SYMBOL INDEX (4161 symbols across 333 files) FILE: acme/account.go type Account (line 16) | type Account struct method GetLocation (line 29) | func (a *Account) GetLocation() string { method ToLog (line 37) | func (a *Account) ToLog() (interface{}, error) { method IsValid (line 46) | func (a *Account) IsValid() bool { function KeyToID (line 51) | func KeyToID(jwk *jose.JSONWebKey) (string, error) { type PolicyNames (line 60) | type PolicyNames struct type X509Policy (line 66) | type X509Policy struct type Policy (line 73) | type Policy struct method GetAllowedNameOptions (line 77) | func (p *Policy) GetAllowedNameOptions() *policy.X509NameOptions { method GetDeniedNameOptions (line 87) | func (p *Policy) GetDeniedNameOptions() *policy.X509NameOptions { method AreWildcardNamesAllowed (line 100) | func (p *Policy) AreWildcardNamesAllowed() bool { type ExternalAccountKey (line 108) | type ExternalAccountKey struct method AlreadyBound (line 121) | func (eak *ExternalAccountKey) AlreadyBound() bool { method BindTo (line 127) | func (eak *ExternalAccountKey) BindTo(account *Account) error { FILE: acme/account_test.go function TestKeyToID (line 15) | func TestKeyToID(t *testing.T) { function TestAccount_GetLocation (line 69) | func TestAccount_GetLocation(t *testing.T) { function TestAccount_IsValid (line 86) | func TestAccount_IsValid(t *testing.T) { function TestExternalAccountKey_BindTo (line 102) | func TestExternalAccountKey_BindTo(t *testing.T) { FILE: acme/api/account.go type NewAccountRequest (line 17) | type NewAccountRequest struct method Validate (line 34) | func (n *NewAccountRequest) Validate() error { function validateContacts (line 24) | func validateContacts(cs []string) error { type UpdateAccountRequest (line 42) | type UpdateAccountRequest struct method Validate (line 48) | func (u *UpdateAccountRequest) Validate() error { function getAccountLocationPath (line 73) | func getAccountLocationPath(ctx context.Context, linker acme.Linker, acc... function NewAccount (line 78) | func NewAccount(w http.ResponseWriter, r *http.Request) { function GetOrUpdateAccount (line 170) | func GetOrUpdateAccount(w http.ResponseWriter, r *http.Request) { function logOrdersByAccount (line 219) | func logOrdersByAccount(w http.ResponseWriter, oids []string) { function GetOrdersByAccountID (line 229) | func GetOrdersByAccountID(w http.ResponseWriter, r *http.Request) { FILE: acme/api/account_test.go type fakeProvisioner (line 39) | type fakeProvisioner struct method AuthorizeOrderIdentifier (line 41) | func (*fakeProvisioner) AuthorizeOrderIdentifier(context.Context, prov... method AuthorizeSign (line 44) | func (*fakeProvisioner) AuthorizeSign(context.Context, string) ([]prov... method IsChallengeEnabled (line 47) | func (*fakeProvisioner) IsChallengeEnabled(context.Context, provisione... method IsAttestationFormatEnabled (line 50) | func (*fakeProvisioner) IsAttestationFormatEnabled(context.Context, pr... method GetAttestationRoots (line 53) | func (*fakeProvisioner) GetAttestationRoots() (*x509.CertPool, bool) ... method AuthorizeRevoke (line 54) | func (*fakeProvisioner) AuthorizeRevoke(context.Context, string) error... method GetID (line 55) | func (*fakeProvisioner) GetID() string ... method GetName (line 56) | func (*fakeProvisioner) GetName() string ... method DefaultTLSCertDuration (line 57) | func (*fakeProvisioner) DefaultTLSCertDuration() time.Duration ... method GetOptions (line 58) | func (*fakeProvisioner) GetOptions() *provisioner.Options ... function newProv (line 60) | func newProv() acme.Provisioner { function newProvWithID (line 72) | func newProvWithID() acme.Provisioner { function newProvWithOptions (line 85) | func newProvWithOptions(options *provisioner.Options) acme.Provisioner { function newACMEProv (line 98) | func newACMEProv(t *testing.T) *provisioner.ACME { function