certchains

package
v0.3.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Oct 10, 2023 License: Apache-2.0 Imports: 12 Imported by: 0

Documentation

Overview

Copyright Contributors to the Open Cluster Management project

Copyright Contributors to the Open Cluster Management project

Index

Constants

View Source
const (
	CACertFileName     = "ca.crt"
	CAKeyFileName      = "ca.key"
	CABundleFileName   = "ca-bundle.crt"
	CASerialsFileName  = "serial.txt"
	ServerCertFileName = "server.crt"
	ServerKeyFileName  = "server.key"
	ClientCertFileName = "client.crt"
	ClientKeyFileName  = "client.key"
	PeerCertFileName   = "peer.crt"
	PeerKeyFileName    = "peer.key"

	LongLivedCertificateValidityDays  = 365 * 10
	ShortLivedCertificateValidityDays = 365
)

Variables

This section is empty.

Functions

func CABundlePath

func CABundlePath(dir string) string

func CACertPath

func CACertPath(dir string) string

func CAKeyPath

func CAKeyPath(dir string) string

func CASerialsPath

func CASerialsPath(dir string) string

func ClientCertPath

func ClientCertPath(dir string) string

func ClientKeyPath

func ClientKeyPath(dir string) string

func IsCertShortLived

func IsCertShortLived(c *x509.Certificate) bool

func IsSignerNotFoundError

func IsSignerNotFoundError(err error) bool

func PeerCertPath

func PeerCertPath(dir string) string

func PeerKeyPath

func PeerKeyPath(dir string) string

func ServingCertPath

func ServingCertPath(dir string) string

func ServingKeyPath

func ServingKeyPath(dir string) string

func WhenToRotateAtEarliest

func WhenToRotateAtEarliest(cs *CertificateChains) ([]string, time.Time, error)

Types

type CAInfo

type CAInfo struct {
	// contains filtered or unexported fields
}

func NewCAInfo

func NewCAInfo() *CAInfo

func (*CAInfo) EnsureCA

func (i *CAInfo) EnsureCA() (ca *crypto.CA, err error)

func (*CAInfo) SetCertFile

func (i *CAInfo) SetCertFile(file string) *CAInfo

func (*CAInfo) SetKeyFile

func (i *CAInfo) SetKeyFile(file string) *CAInfo

func (*CAInfo) SetSerialFile

func (i *CAInfo) SetSerialFile(file string) *CAInfo

func (*CAInfo) SetSignerName

func (i *CAInfo) SetSignerName(name string) *CAInfo

func (*CAInfo) SetValidityDays

func (i *CAInfo) SetValidityDays(duration int) *CAInfo

type CSRInfo

type CSRInfo interface{ GetMeta() CSRMeta }

type CSRMeta

type CSRMeta struct {
	Name         string
	ValidityDays int
}

type CertWalkFunc

type CertWalkFunc func(certPath []string, c x509.Certificate) error

type CertificateChains

type CertificateChains struct {
	SigningConfig *SigningConfig
	// contains filtered or unexported fields
}

func (*CertificateChains) GetCertKey

func (cs *CertificateChains) GetCertKey(certPath ...string) ([]byte, []byte, error)

func (*CertificateChains) GetSigner

func (cs *CertificateChains) GetSigner(signerPath ...string) *CertificateSigner

func (*CertificateChains) GetSignerNames

func (cs *CertificateChains) GetSignerNames() []string

func (*CertificateChains) Regenerate

func (cs *CertificateChains) Regenerate(certPath ...string) error

func (*CertificateChains) WalkChains

func (cs *CertificateChains) WalkChains(rootPath []string, fn CertWalkFunc) error

