caserver

package
v0.1.3 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Nov 22, 2025 License: Apache-2.0, Apache-2.0 Imports: 16 Imported by: 0

Documentation

Index

Constants

View Source 
const RequestBodySizeLimit = 8192

RequestBodySizeLimit is the maximum request body size

Variables

This section is empty.

Functions

func New 

func New(c *ca.CA, log *slog.Logger, httpClient *http.Client, certLogger CertLogger) http.Handler

New creates a new CA Server which needs to then be attached to some http server, a la `http.ListenAndServeTLS(...)`

Types

type CertEvent added in v0.1.1 

type CertEvent struct {
	Timestamp            time.Time
	SerialNumber         string
	Identity             string
	Principals           []string
	Connection           policy.Connection
	ValidAfter           time.Time
	ValidBefore          time.Time
	Extensions           map[string]string
	PublicKeyFingerprint string
	Policy               policy.Policy
}

CertEvent contains all information about a certificate issuance event.

type CertLogger added in v0.1.1 

type CertLogger interface {
	LogCert(ctx context.Context, event *CertEvent) error
}

CertLogger logs certificate issuance events for audit, compliance, and analytics.

type CreateCertRequest 

type CreateCertRequest struct {
	PublicKey  sshcert.RawPublicKey `json:"publicKey"`
	Token      string               `json:"token"`
	Connection policy.Connection    `json:"connection"`
}

CreateCertRequest asks for a signed cert

type CreateCertResponse 

type CreateCertResponse struct {
	Certificate sshcert.RawCertificate `json:"certificate"`
	Policy      policy.Policy          `json:"policy"`
}

CreateCertResponse is response from a CreateCert request

type MultiCertLogger added in v0.1.1 

type MultiCertLogger struct {
	// contains filtered or unexported fields
}

MultiCertLogger calls multiple CertLoggers in sequence. Best-effort: calls all loggers and collects errors, but doesn't stop on first error.

func NewMultiCertLogger added in v0.1.1 

func NewMultiCertLogger(loggers ...CertLogger) *MultiCertLogger

NewMultiCertLogger creates a logger that calls multiple loggers.

func (*MultiCertLogger) LogCert added in v0.1.1 

func (m *MultiCertLogger) LogCert(ctx context.Context, event *CertEvent) error

LogCert calls all loggers and returns a combined error if any fail.

type NoopCertLogger added in v0.1.1 

type NoopCertLogger struct{}

NoopCertLogger is a logger that does nothing. Used when certificate logging is disabled.

func NewNoopCertLogger added in v0.1.1 

func NewNoopCertLogger() *NoopCertLogger

NewNoopCertLogger creates a no-op logger.

func (*NoopCertLogger) LogCert added in v0.1.1 

func (n *NoopCertLogger) LogCert(ctx context.Context, event *CertEvent) error

LogCert does nothing and always returns nil.

type S3ArchiverConfig added in v0.1.1 

type S3ArchiverConfig struct {
	S3Client   *s3.Client
	Bucket     string
	KeyPrefix  string       // Optional prefix for S3 keys (e.g., "certs/")
	Logger     *slog.Logger // For logging archiver errors
	BufferSize int          // Channel buffer size (default: 100)
}

S3ArchiverConfig configures the S3 certificate archiver.

type S3CertArchiver added in v0.1.1 

type S3CertArchiver struct {
	// contains filtered or unexported fields
}

S3CertArchiver archives certificate events to S3 with date partitioning. Uses async buffered writes for performance. Best-effort: logs errors but doesn't fail cert issuance.

func NewS3CertArchiver added in v0.1.1 

func NewS3CertArchiver(config S3ArchiverConfig) *S3CertArchiver

NewS3CertArchiver creates a new S3 archiver with async background writes.

func (*S3CertArchiver) LogCert added in v0.1.1 

func (a *S3CertArchiver) LogCert(ctx context.Context, event *CertEvent) error

LogCert enqueues a certificate event for async S3 archival. Non-blocking: drops events if buffer is full (best-effort).

func (*S3CertArchiver) Shutdown added in v0.1.1 

func (a *S3CertArchiver) Shutdown(timeout time.Duration) error

Shutdown gracefully stops the archiver and flushes pending events. Blocks until all pending events are written or timeout is reached.

type SlogCertLogger added in v0.1.1 

type SlogCertLogger struct {
	// contains filtered or unexported fields
}

SlogCertLogger logs certificate events using structured logging (slog). Works with any slog handler (text, JSON, CloudWatch, etc.).

func NewSlogCertLogger added in v0.1.1 

func NewSlogCertLogger(logger *slog.Logger) *SlogCertLogger

NewSlogCertLogger creates a new certificate logger that emits structured logs.

func (*SlogCertLogger) LogCert added in v0.1.1 

func (l *SlogCertLogger) LogCert(ctx context.Context, event *CertEvent) error

LogCert emits a structured log event with all certificate details.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.