newACMEProvWithOptions (line 107) | func newACMEProvWithOptions(t *testing.T, options *provisioner.Options) ... function createEABJWS (line 116) | func createEABJWS(jwk *jose.JSONWebKey, hmacKey []byte, keyID, u string)... function createRawEABJWS (line 157) | func createRawEABJWS(jwk *jose.JSONWebKey, hmacKey []byte, keyID, u stri... function TestNewAccountRequest_Validate (line 167) | func TestNewAccountRequest_Validate(t *testing.T) { function TestUpdateAccountRequest_Validate (line 224) | func TestUpdateAccountRequest_Validate(t *testing.T) { function TestHandler_GetOrdersByAccountID (line 296) | func TestHandler_GetOrdersByAccountID(t *testing.T) { function TestHandler_NewAccount (line 413) | func TestHandler_NewAccount(t *testing.T) { function TestHandler_GetOrUpdateAccount (line 855) | func TestHandler_GetOrUpdateAccount(t *testing.T) { FILE: acme/api/eab.go type ExternalAccountBinding (line 14) | type ExternalAccountBinding struct function validateExternalAccountBinding (line 21) | func validateExternalAccountBinding(ctx context.Context, nar *NewAccount... function keysAreEqual (line 99) | func keysAreEqual(x, y *jose.JSONWebKey) bool { function validateEABJWS (line 118) | func validateEABJWS(ctx context.Context, jws *jose.JSONWebSignature) (st... FILE: acme/api/eab_test.go function Test_keysAreEqual (line 19) | func Test_keysAreEqual(t *testing.T) { function TestHandler_validateExternalAccountBinding (line 78) | func TestHandler_validateExternalAccountBinding(t *testing.T) { function Test_validateEABJWS (line 889) | func Test_validateEABJWS(t *testing.T) { FILE: acme/api/handler.go function link (line 21) | func link(url, typ string) string { type Clock (line 26) | type Clock struct method Now (line 29) | func (c *Clock) Now() time.Time { type payloadInfo (line 35) | type payloadInfo struct type HandlerOptions (line 42) | type HandlerOptions struct type handler (line 78) | type handler struct method Route (line 89) | func (h *handler) Route(r api.Router) { function NewHandler (line 109) | func NewHandler(opts HandlerOptions) api.RouterHandler { function Route (line 118) | func Route(r api.Router) { function route (line 122) | func route(r api.Router, middleware func(next nextHTTP) nextHTTP) { function GetNonce (line 186) | func GetNonce(w http.ResponseWriter, r *http.Request) { type Meta (line 194) | type Meta struct type Directory (line 202) | type Directory struct method ToLog (line 212) | func (d *Directory) ToLog() (interface{}, error) { function GetDirectory (line 222) | func GetDirectory(w http.ResponseWriter, r *http.Request) { function createMetaObject (line 245) | func createMetaObject(p *provisioner.ACME) *Meta { function shouldAddMetaObject (line 259) | func shouldAddMetaObject(p *provisioner.ACME) bool { function NotImplemented (line 276) | func NotImplemented(w http.ResponseWriter, r *http.Request) { function GetAuthorization (line 281) | func GetAuthorization(w http.ResponseWriter, r *http.Request) { function GetChallenge (line 313) | func GetChallenge(w http.ResponseWriter, r *http.Request) { function GetCertificate (line 366) | func GetCertificate(w http.ResponseWriter, r *http.Request) { FILE: acme/api/handler_test.go type mockClient (line 30) | type mockClient struct method Get (line 36) | func (m *mockClient) Get(u string) (*http.Response, error) { return... method LookupTxt (line 37) | func (m *mockClient) LookupTxt(name string) ([]string, error) { return... method TLSDial (line 38) | func (m *mockClient) TLSDial(network, addr string, config *tls.Config)... function mockMustAuthority (line 42) | func mockMustAuthority(t *testing.T, a acme.CertificateAuthority) { function TestHandler_GetNonce (line 53) | func TestHandler_GetNonce(t *testing.T) { function TestHandler_GetDirectory (line 80) | func TestHandler_GetDirectory(t *testing.T) { function TestHandler_GetAuthorization (line 210) | func TestHandler_GetAuthorization(t *testing.T) { function TestHandler_GetCertificate (line 383) | func TestHandler_GetCertificate(t *testing.T) { function TestHandler_GetChallenge (line 520) | func TestHandler_GetChallenge(t *testing.T) { function Test_createMetaObject (line 782) | func Test_createMetaObject(t *testing.T) { FILE: acme/api/middleware.go function logNonce (line 24) | func logNonce(w http.ResponseWriter, nonce string) { function addNonce (line 34) | func addNonce(next nextHTTP) nextHTTP { function addDirLink (line 51) | func addDirLink(next nextHTTP) nextHTTP { function verifyContentType (line 63) | func verifyContentType(next nextHTTP) nextHTTP { function parseJWS (line 97) | func parseJWS(next nextHTTP) nextHTTP { function validateJWS (line 129) | func validateJWS(next nextHTTP) nextHTTP { function extractJWK (line 217) | func extractJWK(next nextHTTP) nextHTTP { function checkPrerequisites (line 269) | func checkPrerequisites(next nextHTTP) nextHTTP { function lookupJWK (line 292) | func lookupJWK(next nextHTTP) nextHTTP { function extractOrLookupJWK (line 374) | func extractOrLookupJWK(next nextHTTP) nextHTTP { function canExtractJWKFrom (line 398) | func canExtractJWKFrom(jws *jose.JSONWebSignature) bool { function verifyAndExtractJWSPayload (line 410) | func verifyAndExtractJWSPayload(next nextHTTP) nextHTTP { function retryVerificationWithPatchedSignatures (line 459) | func retryVerificationWithPatchedSignatures(jws *jose.JSONWebSignature, ... function isPostAsGet (line 550) | func isPostAsGet(next nextHTTP) nextHTTP { type ContextKey (line 567) | type ContextKey constant accContextKey (line 571) | accContextKey = ContextKey("acc") constant jwsContextKey (line 573) | jwsContextKey = ContextKey("jws") constant jwkContextKey (line 575) | jwkContextKey = ContextKey("jwk") constant payloadContextKey (line 577) | payloadContextKey = ContextKey("payload") function accountFromContext (line 582) | func accountFromContext(ctx context.Context) (*acme.Account, error) { function jwkFromContext (line 591) | func jwkFromContext(ctx context.Context) (*jose.JSONWebKey, error) { function jwsFromContext (line 600) | func jwsFromContext(ctx context.Context) (*jose.JSONWebSignature, error) { function provisionerFromContext (line 610) | func provisionerFromContext(ctx context.Context) (acme.Provisioner, erro... function acmeProvisionerFromContext (line 620) | func acmeProvisionerFromContext(ctx context.Context) (*provisioner.ACME,... function payloadFromContext (line 635) | func payloadFromContext(ctx context.Context) (*payloadInfo, error) { FILE: acme/api/middleware_test.go function testNext (line 29) | func testNext(w http.ResponseWriter, _ *http.Request) { function newBaseContext (line 33) | func newBaseContext(ctx context.Context, args ...interface{}) context.Co... function TestHandler_addNonce (line 47) | func TestHandler_addNonce(t *testing.T) { function TestHandler_addDirLink (line 109) | func TestHandler_addDirLink(t *testing.T) { function TestHandler_verifyContentType (line 161) | func TestHandler_verifyContentType(t *testing.T) { function TestHandler_isPostAsGet (line 264) | func TestHandler_isPostAsGet(t *testing.T) { type errReader (line 331) | type errReader method Read (line 333) | func (errReader) Read([]byte) (int, error) { method Close (line 336) | func (errReader) Close() error { function TestHandler_parseJWS (line 340) | func TestHandler_parseJWS(t *testing.T) { function TestHandler_verifyAndExtractJWSPayload (line 420) | func TestHandler_verifyAndExtractJWSPayload(t *testing.T) { function TestHandler_lookupJWK (line 674) | func TestHandler_lookupJWK(t *testing.T) { function TestHandler_extractJWK (line 976) | func TestHandler_extractJWK(t *testing.T) { function TestHandler_validateJWS (line 1175) | func TestHandler_validateJWS(t *testing.T) { function Test_canExtractJWKFrom (line 1550) | func Test_canExtractJWKFrom(t *testing.T) { function TestHandler_extractOrLookupJWK (line 1615) | func TestHandler_extractOrLookupJWK(t *testing.T) { function TestHandler_checkPrerequisites (line 1732) | func TestHandler_checkPrerequisites(t *testing.T) { function Test_retryVerificationWithPatchedSignatures (line 1816) | func Test_retryVerificationWithPatchedSignatures(t *testing.T) { FILE: acme/api/order.go type NewOrderRequest (line 27) | type NewOrderRequest struct method Validate (line 34) | func (n *NewOrderRequest) Validate() error { method validateWireIdentifiers (line 72) | func (n *NewOrderRequest) validateWireIdentifiers() error { method hasWireIdentifiers (line 114) | func (n *NewOrderRequest) hasWireIdentifiers() bool { function identifiersOfType (line 124) | func identifiersOfType(typ acme.IdentifierType, ids []acme.Identifier) (... type FinalizeRequest (line 134) | type FinalizeRequest struct method Validate (line 140) | func (f *FinalizeRequest) Validate() error { function NewOrder (line 166) | func NewOrder(w http.ResponseWriter, r *http.Request) { function isIdentifierAllowed (line 297) | func isIdentifierAllowed(acmePolicy policy.X509Policy, identifier acme.I... function newACMEPolicyEngine (line 304) | func newACMEPolicyEngine(eak *acme.ExternalAccountKey) (policy.X509Polic... function trimIfWildcard (line 312) | func trimIfWildcard(value string) (string, bool) { function newAuthorization (line 319) | func newAuthorization(ctx context.Context, az *acme.Authorization) error { function GetOrder (line 393) | func GetOrder(w http.ResponseWriter, r *http.Request) { function FinalizeOrder (line 436) | func FinalizeOrder(w http.ResponseWriter, r *http.Request) { function challengeTypes (line 497) | func challengeTypes(az *acme.Authorization) []acme.ChallengeType { FILE: acme/api/order_test.go function TestNewOrderRequest_Validate (line 33) | func TestNewOrderRequest_Validate(t *testing.T) { function TestFinalizeRequestValidate (line 263) | func TestFinalizeRequestValidate(t *testing.T) { function TestHandler_GetOrder (line 327) | func TestHandler_GetOrder(t *testing.T) { function TestHandler_newAuthorization (line 557) | func TestHandler_newAuthorization(t *testing.T) { function TestHandler_NewOrder (line 1058) | func TestHandler_NewOrder(t *testing.T) { function TestHandler_FinalizeOrder (line 2375) | func TestHandler_FinalizeOrder(t *testing.T) { function TestHandler_challengeTypes (line 2673) | func TestHandler_challengeTypes(t *testing.T) { function TestTrimIfWildcard (line 2722) | func TestTrimIfWildcard(t *testing.T) { FILE: acme/api/revoke.go type revokePayload (line 23) | type revokePayload struct function RevokeCert (line 29) | func RevokeCert(w http.ResponseWriter, r *http.Request) { function isAccountAuthorized (line 154) | func isAccountAuthorized(_ context.Context, dbCert *acme.Certificate, ce... function wrapRevokeErr (line 180) | func wrapRevokeErr(err error) *acme.Error { function wrapUnauthorizedError (line 190) | func wrapUnauthorizedError(cert *x509.Certificate, unauthorizedIdentifie... function logRevoke (line 213) | func logRevoke(w http.ResponseWriter, ri *authority.RevokeOptions) { function validateReasonCode (line 226) | func validateReasonCode(reasonCode *int) *acme.Error { function revokeOptions (line 240) | func revokeOptions(serial string, certToBeRevoked *x509.Certificate, rea... function reason (line 255) | func reason(reasonCode int) string { function shouldCheckAccountFrom (line 289) | func shouldCheckAccountFrom(jws *jose.JSONWebSignature) bool { FILE: acme/api/revoke_test.go function v (line 40) | func v(v int) *int { function generateSerial (line 44) | func generateSerial() (*big.Int, error) { function generateCertKeyPair (line 49) | func generateCertKeyPair() (*x509.Certificate, crypto.Signer, error) { type