credtemplate

package
v1.7.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jul 27, 2023 License: Apache-2.0 Imports: 17 Imported by: 5

Documentation

Index

Constants

View Source 
const (
	// DefaultX509CATTL is the TTL given to X509 CAs if not overridden by
	// the server config.
	DefaultX509CATTL = time.Hour * 24

	// DefaultX509SVIDTTL is the TTL given to X509 SVIDs if not overridden by
	// the server config.
	DefaultX509SVIDTTL = time.Hour

	// DefaultJWTSVIDTTL is the TTL given to JWT SVIDs if a different TTL is
	// not provided in the signing request.
	DefaultJWTSVIDTTL = time.Minute * 5

	// NotBeforeCushion is how much of a cushion to subtract from the current
	// time when determining the notBefore field of certificates to account
	// for clock skew.
	NotBeforeCushion = 10 * time.Second
)

Variables

This section is empty.

Functions

func DefaultX509CASubject 

func DefaultX509CASubject() pkix.Name

DefaultX509CASubject is the default subject set on workload X509SVIDs TODO: This is a historic, but poor, default. We should revisit (see issue #3841).

func DefaultX509SVIDSubject 

func DefaultX509SVIDSubject() pkix.Name

DefaultX509SVIDSubject is the default subject set on workload X509SVIDs TODO: This is a historic, but poor, default. We should revisit (see issue #3841).

Types

type AgentX509SVIDParams 

type AgentX509SVIDParams struct {
	ParentChain []*x509.Certificate
	PublicKey   crypto.PublicKey
	SPIFFEID    spiffeid.ID
}

type Builder 

type Builder struct {
	// contains filtered or unexported fields
}

func NewBuilder 

func NewBuilder(config Config) (*Builder, error)

func (*Builder) BuildAgentX509SVIDTemplate 

func (b *Builder) BuildAgentX509SVIDTemplate(ctx context.Context, params AgentX509SVIDParams) (*x509.Certificate, error)

func (*Builder) BuildDownstreamX509CATemplate 

func (b *Builder) BuildDownstreamX509CATemplate(ctx context.Context, params DownstreamX509CAParams) (*x509.Certificate, error)

func (*Builder) BuildSelfSignedX509CATemplate 

func (b *Builder) BuildSelfSignedX509CATemplate(ctx context.Context, params SelfSignedX509CAParams) (*x509.Certificate, error)

func (*Builder) BuildServerX509SVIDTemplate 

func (b *Builder) BuildServerX509SVIDTemplate(ctx context.Context, params ServerX509SVIDParams) (*x509.Certificate, error)

func (*Builder) BuildUpstreamSignedX509CACSR 

func (b *Builder) BuildUpstreamSignedX509CACSR(ctx context.Context, params UpstreamSignedX509CAParams) (*x509.CertificateRequest, error)

func (*Builder) BuildWorkloadJWTSVIDClaims 

func (b *Builder) BuildWorkloadJWTSVIDClaims(ctx context.Context, params WorkloadJWTSVIDParams) (map[string]interface{}, error)

func (*Builder) BuildWorkloadX509SVIDTemplate 

func (b *Builder) BuildWorkloadX509SVIDTemplate(ctx context.Context, params WorkloadX509SVIDParams) (*x509.Certificate, error)

func (*Builder) Config 

func (b *Builder) Config() Config

type Config 

type Config struct {
	TrustDomain         spiffeid.TrustDomain
	Clock               clock.Clock
	X509CASubject       pkix.Name
	X509CATTL           time.Duration
	X509SVIDSubject     pkix.Name
	X509SVIDTTL         time.Duration
	JWTSVIDTTL          time.Duration
	JWTIssuer           string
	AgentSVIDTTL        time.Duration
	CredentialComposers []credentialcomposer.CredentialComposer
	NewSerialNumber     func() (*big.Int, error)
}

type DownstreamX509CAParams 

type DownstreamX509CAParams struct {
	ParentChain []*x509.Certificate
	PublicKey   crypto.PublicKey
	TTL         time.Duration
}

type SelfSignedX509CAParams 

type SelfSignedX509CAParams struct {
	PublicKey crypto.PublicKey
}

type ServerX509SVIDParams 

type ServerX509SVIDParams struct {
	ParentChain []*x509.Certificate
	PublicKey   crypto.PublicKey
}

type UpstreamSignedX509CAParams 

type UpstreamSignedX509CAParams struct {
	PublicKey crypto.PublicKey
}

type WorkloadJWTSVIDParams 

type WorkloadJWTSVIDParams struct {
	SPIFFEID      spiffeid.ID
	Audience      []string
	TTL           time.Duration
	ExpirationCap time.Time
}

type WorkloadX509SVIDParams 

type WorkloadX509SVIDParams struct {
	ParentChain []*x509.Certificate
	PublicKey   crypto.PublicKey
	SPIFFEID    spiffeid.ID
	DNSNames    []string
	TTL         time.Duration
	Subject     pkix.Name
}

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.