creds

package
v0.1.7 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Aug 4, 2021 License: Apache-2.0 Imports: 26 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	RsaKeyBits     = 2048
	CertFileSuffix = ".cert"
	KeyFileSuffix  = ".key"
)
View Source 
const (
	KeyBits            = 2048
	MaxValidForSeconds = 7 * 24 * 3600
)

Variables

This section is empty.

Functions

func GenerateSubjectKeyId 

func GenerateSubjectKeyId(pub crypto.PublicKey) ([]byte, error)

GenerateSubjectKeyId generates SubjectKeyId used in Certificate Id is 160-bit SHA-1 hash of the value of the BIT STRING subjectPublicKey

func RandomSerial 

func RandomSerial() (*big.Int, error)

Types

type Credentials 

type Credentials struct {
	Certificate []byte
	PrivateKey  []byte
}

type EncodedUserKeyPair 

type EncodedUserKeyPair struct {
	PublicKeyPEM  []byte
	PrivateKeyPEM []byte
}

type Issuer 

type Issuer struct {
	// contains filtered or unexported fields
}

func NewFromConfig 

func NewFromConfig(role *api.RoleConfig, config *api.Config) (*Issuer, error)

func (*Issuer) IssueFor 

func (i *Issuer) IssueFor(u *api.AuthInfo) ([]api.Cred, error)

type KubeIssuer 

type KubeIssuer struct {
	CAKeypair     *tls.Certificate
	CACert        *x509.Certificate
	CACertEncoded string
	Clock         clockwork.Clock
}

func NewKubeIssuer 

func NewKubeIssuer(certPem, keyPem []byte) (*KubeIssuer, error)

func (*KubeIssuer) GenerateUserKeyPair 

func (issuer *KubeIssuer) GenerateUserKeyPair(cn string, orgs []string, validForSeconds int) (*UserKeyPair, error)

Generate a signed certificate for the specified CN and OrganizationalUnits. These map to the username and roles/groups in kubernetes.

type SSHIssuer 

type SSHIssuer struct {
	Random io.Reader
	Clock  clockwork.Clock
}

func (*SSHIssuer) CreateSignedCertificate 

func (issuer *SSHIssuer) CreateSignedCertificate(ca ssh.Signer, publicKey ssh.PublicKey, privateKey *rsa.PrivateKey, user *UserInfo, extensions map[string]string, options map[string]string) (*Credentials, error)

func (*SSHIssuer) GenerateKeyPair 

func (issuer *SSHIssuer) GenerateKeyPair(user *UserInfo) (ssh.PublicKey, *rsa.PrivateKey, error)

type STSIssuer 

type STSIssuer struct {
	STS     stsiface.STSAPI
	RoleArn string
}

func NewSTSIssuer 

func NewSTSIssuer(STS stsiface.STSAPI, roleArn string) *STSIssuer

func (*STSIssuer) IssueFor 

func (i *STSIssuer) IssueFor(u *api.AuthInfo) ([]api.Cred, error)

type UserInfo 

type UserInfo struct {
	Identity        string
	Principals      []string
	ValidForSeconds int
}

type UserKeyPair 

type UserKeyPair struct {
	PublicKey  []byte
	PrivateKey []byte
}

func (*UserKeyPair) Encode 

func (kp *UserKeyPair) Encode() *EncodedUserKeyPair

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.