 Documentation
      ¶
      Documentation
      ¶
    
    
  
    
  
    Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type CertificateAuthority ¶
type CertificateAuthority struct {
	Certificate *x509.Certificate
	PrivateKey  crypto.Signer
	Backdate    time.Duration
	Now         func() time.Time
}
    CertificateAuthority implements a certificate authority that supports policy based signing. It's used by the signing controller.
func (*CertificateAuthority) Sign ¶
func (ca *CertificateAuthority) Sign(crDER []byte, policy SigningPolicy) ([]byte, error)
Sign signs a certificate request, applying a SigningPolicy and returns a DER encoded x509 certificate.
type PermissiveSigningPolicy ¶
type PermissiveSigningPolicy struct {
	// TTL is the certificate TTL. It's used to calculate the NotAfter value of
	// the certificate.
	TTL time.Duration
	// Usages are the allowed usages of a certificate.
	Usages []capi.KeyUsage
}
    PermissiveSigningPolicy is the signing policy historically used by the local signer.
- It forwards all SANs from the original signing request.
- It sets allowed usages as configured in the policy.
- It sets NotAfter based on the TTL configured in the policy.
- It zeros all extensions.
- It sets BasicConstraints to true.
- It sets IsCA to false.
type SigningPolicy ¶
type SigningPolicy interface {
	// contains filtered or unexported methods
}
    SigningPolicy validates a CertificateRequest before it's signed by the CertificateAuthority. It may default or otherwise mutate a certificate template.
 Click to show internal directories. 
   Click to hide internal directories.