config

package

v1.16.9 Latest Latest Go to latest Published: Nov 7, 2023 License: Apache-2.0 Imports: 6 Imported by: 1

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/theparanoids/crypki

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
func ValidatePinIntegrity(keys []KeyConfig) error
type Config
- func Parse(configPath string) (*Config, error)
type HealthCheck
type KeyConfig
type KeyUsage

Constants ¶

View Source

const (
	DefaultPKCS11Timeout = 10 // in seconds

	// X509CertEndpoint specifies the endpoint for signing X509 certificate.
	X509CertEndpoint = "/sig/x509-cert"
	// SSHUserCertEndpoint specifies the endpoint for signing SSH user certificate.
	SSHUserCertEndpoint = "/sig/ssh-user-cert"
	// SSHHostCertEndpoint specifies the endpoint for signing SSH host certificate.
	SSHHostCertEndpoint = "/sig/ssh-host-cert"
	// BlobEndpoint specifies the endpoint for raw signing.
	BlobEndpoint = "/sig/blob"
)

Variables ¶

This section is empty.

Functions ¶

func ValidatePinIntegrity ¶ added in v1.9.1

func ValidatePinIntegrity(keys []KeyConfig) error

ValidatePinIntegrity checks whether the same slot uses the same pinfile.

Types ¶

type Config ¶

type Config struct {
	ModulePath        string
	TLSClientAuthMode tls.ClientAuthType
	TLSServerCertPath string
	TLSServerKeyPath  string
	TLSCACertPath     string
	TLSHost           string
	TLSPort           string
	SignersPerPool    int
	Keys              []KeyConfig
	KeyUsages         []KeyUsage
	HealthCheck

	ShutdownOnInternalFailure         bool
	ShutdownOnInternalFailureCriteria struct {
		ReportMode            bool
		ConsecutiveCountLimit uint
		TimerDurationSecond   uint
		TimerCountLimit       uint
	}

	// timeouts used in initialization of http.Server (in seconds)
	IdleTimeout  uint
	ReadTimeout  uint
	WriteTimeout uint

	// PKCS11RequestTimeout indicates the max time an HSM can take to process a signing request for a
	// certificate in seconds.
	PKCS11RequestTimeout uint `json:"requestTimeout"`
}

Config defines struct to store configuration fields for crypki.

func Parse ¶

func Parse(configPath string) (*Config, error)

Parse loads configuration values from input file and returns config object and CA cert.

type HealthCheck ¶ added in v1.12.0

type HealthCheck struct {
	// Enabled specifies whether healthcheck listener should be enabled.
	Enabled bool
	// Address specifies the address for the http listener.
	Address string
	// KeyID specifies the identifier of the key to be used by
	// healthcheck listener.
	KeyID string
}

HealthCheck specifies configs related to healthcheck listener.

type KeyConfig ¶

type KeyConfig struct {
	// Identifier is a unique name that can be used to refer to this key.
	Identifier string
	// SlotNumber is the slot number in HSM.
	SlotNumber uint
	// TokenLabel is the token label in HSM. If this value is specified, SlotNumber is specified by this.
	TokenLabel string
	// UserPinPath is the path to the file that contains the pin to login to the specified slot.
	UserPinPath string
	// KeyLabel is the label of the key on the slot.
	KeyLabel string
	// SessionPoolSize specifies the number of sessions that are opened for this key.
	SessionPoolSize int
	// KeyType specifies the type of key, such as RSA or ECDSA.
	KeyType x509.PublicKeyAlgorithm
	// SignatureAlgo specifies the type of signature hash function such as SHA256WithRSA or ECDSAWithSHA384.
	SignatureAlgo x509.SignatureAlgorithm

	// OCSPServers are the locations of OCSP responders.
	OCSPServers []string
	// CRLDistributionPoints are the URIs of CRL distribution endpoints.
	CRLDistributionPoints []string

	// CreateCACertIfNotExist should be set to true if the user wants the x509 CA cert to be created
	// when X509CACertLocation is not specified.
	CreateCACertIfNotExist bool
	// X509CACertLocation is the path to the x509 CA certificate.
	X509CACertLocation string
	// Fields of the CA cert in subject line.
	Country, State, Locality, Organization, OrganizationalUnit, CommonName string
	// The validity time period of the CA cert, which is specified in seconds.
	ValidityPeriod uint64
}

KeyConfig contains information about a particular signing key inside HSM.

type KeyUsage ¶

type KeyUsage struct {
	// Endpoint represents the API call that is made.
	// E.g. "/sig/x509-cert"
	Endpoint string
	// Identifiers is the list of KeyConfig.Identifier that identify keys that
	// can be used for the API call.
	Identifiers []string
	// Maximum allowed validity period in seconds for a certificate signed by
	// this endpoint. If not specified default is infinity.
	MaxValidity uint64
	// PrioritySchedulingEnabled indicates whether to schedule requests based on the priority/urgency of the request
	// being received. If disabled, all requests are treated with equal priority.
	PrioritySchedulingEnabled bool
}

KeyUsage configures which key(s) can be used for the API call.

Source Files ¶

View all Source files

config.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL