ca

package
v0.6.2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 8, 2026 License: Apache-2.0, Apache-2.0 Imports: 20 Imported by: 1

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func Verify added in v0.1.0 

func Verify(pubkey sshcert.RawPublicKey, token, signature string) error

Types

type AuthToken 

type AuthToken struct {
	Provider string
	Token    string
}

AuthToken is the token passed from the plugin through to the CA (and to the ca verifier plugin matching Provider) Token is opaque and can hold whatever the plugins need it to

type CA 

type CA struct {
	// contains filtered or unexported fields
}

CA performs CA operations

func New 

func New(privateKey sshcert.RawPrivateKey, policyURL string, options ...Option) (*CA, error)

New creates a new CA

func (*CA) BootstrapURL added in v0.5.1 

func (c *CA) BootstrapURL() string

BootstrapURL returns the cached bootstrap URL learned from the policy server. Returns empty string if not yet learned.

func (*CA) PolicyURL added in v0.1.0 

func (c *CA) PolicyURL() string

get the URL of the Policy Server

func (*CA) PublicKey 

func (c *CA) PublicKey() sshcert.RawPublicKey

PublicKey returns the ssh on-disk format public key for the CA

func (*CA) RequestPolicy 

func (c *CA) RequestPolicy(ctx context.Context, token string, conn policy.Connection) (*PolicyResponse, error)

RequestPolicy requests policy from the policy url

func (*CA) Sign added in v0.1.0 

func (c *CA) Sign(value string) (signature string, err error)

func (*CA) SignPublicKey 

func (c *CA) SignPublicKey(rawPubKey sshcert.RawPublicKey, params *CertParams) (sshcert.RawCertificate, error)

SignPublicKey signs a key to generate a certificate

type CertParams 

type CertParams struct {
	Identity   string            `json:"identity"`
	Names      []string          `json:"principals"`
	Expiration time.Duration     `json:"expiration"`
	Extensions map[string]string `json:"extensions"`
}

CertParams are options which can be set on a certificate

type Option 

type Option interface {
	// contains filtered or unexported methods
}

Option configures the CA

func WithHTTPClient 

func WithHTTPClient(httpClient *http.Client) Option

WithHTTPClient configures the CA to use the specified HTTP Client

func WithLogger added in v0.3.3 

func WithLogger(logger *slog.Logger) Option

WithLogger configures the CA to use the specified logger

func WithTLSConfig added in v0.1.4 

func WithTLSConfig(cfg tlsconfig.Config) Option

WithTLSConfig creates an HTTP client with the specified TLS configuration

type PolicyError added in v0.1.1 

type PolicyError struct {
	StatusCode   int
	Message      string
	DiscoveryURL string // Resolved discovery URL from Link header
	BootstrapURL string // Resolved bootstrap URL from Link header
}

PolicyError represents an error from the policy server. The CA server should return the same status code to the client.

func (*PolicyError) Error added in v0.1.1 

func (e *PolicyError) Error() string

type PolicyResponse added in v0.1.1 

type PolicyResponse struct {
	CertParams   CertParams    `json:"certParams"`
	Policy       policy.Policy `json:"policy"`
	DiscoveryURL string        `json:"-"` // Resolved URL from Link header
	BootstrapURL string        `json:"-"` // Resolved URL from Link header
}

PolicyResponse is the response from the policy server, containing both the certificate parameters and the policy

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.