keyID (line 87) | type keyID constant noKeyID (line 91) | noKeyID = keyID("") function jwsEncodeJSON (line 106) | func jwsEncodeJSON(claimset interface{}, key crypto.Signer, kid keyID, n... function jwsHasher (line 144) | func jwsHasher(pub crypto.PublicKey) (string, crypto.Hash) { function jwsSign (line 169) | func jwsSign(key crypto.Signer, hash crypto.Hash, digest []byte) ([]byte... function jwsHead (line 196) | func jwsHead(alg, nonce, u string, kid keyID, key crypto.Signer) (string... function jwkEncode (line 220) | func jwkEncode(pub crypto.PublicKey) (string, error) { function jwsFinal (line 261) | func jwsFinal(_ crypto.Hash, sig []byte, phead, payload string) ([]byte,... type mockCA (line 278) | type mockCA struct method SignWithContext (line 285) | func (m *mockCA) SignWithContext(context.Context, *x509.CertificateReq... method AreSANsAllowed (line 289) | func (m *mockCA) AreSANsAllowed(ctx context.Context, sans []string) er... method IsRevoked (line 296) | func (m *mockCA) IsRevoked(sn string) (bool, error) { method Revoke (line 303) | func (m *mockCA) Revoke(ctx context.Context, opts *authority.RevokeOpt... method LoadProvisionerByName (line 310) | func (m *mockCA) LoadProvisionerByName(string) (provisioner.Interface,... method GetBackdate (line 314) | func (m *mockCA) GetBackdate() *time.Duration { function Test_validateReasonCode (line 321) | func Test_validateReasonCode(t *testing.T) { function Test_reason (line 366) | func Test_reason(t *testing.T) { function Test_revokeOptions (line 437) | func Test_revokeOptions(t *testing.T) { function TestHandler_RevokeCert (line 487) | func TestHandler_RevokeCert(t *testing.T) { function TestHandler_isAccountAuthorized (line 1111) | func TestHandler_isAccountAuthorized(t *testing.T) { function Test_wrapUnauthorizedError (line 1245) | func Test_wrapUnauthorizedError(t *testing.T) { FILE: acme/api/wire_integration_test.go constant baseURL (line 41) | baseURL = "test.ca.smallstep.com" constant linkerPrefix (line 42) | linkerPrefix = "acme" function newWireProvisionerWithOptions (line 45) | func newWireProvisionerWithOptions(t *testing.T, options *provisioner.Op... function TestWireIntegration (line 67) | func TestWireIntegration(t *testing.T) { type mockCASigner (line 590) | type mockCASigner struct method SignWithContext (line 594) | func (m *mockCASigner) SignWithContext(_ context.Context, cr *x509.Cer... method AreSANsAllowed (line 601) | func (m *mockCASigner) AreSANsAllowed(ctx context.Context, sans []stri... method IsRevoked (line 605) | func (m *mockCASigner) IsRevoked(sn string) (bool, error) { method Revoke (line 609) | func (m *mockCASigner) Revoke(ctx context.Context, opts *authority.Rev... method LoadProvisionerByName (line 613) | func (m *mockCASigner) LoadProvisionerByName(string) (provisioner.Inte... method GetBackdate (line 617) | func (m *mockCASigner) GetBackdate() *time.Duration { FILE: acme/authorization.go type Authorization (line 10) | type Authorization struct method ToLog (line 24) | func (az *Authorization) ToLog() (interface{}, error) { method UpdateStatus (line 34) | func (az *Authorization) UpdateStatus(ctx context.Context, db DB) error { FILE: acme/authorization_test.go function TestAuthorization_UpdateStatus (line 12) | func TestAuthorization_UpdateStatus(t *testing.T) { FILE: acme/certificate.go type Certificate (line 8) | type Certificate struct FILE: acme/challenge.go type ChallengeType (line 46) | type ChallengeType constant HTTP01 (line 50) | HTTP01 ChallengeType = "http-01" constant DNS01 (line 52) | DNS01 ChallengeType = "dns-01" constant TLSALPN01 (line 54) | TLSALPN01 ChallengeType = "tls-alpn-01" constant DEVICEATTEST01 (line 56) | DEVICEATTEST01 ChallengeType = "device-attest-01" constant WIREOIDC01 (line 58) | WIREOIDC01 ChallengeType = "wire-oidc-01" constant WIREDPOP01 (line 