Documentation ¶
Index ¶
- Variables
- type CertificationAuthority
- func (ca *CertificationAuthority) CRL(ttl time.Duration) ([]byte, error)
- func (ca *CertificationAuthority) Certificate() (*x509.Certificate, error)
- func (ca *CertificationAuthority) CertificatePEM() ([]byte, error)
- func (ca *CertificationAuthority) CertificateRequest() (*x509.CertificateRequest, error)
- func (ca *CertificationAuthority) CertificateRequestPEM() ([]byte, error)
- func (ca *CertificationAuthority) ImportCertificate(certPEM []byte) error
- func (ca *CertificationAuthority) Issue(csrPEM []byte, exts ...signer.Extension) ([]byte, error)
- func (ca *CertificationAuthority) KeyID() ([]byte, error)
- func (ca *CertificationAuthority) Policy() (*config.Signing, error)
- func (ca *CertificationAuthority) PublicKey() (crypto.PublicKey, error)
- func (ca *CertificationAuthority) Revoke(serial string, reasonCode int) error
- func (ca *CertificationAuthority) SetPolicy(policy *config.Signing) error
- type Config
- type KeyProvider
- type StorageProvider
Constants ¶
This section is empty.
Variables ¶
var DefaultConfig = &Config{ KeyRequest: &csr.BasicKeyRequest{"rsa", 4096}, Usage: []string{"cert sign", "crl sign"}, ExpiryString: "43800h", }
DefaultConfig defines the default configuration for a CA.
Functions ¶
This section is empty.
Types ¶
type CertificationAuthority ¶
type CertificationAuthority struct {
// contains filtered or unexported fields
}
CertificationAuthority represents a certification authority.
func Init ¶
func Init(cfg *Config, caFile string, kp KeyProvider) (*CertificationAuthority, error)
Init creates a CA with given config.
func Open ¶
func Open(caFile string, kp KeyProvider) (*CertificationAuthority, error)
Open opens an existing CA.
func (*CertificationAuthority) CRL ¶
func (ca *CertificationAuthority) CRL(ttl time.Duration) ([]byte, error)
CRL returns a DER-encoded Certificate Revocation List, signed by the CA.
func (*CertificationAuthority) Certificate ¶
func (ca *CertificationAuthority) Certificate() (*x509.Certificate, error)
Certificate returns the certificate of the CA.
func (*CertificationAuthority) CertificatePEM ¶
func (ca *CertificationAuthority) CertificatePEM() ([]byte, error)
Certificate returns the certificate of the CA in PEM encoding.
func (*CertificationAuthority) CertificateRequest ¶
func (ca *CertificationAuthority) CertificateRequest() (*x509.CertificateRequest, error)
CertificateRequest returns the certificate signing request of the CA.
func (*CertificationAuthority) CertificateRequestPEM ¶
func (ca *CertificationAuthority) CertificateRequestPEM() ([]byte, error)
CertificateRequestPEM returns the certificate signing request of the CA in PEM encoding.
func (*CertificationAuthority) ImportCertificate ¶
func (ca *CertificationAuthority) ImportCertificate(certPEM []byte) error
ImportCertificate imports the given certificate if the CA does not have one.
func (*CertificationAuthority) Issue ¶
Issue signs a PEM-encoded CSR and returns the certificate in PEM.
func (*CertificationAuthority) KeyID ¶
func (ca *CertificationAuthority) KeyID() ([]byte, error)
KeyID returns the identifier of the signing key, which will also be the Authority Key Identifier (AKI) for issued certificates.
func (*CertificationAuthority) Policy ¶
func (ca *CertificationAuthority) Policy() (*config.Signing, error)
Policy returns the signing policy of the CA.
func (*CertificationAuthority) PublicKey ¶
func (ca *CertificationAuthority) PublicKey() (crypto.PublicKey, error)
PublicKey returns the public key from the CA certificate or CSR.
type Config ¶
type Config struct { CN string Name csr.Name `json:"name"` KeyRequest *csr.BasicKeyRequest `json:"key"` Usage []string `json:"usages"` CRL string `json:"crl_url"` ExpiryString string `json:"expiry"` CAConstraint config.CAConstraint `json:"ca_constraint"` AllowedExtensions []config.OID `json:"allowed_extensions"` SelfSign bool `json:"self_sign"` }
Config stores configuration information for the CA.
func LoadConfig ¶
LoadConfig attempts to load the configuration from a byte slice. On error, it returns nil.
func (*Config) CertificateRequest ¶
func (cfg *Config) CertificateRequest() *csr.CertificateRequest
CertificateRequest returns a CFSSL certificate request for the CA.