signature

package
v1.9.2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 4, 2025 License: GPL-3.0 Imports: 11 Imported by: 1

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type CertInfo 

type CertInfo struct {
	Type        string
	Serial      uint64
	ValidAfter  time.Time
	ValidBefore time.Time
}

func ParseCertData 

func ParseCertData(pubKeyBytes []byte) (CertInfo, error)

func ReadCertFromDisk 

func ReadCertFromDisk(publicKeyFile string) (CertInfo, error)

func (*CertInfo) GetPercentage 

func (l *CertInfo) GetPercentage() float32

type CertType 

type CertType int
const (
	User CertType = 1 << iota
	Host CertType = 1 << iota
)

type IssueResult 

type IssueResult struct {
	ExistingCert *CertInfo
	IssuedCert   *CertInfo
	Status       IssueStatus
}

type IssueStatus 

type IssueStatus int
const (
	Issued  IssueStatus = iota
	Noop    IssueStatus = iota
	Unknown IssueStatus = iota
)

type IssueStrategy 

type IssueStrategy interface {
	NeedsIssuing(*CertInfo) bool
}

type KeyStorage 

type KeyStorage interface {
	Read() ([]byte, error)
	Write(string) error
}

KeyStorage is a simple wrapper around a key (which is just a byte stream itself). This way, we decouple the implementation (file-based, memory, network, ..) and make it easily swap- and testable.

type PercentageRenewStrategy 

type PercentageRenewStrategy struct {
	// contains filtered or unexported fields
}

func NewPercentageStrategy 

func NewPercentageStrategy(minPercentageLeft float32) (*PercentageRenewStrategy, error)

func (*PercentageRenewStrategy) NeedsIssuing 

func (s *PercentageRenewStrategy) NeedsIssuing(lifetime *CertInfo) bool

type SignatureClient 

type SignatureClient struct {
	// contains filtered or unexported fields
}

func NewVaultSigner 

func NewVaultSigner(client VaultClient, opts ...VaultOpts) (*SignatureClient, error)

func (*SignatureClient) ReadCaCert 

func (c *SignatureClient) ReadCaCert() (string, error)

func (*SignatureClient) SignHostKey 

func (c *SignatureClient) SignHostKey(req SignatureRequest) (string, error)

func (*SignatureClient) SignUserKey 

func (c *SignatureClient) SignUserKey(req SignatureRequest) (string, error)

type SignatureRequest 

type SignatureRequest struct {
	PublicKey  string `validation:"required"`
	Ttl        string `validation:"gt=600"`
	Principals []string
	Extensions map[string]string

	VaultRole string
}

type SignatureService 

type SignatureService struct {
	// contains filtered or unexported fields
}

func NewSignatureService 

func NewSignatureService(signer Signer, issueStrategy IssueStrategy) (*SignatureService, error)

func (*SignatureService) SignHostCert 

func (i *SignatureService) SignHostCert(req SignatureRequest, pubKey, signedKey KeyStorage) (*IssueResult, error)

func (*SignatureService) SignUserCert 

func (i *SignatureService) SignUserCert(signRequest SignatureRequest, pubKey, signedKey KeyStorage) (*IssueResult, error)

type Signer 

type Signer interface {
	SignUserKey(req SignatureRequest) (string, error)
	SignHostKey(req SignatureRequest) (string, error)
	ReadCaCert() (string, error)
}

type SimpleStrategy 

type SimpleStrategy struct {
	// contains filtered or unexported fields
}

func NewSimpleStrategy 

func NewSimpleStrategy(renew bool) *SimpleStrategy

func (*SimpleStrategy) NeedsIssuing 

func (s *SimpleStrategy) NeedsIssuing(lifetime *CertInfo) bool

type VaultClient 

type VaultClient interface {
	ReadRaw(path string) (*api.Response, error)
	Write(path string, data map[string]any) (*api.Secret, error)
}

type VaultOpts 

type VaultOpts func(client *SignatureClient) error

func WithSshMountPath 

func WithSshMountPath(path string) VaultOpts

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.