certificate

package
v1.66.3-rc Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Nov 3, 2022 License: AGPL-3.0 Imports: 16 Imported by: 0

Documentation

Overview

Package certificate is responsible for managing certificate signing operations on peer identities' certificate chains.

Index

Constants

This section is empty.

Variables

View Source
var (

	// Error is the default error class for the certificates peer.
	Error = errs.Class("certificate")
)

Functions

This section is empty.

Types

type Config

type Config struct {
	Identity identity.Config
	Server   server.Config

	Signer            identity.FullCAConfig
	AuthorizationDB   authorization.DBConfig
	AuthorizationAddr string `default:"127.0.0.1:9000" help:"address for authorization http proxy to listen on"`

	MinDifficulty uint `default:"36" help:"minimum difficulty of the requester's identity required to claim an authorization"`
}

Config is the global certificates config.

type Endpoint

type Endpoint struct {
	certificatepb.DRPCCertificatesUnimplementedServer
	// contains filtered or unexported fields
}

Endpoint implements pb.CertificatesServer.

func NewEndpoint

func NewEndpoint(log *zap.Logger, ca *identity.FullCertificateAuthority, authorizationDB *authorization.DB, minDifficulty uint16) *Endpoint

NewEndpoint creates a new certificate signing server.

func (Endpoint) Sign

Sign signs the CA certificate of the remote peer's identity with the `certs.ca` certificate. Returns a certificate chain consisting of the remote peer's CA followed by the CA chain.

type Peer

type Peer struct {
	// core dependencies
	Log      *zap.Logger
	Identity *identity.FullIdentity

	Server          *server.Server
	AuthorizationDB *authorization.DB

	// services and endpoints
	Certificate struct {
		Endpoint *Endpoint
	}

	Authorization struct {
		Listener net.Listener
		Service  *authorization.Service
		Endpoint *authorization.Endpoint
	}
}

Peer is the certificates server.

func New

func New(log *zap.Logger, ident *identity.FullIdentity, ca *identity.FullCertificateAuthority, authorizationDB *authorization.DB, revocationDB *revocation.DB, config *Config) (*Peer, error)

New creates a new certificates peer.

func (*Peer) Close

func (peer *Peer) Close() error

Close closes all resources.

func (*Peer) Run

func (peer *Peer) Run(ctx context.Context) (err error)

Run runs the certificates peer until it's either closed or it errors.

Directories

Path Synopsis
Package authorization is used for managing one-time-use certificate-signing- authorizations and claims.
Package authorization is used for managing one-time-use certificate-signing- authorizations and claims.
Package certificateclient contains the client for the certificate endpoint.
Package certificateclient contains the client for the certificate endpoint.
Package certificatepb contains protobuf definitions for certificate signing.
Package certificatepb contains protobuf definitions for certificate signing.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL