signer

package
v0.9.2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Aug 20, 2025 License: Apache-2.0 Imports: 14 Imported by: 0

Documentation

Index

Constants

View Source 
const CertificateSignerNameCtxKey ctxKey = "certificate_signer"
View Source 
const DefaultEnrollmentCertExpirySeconds int32 = 60 * 60 * 24 * 7 // 7 days

Variables

View Source 
var (
	NullOrgId            = uuid.MustParse("00000000-0000-0000-0000-000000000000")
	OIDSignerName        = asn1.ObjectIdentifier{1, 3, 6, 1, 4, 1, 99999, 1, 1}
	OIDOrgID             = asn1.ObjectIdentifier{1, 3, 6, 1, 4, 1, 99999, 1, 2}
	OIDDeviceFingerprint = asn1.ObjectIdentifier{1, 3, 6, 1, 4, 1, 99999, 1, 3}
)

Functions

func BootstrapCNFromName 

func BootstrapCNFromName(cfg *ca.Config, name string) string

func CNFromDeviceFingerprint 

func CNFromDeviceFingerprint(cfg *ca.Config, fingerprint string) (string, error)

func DeviceFingerprintFromCN 

func DeviceFingerprintFromCN(cfg *ca.Config, commonName string) (string, error)

func GetSignerNameExtension 

func GetSignerNameExtension(cert *x509.Certificate) (string, error)

func PeerCertificateFromCtx 

func PeerCertificateFromCtx(ctx context.Context) (*x509.Certificate, error)

func WithExtension 

func WithExtension(oid asn1.ObjectIdentifier, value string) certOption

Types

type CA 

type CA interface {
	Config() *ca.Config
	GetSigner(name string) Signer
	PeerCertificateSignerFromCtx(ctx context.Context) Signer
	IssueRequestedClientCertificate(ctx context.Context, csr *x509.CertificateRequest, expirySeconds int, opts ...certOption) ([]byte, error)
	IssueRequestedServerCertificate(ctx context.Context, csr *x509.CertificateRequest, expirySeconds int, opts ...certOption) ([]byte, error)
}

type CASigners 

type CASigners struct {
	// contains filtered or unexported fields
}

func NewCASigners 

func NewCASigners(ca CA) *CASigners

func (*CASigners) GetSigner 

func (s *CASigners) GetSigner(name string) Signer

type RestrictedSigner 

type RestrictedSigner interface {
	RestrictedPrefix() string
}

type Signer 

type Signer interface {
	Name() string
	Verify(ctx context.Context, csr api.CertificateSigningRequest) error
	Sign(ctx context.Context, request api.CertificateSigningRequest) ([]byte, error)
}

func NewClientBootstrap 

func NewClientBootstrap(CAClient CA) Signer

func NewSignerDeviceEnrollment 

func NewSignerDeviceEnrollment(CAClient CA) Signer

func NewSignerDeviceSvcClient 

func NewSignerDeviceSvcClient(CAClient CA) Signer

func NewSignerServerSvc 

func NewSignerServerSvc(CAClient CA) Signer

func WithCSRValidation 

func WithCSRValidation(s Signer) Signer

func WithCertificateReuse 

func WithCertificateReuse(s Signer) Signer

func WithSignerNameExtension 

func WithSignerNameExtension(s func(CA) Signer, ca CA) Signer

func WithSignerNameValidation 

func WithSignerNameValidation(s Signer) Signer

func WithSignerRestrictedPrefixes 

func WithSignerRestrictedPrefixes(restrictedPrefixes map[string]Signer, s Signer) Signer

type SignerClientBootstrap 

type SignerClientBootstrap struct {
	// contains filtered or unexported fields
}

func (*SignerClientBootstrap) Name 

func (s *SignerClientBootstrap) Name() string

func (*SignerClientBootstrap) Sign 

func (s *SignerClientBootstrap) Sign(ctx context.Context, request api.CertificateSigningRequest) ([]byte, error)

func (*SignerClientBootstrap) Verify 

func (s *SignerClientBootstrap) Verify(ctx context.Context, request api.CertificateSigningRequest) error

type SignerDeviceEnrollment 

type SignerDeviceEnrollment struct {
	// contains filtered or unexported fields
}

func (*SignerDeviceEnrollment) Name 

func (s *SignerDeviceEnrollment) Name() string

func (*SignerDeviceEnrollment) RestrictedPrefix 

func (s *SignerDeviceEnrollment) RestrictedPrefix() string

func (*SignerDeviceEnrollment) Sign 

func (s *SignerDeviceEnrollment) Sign(ctx context.Context, request api.CertificateSigningRequest) ([]byte, error)

func (*SignerDeviceEnrollment) Verify 

func (s *SignerDeviceEnrollment) Verify(ctx context.Context, request api.CertificateSigningRequest) error

type SignerDeviceSvcClient 

type SignerDeviceSvcClient struct {
	// contains filtered or unexported fields
}

func (*SignerDeviceSvcClient) Name 

func (s *SignerDeviceSvcClient) Name() string

func (*SignerDeviceSvcClient) Sign 

func (s *SignerDeviceSvcClient) Sign(ctx context.Context, request api.CertificateSigningRequest) ([]byte, error)

func (*SignerDeviceSvcClient) Verify 

func (s *SignerDeviceSvcClient) Verify(ctx context.Context, request api.CertificateSigningRequest) error

type SignerServerSvc 

type SignerServerSvc struct {
	// contains filtered or unexported fields
}

func (*SignerServerSvc) Name 

func (s *SignerServerSvc) Name() string

func (*SignerServerSvc) Sign 

func (s *SignerServerSvc) Sign(ctx context.Context, request api.CertificateSigningRequest) ([]byte, error)

func (*SignerServerSvc) Verify 

func (s *SignerServerSvc) Verify(ctx context.Context, request api.CertificateSigningRequest) error

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.