60) | WIREDPOP01 ChallengeType = "wire-dpop-01" type Challenge (line 81) | type Challenge struct method ToLog (line 98) | func (ch *Challenge) ToLog() (interface{}, error) { method Validate (line 109) | func (ch *Challenge) Validate(ctx context.Context, db DB, jwk *jose.JS... function http01Validate (line 140) | func http01Validate(ctx context.Context, ch *Challenge, db DB, jwk *jose... function rootedName (line 192) | func rootedName(name string) string { function http01ChallengeHost (line 205) | func http01ChallengeHost(value string) string { function tlsAlpn01ChallengeHost (line 217) | func tlsAlpn01ChallengeHost(name string) string { function dns01ChallengeHost (line 225) | func dns01ChallengeHost(domain string) string { function tlsAlert (line 229) | func tlsAlert(err error) uint8 { function tlsalpn01Validate (line 240) | func tlsalpn01Validate(ctx context.Context, ch *Challenge, db DB, jwk *j... function dns01Validate (line 359) | func dns01Validate(ctx context.Context, ch *Challenge, db DB, jwk *jose.... type wireOidcPayload (line 402) | type wireOidcPayload struct function wireOIDC01Validate (line 407) | func wireOIDC01Validate(ctx context.Context, ch *Challenge, db WireDB, j... function validateWireOIDCClaims (line 503) | func validateWireOIDCClaims(o *wireprovisioner.OIDCOptions, token *oidc.... type wireDpopPayload (line 532) | type wireDpopPayload struct function wireDPOP01Validate (line 537) | func wireDPOP01Validate(ctx context.Context, ch *Challenge, db WireDB, a... type wireCnf (line 617) | type wireCnf struct type wireAccessToken (line 621) | type wireAccessToken struct type wireDpopJwt (line 632) | type wireDpopJwt struct type wireDpopToken (line 640) | type wireDpopToken type wireVerifyParams (line 642) | type wireVerifyParams struct function parseAndVerifyWireAccessToken (line 654) | func parseAndVerifyWireAccessToken(v wireVerifyParams) (*wireAccessToken... type payloadType (line 783) | type payloadType struct type attestationObject (line 788) | type attestationObject struct function deviceAttest01Validate (line 794) | func deviceAttest01Validate(ctx context.Context, ch *Challenge, db DB, j... type tpmAttestationData (line 973) | type tpmAttestationData struct type coseAlgorithmIdentifier (line 982) | type coseAlgorithmIdentifier constant coseAlgES256 (line 985) | coseAlgES256 = coseAlgorithmIdentifier(-7) constant coseAlgRS256 (line 986) | coseAlgRS256 = coseAlgorithmIdentifier(-257) constant coseAlgRS1 (line 987) | coseAlgRS1 = coseAlgorithmIdentifier(-65535) function doTPMAttestationFormat (line 990) | func doTPMAttestationFormat(_ context.Context, prov Provisioner, ch *Cha... function validateAKCertificate (line 1205) | func validateAKCertificate(c *x509.Certificate) error { function validateAKCertificateSubjectAlternativeNames (line 1223) | func validateAKCertificateSubjectAlternativeNames(c *x509.Certificate) e... function validateAKCertificateExtendedKeyUsage (line 1246) | func validateAKCertificateExtendedKeyUsage(c *x509.Certificate) error { constant appleEnterpriseAttestationRootCA (line 1269) | appleEnterpriseAttestationRootCA = `-----BEGIN CERTIFICATE----- type appleAttestationData (line 1291) | type appleAttestationData struct function doAppleAttestationFormat (line 1300) | func doAppleAttestationFormat(_ context.Context, prov Provisioner, _ *Ch... constant yubicoPIVRootCA (line 1375) | yubicoPIVRootCA = `-----BEGIN CERTIFICATE----- constant yubicoAttestationRootCA (line 1397) | yubicoAttestationRootCA = `-----BEGIN CERTIFICATE----- type stepAttestationData (line 1427) | type stepAttestationData struct function doStepAttestationFormat (line 1433) | func doStepAttestationFormat(_ context.Context, prov Provisioner, ch *Ch... function searchSerialNumber (line 1546) | func searchSerialNumber(cert *x509.Certificate) (string, error) { function serverName (line 