1.8.0 

type StorageImplementation interface {
	Read() ([]byte, error)
	CanRead() error
	Write([]byte) error
	CanWrite() error
}

StorageImplementation is a simple wrapper around a key artifact (cert, key, ca, crl, csr). This enables decoupling from the actual resource (file-based, kubernetes, network, ..) and make it interchangeable.

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.