caclient

package
v0.1.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 13, 2023 License: Apache-2.0 Imports: 37 Imported by: 1

Documentation

Index

Constants

View Source 
const (
	// CertRefreshDurationRate Certificate cycle time rate
	CertRefreshDurationRate int = 2
)

Variables

This section is empty.

Functions

func AllowOcspRequests 

func AllowOcspRequests()

AllowOcspRequests

func BlockOcspRequests 

func BlockOcspRequests()

BlockOcspRequests Blocking OCSP requests will cause the MTLs handshake to fail

func SendOcspRequest 

func SendOcspRequest(server string, req []byte, leaf, issuer *x509.Certificate) (*ocsp.Response, error)

Types

type CAInstance 

type CAInstance struct {
	Conf
}

CAInstance ...

func NewCAI 

func NewCAI(opts ...OptionFunc) *CAInstance

NewCAI ...

func (*CAInstance) NewCertManager 

func (cai *CAInstance) NewCertManager() (*CertManager, error)

NewCertManager Create certificate management Instance

func (*CAInstance) NewExchanger 

func (cai *CAInstance) NewExchanger(id *spiffe.IDGIdentity) (*Exchanger, error)

NewExchanger ...

func (*CAInstance) NewExchangerWithKeypair 

func (cai *CAInstance) NewExchangerWithKeypair(id *spiffe.IDGIdentity, keyPEM []byte, certPEM []byte) (*Exchanger, error)

NewExchangerWithKeypair ...

func (*CAInstance) NewTransport 

func (cai *CAInstance) NewTransport(id *spiffe.IDGIdentity, keyPEM []byte, certPEM []byte) (*Transport, error)

NewTransport ...

func (*CAInstance) RevokeCert 

func (cai *CAInstance) RevokeCert(priv crypto.PublicKey, cert *x509.Certificate) error

type CertManager 

type CertManager struct {
	// contains filtered or unexported fields
}

CertManager Certificate manager

func (*CertManager) CACert 

func (cm *CertManager) CACert() (*x509.Certificate, error)

CACert ...

func (*CertManager) CACertsPEM 

func (cm *CertManager) CACertsPEM() ([]byte, error)

CACertsPEM ...

func (*CertManager) RevokeByKeyPEM 

func (cm *CertManager) RevokeByKeyPEM(keyPEM, certPEM []byte) error

RevokeByKeyPEM ...

func (*CertManager) RevokeIDGRegistryCert 

func (cm *CertManager) RevokeIDGRegistryCert(certPEM []byte) error

RevokeIDGRegistryCert ...

func (*CertManager) SignPEM 

func (cm *CertManager) SignPEM(csrPEM []byte, uniqueID string) ([]byte, error)

SignPEM ...

func (*CertManager) VerifyCertDefaultIssuer 

func (cm *CertManager) VerifyCertDefaultIssuer(leafPEM []byte) error

VerifyCertDefaultIssuer ...

type Conf 

type Conf struct {
	CFIdentity  *core.Identity
	DiskStore   bool
	CaAddr      string
	OcspAddr    string
	RotateAfter time.Duration
	Logger      *logger.Logger
	CSRConf     keygen.CSRConf
}

Conf ...

type Exchanger 

type Exchanger struct {
	Transport   *Transport
	IDGIdentity *spiffe.IDGIdentity
	OcspFetcher OcspClient
	// contains filtered or unexported fields
}

Exchanger ...

func (*Exchanger) ClientTLSConfig 

func (ex *Exchanger) ClientTLSConfig(host string) (*TLSGenerator, error)

ClientTLSConfig ...

func (*Exchanger) RevokeItSelf 

func (ex *Exchanger) RevokeItSelf() error

RevokeItSelf Revoke one's own certificate

func (*Exchanger) RotateController 

func (ex *Exchanger) RotateController() *RotateController

RotateController ...

func (*Exchanger) ServerHTTPSConfig 

func (ex *Exchanger) ServerHTTPSConfig() (*TLSGenerator, error)

ServerHTTPSConfig ...

func (*Exchanger) ServerTLSConfig 

func (ex *Exchanger) ServerTLSConfig() (*TLSGenerator, error)

ServerTLSConfig ...