WalkChains traverses through the trust chain starting at `rootPath` and applies `fn` on all the certificates in the chain tree

type CertificateChainsBuilder

type CertificateChainsBuilder interface {
	WithSigners(signers ...CertificateSignerBuilder) CertificateChainsBuilder
	WithCABundle(bundlePath string, signerNames ...[]string) CertificateChainsBuilder
	Complete(cfg *SigningConfig) (*CertificateChains, error)
}

func NewCertificateChains

func NewCertificateChains(signers ...CertificateSignerBuilder) CertificateChainsBuilder

type CertificateSigner

type CertificateSigner struct {
	// contains filtered or unexported fields
}

func (*CertificateSigner) AddToBundles

func (s *CertificateSigner) AddToBundles(bundlePaths ...string) error

func (*CertificateSigner) GetCertKey

func (s *CertificateSigner) GetCertKey(subjectName string) ([]byte, []byte, error)

func (*CertificateSigner) GetCertNames

func (s *CertificateSigner) GetCertNames() []string

func (*CertificateSigner) GetSignerCertPEM

func (s *CertificateSigner) GetSignerCertPEM() ([]byte, error)

func (*CertificateSigner) GetSubCA

func (s *CertificateSigner) GetSubCA(signerName string) *CertificateSigner

func (*CertificateSigner) GetSubCANames

func (s *CertificateSigner) GetSubCANames() []string

func (*CertificateSigner) Regenerate

func (s *CertificateSigner) Regenerate(certPath ...string) error

func (*CertificateSigner) SignCertificate

func (s *CertificateSigner) SignCertificate(csrInfo CSRInfo) error

func (*CertificateSigner) SignClientCertificate

func (s *CertificateSigner) SignClientCertificate(signInfo *ClientCertificateSigningRequestInfo) error

func (*CertificateSigner) SignPeerCertificate

func (s *CertificateSigner) SignPeerCertificate(signInfo *PeerCertificateSigningRequestInfo) error

func (*CertificateSigner) SignServingCertificate

func (s *CertificateSigner) SignServingCertificate(signInfo *ServingCertificateSigningRequestInfo) error

func (*CertificateSigner) SignSubCA

func (s *CertificateSigner) SignSubCA(subSignerInfo CertificateSignerBuilder) error

type CertificateSignerBuilder

type CertificateSignerBuilder interface {
	SignerInfo

	WithSignerConfig(config *crypto.CA) CertificateSignerBuilder
	WithSubCAs(subCAsInfo ...CertificateSignerBuilder) CertificateSignerBuilder
	WithClientCertificates(signInfos ...*ClientCertificateSigningRequestInfo) CertificateSignerBuilder
	WithServingCertificates(signInfos ...*ServingCertificateSigningRequestInfo) CertificateSignerBuilder
	WithPeerCertificiates(signInfos ...*PeerCertificateSigningRequestInfo) CertificateSignerBuilder
	WithCABundlePaths(bundlePath ...string) CertificateSignerBuilder
	WithCAInfo(info *CAInfo) CertificateSignerBuilder
	Complete() (*CertificateSigner, error)
}

func NewCertificateSigner

func NewCertificateSigner(signerName, signerDir string, validityDays int) CertificateSignerBuilder

NewCertificateSigner returns a builder object for a certificate chain for the given signer

type ClientCertificateSigningRequestInfo

type ClientCertificateSigningRequestInfo struct {
	CSRMeta

	UserInfo user.Info
}

func (*ClientCertificateSigningRequestInfo) GetMeta

type PeerCertificateSigningRequestInfo

type PeerCertificateSigningRequestInfo struct {
	CSRMeta

	UserInfo  user.Info
	Hostnames []string
}

func (*PeerCertificateSigningRequestInfo) GetMeta

type ServingCertificateSigningRequestInfo

type ServingCertificateSigningRequestInfo struct {
	CSRMeta

	Hostnames []string
}

func (*ServingCertificateSigningRequestInfo) GetMeta

type SignerInfo

type SignerInfo interface {
	Name() string
	Directory() string
	ValidityDays() int
}

type SignerNotFound

type SignerNotFound struct {
	// contains filtered or unexported fields
}

func NewSignerNotFound

func NewSignerNotFound(signerName string) *SignerNotFound

func (*SignerNotFound) Error

func (e *SignerNotFound) Error() string

type SigningConfig

type SigningConfig struct {
	ApiHost string
}

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL