Documentation
¶
Index ¶
- type Manager
- func (m *Manager) CreateCA(ctx context.Context, req schema.CreateCertRequest) (_ *schema.Cert, err error)
- func (m *Manager) CreateCert(ctx context.Context, req schema.CreateCertRequest, ca schema.CertKey) (_ *schema.Cert, err error)
- func (m *Manager) GetCertChain(ctx context.Context, cert schema.CertKey) (_ []schema.Cert, err error)
- func (m *Manager) GetPrivateKey(ctx context.Context, cert schema.CertKey) (_ *schema.CertWithPrivateKey, err error)
- func (m *Manager) InsertRootCert(ctx context.Context, pemValue string) (_ *schema.Cert, err error)
- func (m *Manager) ListCerts(ctx context.Context, req schema.CertListRequest) (_ *schema.CertList, err error)
- func (m *Manager) RenewCA(ctx context.Context, current schema.CertKey, req schema.RenewCertRequest) (_ *schema.Cert, err error)
- func (m *Manager) RenewCert(ctx context.Context, current schema.CertKey, req schema.RenewCertRequest) (_ *schema.Cert, err error)
- func (m *Manager) UpdateCert(ctx context.Context, cert schema.CertKey, meta schema.CertMeta) (_ *schema.Cert, err error)
- type Opt
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Manager ¶
Manager wraps a database connection pool scoped to the application schema.
func New ¶
New creates a Manager, ensures the schema exists, and bootstraps all database objects from the embedded objects.sql. If schemaName is empty the default schema is used.
func (*Manager) CreateCA ¶
func (m *Manager) CreateCA(ctx context.Context, req schema.CreateCertRequest) (_ *schema.Cert, err error)
CreateCA creates an intermediate certificate authority signed by the stored root certificate. If expiry is zero or negative, DefaultCACertExpiry is used and capped to the remaining validity of the root certificate. If subject is nil, the root certificate subject attributes are reused, but the common name always comes from req.Name.
func (*Manager) CreateCert ¶
func (m *Manager) CreateCert(ctx context.Context, req schema.CreateCertRequest, ca schema.CertKey) (_ *schema.Cert, err error)
CreateCert creates a leaf certificate signed by the explicit non-root CA certificate. If expiry is zero or negative, DefaultCertExpiry is used and capped to the remaining validity of the CA certificate. If subject is nil, the CA certificate subject attributes are reused, but the common name always comes from req.Name.
func (*Manager) GetCertChain ¶
func (m *Manager) GetCertChain(ctx context.Context, cert schema.CertKey) (_ []schema.Cert, err error)
GetCertChain returns the certificate row identified by key together with its issuer chain. PEM encoding is handled separately at the HTTP layer.
func (*Manager) GetPrivateKey ¶
func (m *Manager) GetPrivateKey(ctx context.Context, cert schema.CertKey) (_ *schema.CertWithPrivateKey, err error)
GetPrivateKey returns the exact non-CA certificate row with its private key decrypted for direct use by callers.
func (*Manager) InsertRootCert ¶
InsertRootCert imports and stores the unique root certificate from a PEM bundle containing both the certificate and matching RSA private key.
type Opt ¶
type Opt func(*opt) error
Opt configures a Manager during construction.
func WithPassphrase ¶
WithPassphrase registers an in-memory storage passphrase for a certificate passphrase version. Versions are uint64 and passphrases must be non-empty.
func WithRoot ¶
func WithRoot(key *rsa.PrivateKey, cert *x509.Certificate) Opt
WithRoot imports root certificate and matching RSA private key.
func WithSchema ¶
WithSchema sets the database schema name to use for all queries. If not set the default schema is used.
func WithTracer ¶
WithTracer sets the OpenTelemetry tracer used for manager spans.
Source Files