type ExtraValidator 

type ExtraValidator func(identity *spiffe.IDGIdentity) error

ExtraValidator User defined verification function, which is executed after the certificate is verified successfully

type OcspClient 

type OcspClient interface {
	Validate(leaf, issuer *x509.Certificate) (bool, error)
	Reset()
}

OcspClient Ocsp Client

func NewOcspMemCache 

func NewOcspMemCache(logger *logger.Logger, ocspAddr string) (OcspClient, error)

NewOcspMemCache ...

type OptionFunc 

type OptionFunc func(*Conf)

OptionFunc ...

func WithAuthKey 

func WithAuthKey(key string) OptionFunc

func WithCAServer 

func WithCAServer(role Role, addr string) OptionFunc

WithCAServer ...

func WithCSRConf 

func WithCSRConf(csrConf keygen.CSRConf) OptionFunc

func WithLogger 

func WithLogger(l *logger.Logger) OptionFunc

func WithOcspAddr 

func WithOcspAddr(ocspAttr string) OptionFunc

func WithRotateAfter 

func WithRotateAfter(du time.Duration) OptionFunc

type RevokeRequest 

type RevokeRequest struct {
	Serial  string `json:"serial"`
	AKI     string `json:"authority_key_id"`
	Reason  string `json:"reason"`
	Nonce   string `json:"nonce"`
	Sign    string `json:"sign"`
	AuthKey string `json:"auth_key"`
	Profile string `json:"profile"`
}

This type is meant to be unmarshalled from JSON

type Role 

type Role string

Role ... 

const (
	// RoleDefault ...
	RoleDefault Role = "default"
	// RoleIntermediate ...
	RoleIntermediate Role = "intermediate"
)

type RotateController 

type RotateController struct {
	// contains filtered or unexported fields
}

RotateController ...

func (*RotateController) AddCert 

func (rc *RotateController) AddCert()

func (*RotateController) Run 

func (rc *RotateController) Run()

Run ...

type TLSGenerator 

type TLSGenerator struct {
	Cfg *tls.Config
}

TLSGenerator ...

func NewTLSGenerator 

func NewTLSGenerator(cfg *tls.Config) *TLSGenerator

NewTLSGenerator ...

func (*TLSGenerator) BindExtraValidator 

func (tg *TLSGenerator) BindExtraValidator(validator ExtraValidator)

BindExtraValidator Register custom validation function

func (*TLSGenerator) TLSConfig 

func (tg *TLSGenerator) TLSConfig() *tls.Config

TLSConfig Get golang native TLS config

type Transport 

type Transport struct {
	CertRefreshDurationRate int
	Provider                kp.KeyProvider
	CA                      ca.CertificateAuthority
	TrustStore              *roots.TrustStore
	ClientTrustStore        *roots.TrustStore
	Identity                *core.Identity
	Backoff                 *backoff.Backoff
	RevokeSoftFail          bool
	// contains filtered or unexported fields
}

func (*Transport) AsyncRefreshKeys 

func (tr *Transport) AsyncRefreshKeys() error

AsyncRefreshKeys timeout handler

func (*Transport) AutoUpdate 

func (tr *Transport) AutoUpdate() error

AutoUpdate The listener is automatically updated.

func (*Transport) GetCertificate 

func (tr *Transport) GetCertificate() (*tls.Certificate, error)

GetCertificate ...

func (*Transport) Lifespan 

func (tr *Transport) Lifespan() (remain time.Duration, ava time.Duration)

Lifespan Returns the remaining replacement time of a certificate.

func (*Transport) ManualRevoke 

func (tr *Transport) ManualRevoke()

ManualRevoke ...

func (*Transport) RefreshKeys 

func (tr *Transport) RefreshKeys() (err error)

RefreshKeys

func (*Transport) TLSClientAuthClientConfig 

func (tr *Transport) TLSClientAuthClientConfig(host string) (*tls.Config, error)

TLSClientAuthClientConfig Client TLS configuration, changing certificate dynamically

func (*Transport) TLSClientAuthServerConfig 

func (tr *Transport) TLSClientAuthServerConfig() (*tls.Config, error)

TLSClientAuthServerConfig The server TLS configuration needs to be changed dynamically

func (*Transport) TLSServerConfig 

func (tr *Transport) TLSServerConfig() (*tls.Config, error)

TLSServerConfig is a general server configuration

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.