Documentation ¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type ACMEConfig ¶
type ACMEConfig struct { // DirectoryURL is the ACME directory URL DirectoryURL string // DomainName is the domain name of the certificate to obtain. DomainName string // CacheDir is the directory on disk where we cache certificates. CacheDir string // Email is the email address of the account to register with ACME Email string // ToSAccepted is whether or not the terms of service have been accepted. If // not true, and the provider requires acceptance, then certificate // retrieval will fail. ToSAccepted bool }
ACMECache implements a cache for the autocert manager. It makes some simplifying assumptions based on our usage for the bundle endpoint. Namely, it assumes there is going to be a single cache entry, since we only support a single domain. It assumes PEM encoded blocks of data and strips out the private key to be stored in the key manager instead of on disk with the rest of the data.
type Cache ¶ added in v1.6.0
type Cache struct {
// contains filtered or unexported fields
}
func (*Cache) FetchBundleX509 ¶ added in v1.6.0
func (c *Cache) FetchBundleX509(ctx context.Context, td spiffeid.TrustDomain) (*x509bundle.Bundle, error)
type EndpointConfig ¶ added in v0.11.0
type EndpointConfig struct { // Address is the address on which to serve the federation bundle endpoint. Address *net.TCPAddr // ACME is the ACME configuration for the bundle endpoint. // If unset, the bundle endpoint will use SPIFFE auth. ACME *ACMEConfig DiskCertManager *diskcertmanager.DiskCertManager RefreshHint time.Duration }
type Getter ¶
type Getter interface {
GetBundle(ctx context.Context) (*spiffebundle.Bundle, error)
}
type GetterFunc ¶
type GetterFunc func(ctx context.Context) (*spiffebundle.Bundle, error)
func (GetterFunc) GetBundle ¶
func (fn GetterFunc) GetBundle(ctx context.Context) (*spiffebundle.Bundle, error)
type Server ¶
type Server struct {
// contains filtered or unexported fields
}
func NewServer ¶
func NewServer(config ServerConfig) *Server
type ServerAuth ¶
func ACMEAuth ¶
func ACMEAuth(log logrus.FieldLogger, km keymanager.KeyManager, config ACMEConfig) ServerAuth
func SPIFFEAuth ¶
func SPIFFEAuth(getter func() ([]*x509.Certificate, crypto.PrivateKey, error)) ServerAuth
type ServerConfig ¶
type ServerConfig struct { Log logrus.FieldLogger Address string Getter Getter ServerAuth ServerAuth RefreshHint time.Duration // contains filtered or unexported fields }
Click to show internal directories.
Click to hide internal directories.