Documentation ¶
Index ¶
- type CertificateAuthorityImpl
- func (ca *CertificateAuthorityImpl) GenerateOCSP(xferObj core.OCSPSigningRequest) ([]byte, error)
- func (ca *CertificateAuthorityImpl) IssueCertificate(csr x509.CertificateRequest, regID int64) (core.Certificate, error)
- func (ca *CertificateAuthorityImpl) RevokeCertificate(serial string, reasonCode core.RevocationCode) (err error)
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type CertificateAuthorityImpl ¶
type CertificateAuthorityImpl struct { Signer signer.Signer OCSPSigner ocsp.Signer SA core.StorageAuthority PA core.PolicyAuthority Publisher core.Publisher Clk clock.Clock // TODO(jmhodges): should be private, like log Prefix int // Prepended to the serial number ValidityPeriod time.Duration NotAfter time.Time MaxNames int // contains filtered or unexported fields }
CertificateAuthorityImpl represents a CA that signs certificates, CRLs, and OCSP responses.
func NewCertificateAuthorityImpl ¶
func NewCertificateAuthorityImpl(config cmd.CAConfig, clk clock.Clock, issuerCert string) (*CertificateAuthorityImpl, error)
NewCertificateAuthorityImpl creates a CA that talks to a remote CFSSL instance. (To use a local signer, simply instantiate CertificateAuthorityImpl directly.) Communications with the CA are authenticated with MACs, using CFSSL's authenticated signature scheme. A CA created in this way issues for a single profile on the remote signer, which is indicated by name in this constructor.
func (*CertificateAuthorityImpl) GenerateOCSP ¶
func (ca *CertificateAuthorityImpl) GenerateOCSP(xferObj core.OCSPSigningRequest) ([]byte, error)
GenerateOCSP produces a new OCSP response and returns it
func (*CertificateAuthorityImpl) IssueCertificate ¶
func (ca *CertificateAuthorityImpl) IssueCertificate(csr x509.CertificateRequest, regID int64) (core.Certificate, error)
IssueCertificate attempts to convert a CSR into a signed Certificate, while enforcing all policies. Names (domains) in the CertificateRequest will be lowercased before storage.
func (*CertificateAuthorityImpl) RevokeCertificate ¶
func (ca *CertificateAuthorityImpl) RevokeCertificate(serial string, reasonCode core.RevocationCode) (err error)
RevokeCertificate revokes the trust of the Cert referred to by the provided Serial.