pki

package
v0.0.0-...-3442565 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 29, 2024 License: Apache-2.0 Imports: 21 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	// CertificateBlockType is a possible value for pem.Block.Type.
	CertificateBlockType = "CERTIFICATE"

	// RSAPrivateKeyBlockType is a possible value for pem.Block.Type.
	RSAPrivateKeyBlockType = "RSA PRIVATE KEY"
)

Variables

View Source 
var CertDuration = 2 * 365 * 24 * time.Hour

CertDuration controls how long we issue certificates for. We set it to a longer time period, primarily because we don't have a nice means of rotation. This was historically one year, but we now set it to two years, with kubernetes LTS proposing one year's support.

View Source 
var CertMinTimeLeft = 20 * 365 * 24 * time.Hour

CertMinTimeLeft is the minimum amount of validity required on a certificate to reuse it. Because we set this (much) higher than CertDuration, we will now always reissue certificates.

Functions

func ParseHumanDuration 

func ParseHumanDuration(s string) (time.Duration, error)

ParseHumanDuration parses a go-style duration string, but recognizes additional suffixes: d means "day" and is interpreted as 24 hours; y means "year" and is interpreted as 365 days.

func ParseOneCertificate 

func ParseOneCertificate(b []byte) (*x509.Certificate, error)

Types

type CA 

type CA struct {
	// contains filtered or unexported fields
}

func NewCA 

func NewCA(s Store) (*CA, error)

func (*CA) CertPool 

func (c *CA) CertPool() *x509.CertPool

type FSStore 

type FSStore struct {
	// contains filtered or unexported fields
}

func NewFSStore 

func NewFSStore(basedir string) *FSStore

func (*FSStore) Keypair 

func (s *FSStore) Keypair(name string) MutableKeypair

func (*FSStore) LoadCA 

func (s *FSStore) LoadCA(name string) (*CA, error)

func (*FSStore) WriteCABundle 

func (s *FSStore) WriteCABundle(ca *CA) error

type InMemoryMutableKeypair 

type InMemoryMutableKeypair struct {
	Keypair *Keypair
}

func (*InMemoryMutableKeypair) MutateKeypair 

func (s *InMemoryMutableKeypair) MutateKeypair(mutator func(keypair *Keypair) error) (*Keypair, error)

type InMemoryStore 

type InMemoryStore struct {
	// contains filtered or unexported fields
}

func NewInMemoryStore 

func NewInMemoryStore() *InMemoryStore

func (*InMemoryStore) Keypair 

func (s *InMemoryStore) Keypair(name string) MutableKeypair

type Keypair 

type Keypair struct {
	Certificate *x509.Certificate
	PrivateKey  *rsa.PrivateKey
}

type Keypairs 

type Keypairs struct {
	// contains filtered or unexported fields
}

Keypairs manages a set of keypairs, providing utilities for fetching / creating them

func NewKeypairs 

func NewKeypairs(store Store, ca *CA) *Keypairs

func (*Keypairs) CA 

func (k *Keypairs) CA() *CA

func (*Keypairs) EnsureKeypair 

func (k *Keypairs) EnsureKeypair(name string, config certutil.Config) (*Keypair, error)

type MutableKeypair 

type MutableKeypair interface {
	MutateKeypair(mutator func(keypair *Keypair) error) (*Keypair, error)
}

type MutableKeypairFromFile 

type MutableKeypairFromFile struct {
	PrivateKeyPath  string
	CertificatePath string
}

func (*MutableKeypairFromFile) MutateKeypair 

func (s *MutableKeypairFromFile) MutateKeypair(mutator func(keypair *Keypair) error) (*Keypair, error)

type Store 

type Store interface {
	Keypair(name string) MutableKeypair
}

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.