Search Options

Results per page
Sort
Preferred Languages
Advance

Results 1 - 6 of 6 for signWithCertChain (0.2 sec)

  2. github.com/istio/istio

    security/pkg/pki/ca/mock/fakeca.go 

    	ca.ReceivedIDs = certOpts.SubjectIDs
	if ca.SignErr != nil {
		return nil, ca.SignErr
	}
	return ca.SignedCert, nil
}

// SignWithCertChain returns the SignErr if SignErr is not nil, otherwise, it returns SignedCert and the cert chain.
func (ca *FakeCA) SignWithCertChain(csr []byte, certOpts ca.CertOpts) ([]string, error) {
	if ca.SignErr != nil {
		return nil, ca.SignErr
	}
	cert := ca.SignedCert
    Registered: Fri Jun 14 15:00:06 UTC 2024
    - Last Modified: Fri Dec 03 18:57:19 UTC 2021
    - 2.1K bytes
    - Viewed (0)
  3. github.com/istio/istio

    security/pkg/server/ca/server.go 

    type CertificateAuthority interface {
	// Sign generates a certificate for a workload or CA, from the given CSR and cert opts.
	Sign(csrPEM []byte, opts ca.CertOpts) ([]byte, error)
	// SignWithCertChain is similar to Sign but returns the leaf cert and the entire cert chain.
	SignWithCertChain(csrPEM []byte, opts ca.CertOpts) ([]string, error)
	// GetCAKeyCertBundle returns the KeyCertBundle used by CA.
	GetCAKeyCertBundle() *util.KeyCertBundle
}
    Registered: Fri Jun 14 15:00:06 UTC 2024
    - Last Modified: Tue May 28 17:35:26 UTC 2024
    - 8K bytes
    - Viewed (0)
  4. github.com/istio/istio

    security/pkg/pki/ca/ca.go 

    ) {
	return ca.sign(csrPEM, certOpts.SubjectIDs, certOpts.TTL, true, certOpts.ForCA)
}

// SignWithCertChain is similar to Sign but returns the leaf cert and the entire cert chain.
func (ca *IstioCA) SignWithCertChain(csrPEM []byte, certOpts CertOpts) (
	[]string, error,
) {
	cert, err := ca.signWithCertChain(csrPEM, certOpts.SubjectIDs, certOpts.TTL, true, certOpts.ForCA)
	if err != nil {
		return nil, err
	}
    Registered: Fri Jun 14 15:00:06 UTC 2024
    - Last Modified: Thu Nov 30 19:33:26 UTC 2023
    - 17.2K bytes
    - Viewed (0)
  5. github.com/istio/istio

    security/pkg/pki/ra/k8s_ra.go 

    	if err != nil {
		return nil, err
	}
	certSigner := certOpts.CertSigner

	return r.kubernetesSign(csrPEM, r.raOpts.CaCertFile, certSigner, certOpts.TTL)
}

// SignWithCertChain is similar to Sign but returns the leaf cert and the entire cert chain.
// root cert comes from two sources, order matters:
// 1. Specified in mesh config
// 2. Extract from the cert-chain signed by the CSR signer.
    Registered: Fri Jun 14 15:00:06 UTC 2024
    - Last Modified: Wed Aug 02 14:34:38 UTC 2023
    - 7.2K bytes
    - Viewed (0)
  6. github.com/istio/istio

    security/pkg/pki/ra/k8s_ra_test.go 

    			certOptions := ca.CertOpts{
				SubjectIDs: []string{subjectID},
				TTL:        60 * time.Second, ForCA: false,
				CertSigner: "kube-apiserver-client",
			}
			_, err = ra.SignWithCertChain(csrPEM, certOptions)
			if (tc.expectedFail && err == nil) || (!tc.expectedFail && err != nil) {
				t.Fatalf("expected failure: %t, got %v", tc.expectedFail, err)
			}
			if tc.updatedRootCertForMeshConfig != "" {
    Registered: Fri Jun 14 15:00:06 UTC 2024
    - Last Modified: Wed Sep 27 00:44:54 UTC 2023
    - 9.7K bytes
    - Viewed (0)
  7. github.com/istio/istio

    security/pkg/pki/ca/ca_test.go 

    	if err != nil {
		t.Error(err)
	}

	caCertOpts := CertOpts{
		SubjectIDs: []string{"localhost"},
		TTL:        time.Hour,
		ForCA:      false,
	}
	certPEM, signErr := ca.signWithCertChain(csrPEM, caCertOpts.SubjectIDs, caCertOpts.TTL, true, caCertOpts.ForCA)

	if signErr != nil {
		t.Error(err)
	}

	cert, err := tls.X509KeyPair(certPEM, privPEM)
	if err != nil {
		t.Error(err)
	}
    Registered: Fri Jun 14 15:00:06 UTC 2024
    - Last Modified: Tue Oct 31 08:51:27 UTC 2023
    - 29.1K bytes
    - Viewed (0)
Back to top