import "k8s.io/kubernetes/pkg/controller/certificates/authority"
type CertificateAuthority struct { // RawCert is an optional field to determine if signing cert/key pairs have changed RawCert []byte // RawKey is an optional field to determine if signing cert/key pairs have changed RawKey []byte Certificate *x509.Certificate PrivateKey crypto.Signer Backdate time.Duration Now func() time.Time }
CertificateAuthority implements a certificate authority that supports policy based signing. It's used by the signing controller.
func (ca *CertificateAuthority) Sign(crDER []byte, policy SigningPolicy) ([]byte, error)
Sign signs a certificate request, applying a SigningPolicy and returns a DER encoded x509 certificate.
type PermissiveSigningPolicy struct { // TTL is the certificate TTL. It's used to calculate the NotAfter value of // the certificate. TTL time.Duration // Usages are the allowed usages of a certificate. Usages []capi.KeyUsage }
PermissiveSigningPolicy is the signing policy historically used by the local signer.
* It forwards all SANs from the original signing request. * It sets allowed usages as configured in the policy. * It sets NotAfter based on the TTL configured in the policy. * It zeros all extensions. * It sets BasicConstraints to true. * It sets IsCA to false.
type SigningPolicy interface {
// contains filtered or unexported methods
}
SigningPolicy validates a CertificateRequest before it's signed by the CertificateAuthority. It may default or otherwise mutate a certificate template.
Package authority imports 8 packages (graph) and is imported by 5 packages. Updated 2020-07-07. Refresh now. Tools for package owners.