crypki

package

v0.0.18 Latest Latest Go to latest Published: Nov 20, 2024 License: Apache-2.0 Imports: 18 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/theparanoids/ysshra

Links

Open Source Insights

Documentation ¶

Overview ¶

Package crypki provides the signer client to request CSR request from crypki servers.

Index ¶

func EstablishClientConn(endpoint string, opts ...grpc.DialOption) (conn *grpc.ClientConn, err error)
func GetDefaultExtension() map[string]string
type Signer
- func NewSigner(conf SignerConfig) (*Signer, error)
- func NewSignerWithGensignConf(gensignConf config.GensignConfig) (*Signer, error)
type SignerConfig

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func EstablishClientConn ¶

func EstablishClientConn(endpoint string, opts ...grpc.DialOption) (conn *grpc.ClientConn, err error)

EstablishClientConn establishes a GRPC connection to the crypki endpoint.

func GetDefaultExtension ¶

func GetDefaultExtension() map[string]string

GetDefaultExtension returns default extensions for user SSH certificate.

Types ¶

type Signer ¶

type Signer struct {
	// contains filtered or unexported fields
}

Signer encapsulates the Crypki client.

func NewSigner ¶

func NewSigner(conf SignerConfig) (*Signer, error)

NewSigner creates a Signer by SignerConfig.

func NewSignerWithGensignConf ¶

func NewSignerWithGensignConf(gensignConf config.GensignConfig) (*Signer, error)

NewSignerWithGensignConf creates a Signer by GensignConfig.

func (*Signer) DialOptions ¶

func (s *Signer) DialOptions() (options []grpc.DialOption)

DialOptions clones the dialOptions.

func (*Signer) Endpoints ¶

func (s *Signer) Endpoints() (endpoints []string)

Endpoints clones the endpoints.

func (*Signer) Sign ¶

func (s *Signer) Sign(ctx context.Context, request *pb.SSHCertificateSigningRequest) (certs []ssh.PublicKey, comments []string, err error)

Sign makes a signing request against Crypki Server.

type SignerConfig ¶

type SignerConfig struct {
	// TLSClientKeyFile is the client key to authenticate requestor's identity at Crypki.
	TLSClientKeyFile string `mapstructure:"tls_client_key_file" validate:"required"`
	// TLSClientKeyFile is the client cert to authenticate requestor's identity at Crypki.
	TLSClientCertFile string `mapstructure:"tls_client_cert_file" validate:"required"`
	// TLSCACertFiles is the list of certification authority certs to verify Crypki server cert.
	TLSCACertFiles []string `mapstructure:"tls_ca_cert_files" validate:"required"`
	// CrypkiEndpoints is the endpoint list of the crypki servers.
	// It is recommended to put IPs or secondary DNS name into the list.
	// Signer tries to send the certificate request to the crypki server in the order of CrypkiEndpoints.
	// If any return success, the signed certificate will be returned to the caller.
	CrypkiEndpoints []string `mapstructure:"crypki_endpoints" validate:"required"`
	// CrypkiPort is the port number of the crypki servers.
	CrypkiPort uint `mapstructure:"crypki_port" validate:"required"`
	// Retries is the number of retry times to request certificate from a crypki server endpoint.
	Retries uint `mapstructure:"retries"`
	// PerTryTimeout is the RPC timeout per call.
	PerTryTimeout time.Duration `mapstructure:"per_try_timeout"`
}

SignerConfig contains the signer data from the config file.

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
mock

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL