authority

package
v1.21.0-beta.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Mar 9, 2021 License: Apache-2.0 Imports: 8 Imported by: 4

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type CertificateAuthority

type CertificateAuthority struct {
	// RawCert is an optional field to determine if signing cert/key pairs have changed
	RawCert []byte
	// RawKey is an optional field to determine if signing cert/key pairs have changed
	RawKey []byte

	Certificate *x509.Certificate
	PrivateKey  crypto.Signer
	Backdate    time.Duration
	Now         func() time.Time
}

CertificateAuthority implements a certificate authority that supports policy based signing. It's used by the signing controller.

func (*CertificateAuthority) Sign

func (ca *CertificateAuthority) Sign(crDER []byte, policy SigningPolicy) ([]byte, error)

Sign signs a certificate request, applying a SigningPolicy and returns a DER encoded x509 certificate.

type PermissiveSigningPolicy

type PermissiveSigningPolicy struct {
	// TTL is the certificate TTL. It's used to calculate the NotAfter value of
	// the certificate.
	TTL time.Duration
	// Usages are the allowed usages of a certificate.
	Usages []capi.KeyUsage
}

PermissiveSigningPolicy is the signing policy historically used by the local signer.

  • It forwards all SANs from the original signing request.
  • It sets allowed usages as configured in the policy.
  • It sets NotAfter based on the TTL configured in the policy.
  • It zeros all extensions.
  • It sets BasicConstraints to true.
  • It sets IsCA to false.

type SigningPolicy

type SigningPolicy interface {
	// contains filtered or unexported methods
}

SigningPolicy validates a CertificateRequest before it's signed by the CertificateAuthority. It may default or otherwise mutate a certificate template.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL