certificate

package
v1.24.7-rc-multipart Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Feb 28, 2021 License: AGPL-3.0 Imports: 16 Imported by: 0

Documentation

Overview

Package certificate is responsible for managing certificate signing operations on peer identities' certificate chains.

Index

Constants

This section is empty.

Variables

View Source
var (

	// Error is the default error class for the certificates peer.
	Error = errs.Class("certificates peer error")
)

Functions

This section is empty.

Types

type Config

type Config struct {
	Identity identity.Config
	Server   server.Config

	Signer            identity.FullCAConfig
	AuthorizationDB   authorization.DBConfig
	AuthorizationAddr string `default:"127.0.0.1:9000" help:"address for authorization http proxy to listen on"`

	MinDifficulty uint `default:"36" help:"minimum difficulty of the requester's identity required to claim an authorization"`
}

Config is the global certificates config.

type Endpoint

type Endpoint struct {
	// contains filtered or unexported fields
}

Endpoint implements pb.CertificatesServer.

func NewEndpoint

func NewEndpoint(log *zap.Logger, ca *identity.FullCertificateAuthority, authorizationDB *authorization.DB, minDifficulty uint16) *Endpoint

NewEndpoint creates a new certificate signing server.

func (Endpoint) Sign

func (endpoint Endpoint) Sign(ctx context.Context, req *pb.SigningRequest) (_ *pb.SigningResponse, err error)

Sign signs the CA certificate of the remote peer's identity with the `certs.ca` certificate. Returns a certificate chain consisting of the remote peer's CA followed by the CA chain.

type Peer

type Peer struct {
	// core dependencies
	Log      *zap.Logger
	Identity *identity.FullIdentity

	Server          *server.Server
	AuthorizationDB *authorization.DB

	// services and endpoints
	Certificate struct {
		Endpoint *Endpoint
	}

	Authorization struct {
		Listener net.Listener
		Service  *authorization.Service
		Endpoint *authorization.Endpoint
	}
}

Peer is the certificates server.

func New

func New(log *zap.Logger, ident *identity.FullIdentity, ca *identity.FullCertificateAuthority, authorizationDB *authorization.DB, revocationDB *revocation.DB, config *Config) (*Peer, error)

New creates a new certificates peer.

func (*Peer) Close

func (peer *Peer) Close() error

Close closes all resources.

func (*Peer) Run

func (peer *Peer) Run(ctx context.Context) (err error)

Run runs the certificates peer until it's either closed or it errors.

Directories

Path Synopsis
Package authorization is used for managing one-time-use certificate-signing- authorizations and claims.
Package authorization is used for managing one-time-use certificate-signing- authorizations and claims.
Package certificateclient contains the client for the certificate endpoint.
Package certificateclient contains the client for the certificate endpoint.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL