Documentation
¶
Index ¶
Constants ¶
View Source
const ( // DefaultKeyThumbprintAlgorithm DefaultKeyThumbprintAlgorithm = crypto.SHA256 // DefaultJWTSignatureAlgorithm is set to RS256 by default as it is the most compatible algorithm. DefaultJWTSignatureAlgorithm = jwa.RS256 )
Variables ¶
This section is empty.
Functions ¶
func GenerateWorkloadCert ¶
func GenerateWorkloadCert(sig x509.SignatureAlgorithm, ttl, skew time.Duration, id *spiffe.Parsed) (*x509.Certificate, error)
GenerateWorkloadCert returns a CA issuing x509 Certificate.
Types ¶
type Bundle ¶
Bundle is the bundle of certificates and keys used by the CA.
func Generate ¶
func Generate(opts GenerateOptions) (Bundle, error)
Generate generates the x.509 and JWT bundles if required.
type GenerateOptions ¶
type JWT ¶
type JWT struct {
// SigningKey is the private key used to sign JWTs.
SigningKey crypto.Signer
// SigningKeyPEM is the PEM encoded private key used to sign JWTs.
SigningKeyPEM []byte
// JWKS is the JWK set used to verify JWTs.
JWKS jwk.Set
// JWKSJson is the JSON encoded JWK set used to verify JWTs.
JWKSJson []byte
}
type MissingCredentials ¶
type MissingCredentials struct {
// X509 indicates whether we need to generate X.509 certificates.
X509 bool
// JWT indicates whether we need to generate JWT signing keys.
JWT bool
}
MissingCredentials represents the type of credentials that require generation.
func (*MissingCredentials) MissingRootKeys ¶
func (g *MissingCredentials) MissingRootKeys() bool
type X509 ¶
type X509 struct {
// TrustAnchors is the PEM encoded trust anchors.
TrustAnchors []byte
// IssChainPEM is the PEM encoded issuer certificate chain.
IssChainPEM []byte
// IssKeyPEM is the PEM encoded issuer private key.
IssKeyPEM []byte
// IssChain is the issuer certificate chain.
IssChain []*x509.Certificate
// IssKey is the issuer private key.
IssKey any
}
Source Files
Click to show internal directories.
Click to hide internal directories.