Documentation ¶
Overview ¶
Store provides certificates with private keys still encrypted (= unusable) DecryptedStore requires KEK (private key) to decrypt the cert private keys
Index ¶
- Constants
- func DecryptedByHostnameSupportingWildcard(hostname string, store *DecryptedStore) (*tls.Certificate, error)
- type CertDetails
- type DecryptedStore
- type ManagedCertificate
- type ManagedCertificateByHostnameFinder
- type Store
- func (c *Store) All() []ManagedCertificate
- func (c *Store) ByHostname(hostname string) *ManagedCertificate
- func (c *Store) ById(id string) *ManagedCertificate
- func (c *Store) GetEventTypes() ehevent.Allocators
- func (c *Store) GetLatestEncryptedConfig() *cbdomain.ConfigUpdated
- func (c *Store) ProcessEvents(_ context.Context, processAndCommit ehreader.EventProcessorHandler) error
- func (c *Store) Version() ehclient.Cursor
- type VersionedByHostnameFinder
Constants ¶
View Source
const (
Stream = "/certbus"
)
Variables ¶
This section is empty.
Functions ¶
func DecryptedByHostnameSupportingWildcard ¶
func DecryptedByHostnameSupportingWildcard(hostname string, store *DecryptedStore) (*tls.Certificate, error)
Types ¶
type CertDetails ¶
type CertDetails struct { NotAfter time.Time `json:"not_after"` CertPemBundle string `json:"cert_pem_bundle"` // "bundle" = contains intermediate cert PrivateKeyEncrypted *encryptedbox.Box `json:"private_key_encrypted"` }
type DecryptedStore ¶
type DecryptedStore struct {
// contains filtered or unexported fields
}
func NewDecryptedStore ¶
func NewDecryptedStore(est VersionedByHostnameFinder, privateKey string) (*DecryptedStore, error)
wraps encrypted store and on-the-fly decrypts (and caches) with our DEK the cert's private keys
func (*DecryptedStore) ByHostname ¶
func (d *DecryptedStore) ByHostname(hostname string) (*tls.Certificate, error)
NOTE: cert can be nil even if error nil
type ManagedCertificate ¶
type ManagedCertificate struct { Id string `json:"id"` Domains []string `json:"domains"` // when wildcard: ["*.domain", "domain"] RenewAt time.Time `json:"renew_at"` Certificate CertDetails `json:"certificate"` ChallengeType string `json:"challenge_type"` }
func ByHostnameSupportingWildcard ¶
func ByHostnameSupportingWildcard(hostname string, store ManagedCertificateByHostnameFinder) *ManagedCertificate
func CertsDueForRenewal ¶
func CertsDueForRenewal(store *Store, now time.Time) []ManagedCertificate
type ManagedCertificateByHostnameFinder ¶
type ManagedCertificateByHostnameFinder interface {
ByHostname(string) *ManagedCertificate
}
type Store ¶
type Store struct {
// contains filtered or unexported fields
}
"aggregate"
func (*Store) All ¶
func (c *Store) All() []ManagedCertificate
func (*Store) ByHostname ¶
func (c *Store) ByHostname(hostname string) *ManagedCertificate
func (*Store) ById ¶
func (c *Store) ById(id string) *ManagedCertificate
func (*Store) GetEventTypes ¶
func (c *Store) GetEventTypes() ehevent.Allocators
func (*Store) GetLatestEncryptedConfig ¶
func (c *Store) GetLatestEncryptedConfig() *cbdomain.ConfigUpdated
func (*Store) ProcessEvents ¶
type VersionedByHostnameFinder ¶
type VersionedByHostnameFinder interface { ManagedCertificateByHostnameFinder Version() ehclient.Cursor }
Click to show internal directories.
Click to hide internal directories.