bundle

package
v1.0.2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 18, 2023 License: Apache-2.0 Imports: 24 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type ACMEConfig 

type ACMEConfig struct {
	// DirectoryURL is the ACME directory URL
	DirectoryURL string

	// DomainName is the domain name of the certificate to obtain.
	DomainName string

	// CacheDir is the directory on disk where we cache certificates.
	CacheDir string

	// Email is the email address of the account to register with ACME
	Email string

	// ToSAccepted is whether or not the terms of service have been accepted. If
	// not true, and the provider requires acceptance, then certificate
	// retrieval will fail.
	ToSAccepted bool
}

ACMECache implements a cache for the autocert manager. It makes some simplifying assumptions based on our usage for the bundle endpoint. Namely, it assumes there is going to be a single cache entry, since we only support a single domain. It assumes PEM encoded blocks of data and strips out the private key to be stored in the key manager instead of on disk with the rest of the data.

type Cache 

type Cache struct {
	// contains filtered or unexported fields
}

func NewCache 

func NewCache(ds datastore.DataStore, clk clock.Clock) *Cache

func (*Cache) FetchBundleX509 

func (c *Cache) FetchBundleX509(ctx context.Context, td spiffeid.TrustDomain) (*x509bundle.Bundle, error)

type EndpointConfig 

type EndpointConfig struct {
	// Address is the address on which to serve the federation bundle endpoint.
	Address *net.TCPAddr

	// ACME is the ACME configuration for the bundle endpoint.
	// If unset, the bundle endpoint will use SPIFFE auth.
	ACME *ACMEConfig
}

type Getter 

type Getter interface {
	GetBundle(ctx context.Context) (*bundleutil.Bundle, error)
}

type GetterFunc 

type GetterFunc func(ctx context.Context) (*bundleutil.Bundle, error)

func (GetterFunc) GetBundle 

func (fn GetterFunc) GetBundle(ctx context.Context) (*bundleutil.Bundle, error)

type Server 

type Server struct {
	// contains filtered or unexported fields
}

func NewServer 

func NewServer(config ServerConfig) *Server

func (*Server) ListenAndServe 

func (s *Server) ListenAndServe(ctx context.Context) error

type ServerAuth 

type ServerAuth interface {
	GetTLSConfig() *tls.Config
}

func ACMEAuth 

func ACMEAuth(log logrus.FieldLogger, km keymanager.KeyManager, config ACMEConfig) ServerAuth

func SPIFFEAuth 

func SPIFFEAuth(getter func() ([]*x509.Certificate, crypto.PrivateKey, error)) ServerAuth

type ServerConfig 

type ServerConfig struct {
	Log        logrus.FieldLogger
	Address    string
	Getter     Getter
	ServerAuth ServerAuth
	// contains filtered or unexported fields
}

Source Files

View all Source files

Directories

Path Synopsis
internal
acmetest
nolint // forked code
 nolint // forked code
autocert
nolint // forked code
 nolint // forked code

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.