1576) | func serverName(ch *Challenge) string { function reverseAddr (line 1587) | func reverseAddr(ip net.IP) (arpa string) { function uitoa (line 1608) | func uitoa(val uint) string { constant hexit (line 1625) | hexit = "0123456789abcdef" function KeyAuthorization (line 1629) | func KeyAuthorization(token string, jwk *jose.JSONWebKey) (string, error) { function storeError (line 1639) | func storeError(ctx context.Context, db DB, ch *Challenge, markInvalid b... FILE: acme/challenge_test.go type mockClient (line 48) | type mockClient struct method Get (line 54) | func (m *mockClient) Get(url string) (*http.Response, error) { return... method LookupTxt (line 55) | func (m *mockClient) LookupTxt(name string) ([]string, error) { return... method TLSDial (line 56) | func (m *mockClient) TLSDial(network, addr string, tlsConfig *tls.Conf... function fatalError (line 60) | func fatalError(t *testing.T, err error) { function mustNonAttestationProvisioner (line 67) | func mustNonAttestationProvisioner(t *testing.T) Provisioner { function mustAttestationProvisioner (line 84) | func mustAttestationProvisioner(t *testing.T, roots []byte) Provisioner { function mustAccountAndKeyAuthorization (line 101) | func mustAccountAndKeyAuthorization(t *testing.T, token string) (*jose.J... function mustAttestApple (line 112) | func mustAttestApple(t *testing.T, nonce string) ([]byte, *x509.Certific... function mustAttestYubikey (line 155) | func mustAttestYubikey(t *testing.T, _, keyAuthorization string, serial ... type stepManagedDevice (line 205) | type stepManagedDevice struct function mustAttestStepManagedDeviceID (line 209) | func mustAttestStepManagedDeviceID(t *testing.T, _, keyAuthorization, se... function newWireProvisionerWithOptions (line 259) | func newWireProvisionerWithOptions(t *testing.T, options *provisioner.Op... function Test_storeError (line 278) | func Test_storeError(t *testing.T) { function TestKeyAuthorization (line 421) | func TestKeyAuthorization(t *testing.T) { function TestChallenge_Validate (line 477) | func TestChallenge_Validate(t *testing.T) { function mustJWKServer (line 1465) | func mustJWKServer(t *testing.T, pub jose.JSONWebKey) *httptest.Server { type errReader (line 1503) | type errReader method Read (line 1505) | func (errReader) Read([]byte) (int, error) { method Close (line 1508) | func (errReader) Close() error { function TestHTTP01Validate (line 1512) | func TestHTTP01Validate(t *testing.T) { function TestDNS01Validate (line 1904) | func TestDNS01Validate(t *testing.T) { type tlsDialer (line 2205) | type tlsDialer function newTestTLSALPNServer (line 2207) | func newTestTLSALPNServer(validationCert *tls.Certificate, opts ...func(... type noopConn (line 2246) | type noopConn struct method Read (line 2248) | func (c *noopConn) Read(_ []byte) (n int, err error) { return 0, io.E... method Write (line 2249) | func (c *noopConn) Write(_ []byte) (n int, err error) { return 0, io.E... method Close (line 2250) | func (c *noopConn) Close() error { return nil } method LocalAddr (line 2251) | func (c *noopConn) LocalAddr() net.Addr { return &net.IP... method RemoteAddr (line 2252) | func (c *noopConn) RemoteAddr() net.Addr { return &net.IP... method SetDeadline (line 2253) | func (c *noopConn) SetDeadline(time.Time) error { return nil } method SetReadDeadline (line 2254) | func (c *noopConn) SetReadDeadline(time.Time) error { return nil } method SetWriteDeadline (line 2255) | func (c *noopConn) SetWriteDeadline(time.Time) error { return nil } function newTLSALPNValidationCert (line 2257) | func newTLSALPNValidationCert(keyAuthHash []byte, obsoleteOID, critical ... function TestTLSALPN01Validate (line 2304) | func TestTLSALPN01Validate(t *testing.T) { function Test_reverseAddr (line 3303) | func Test_reverseAddr(t *testing.T) { function Test_serverName (line 3336) | func Test_serverName(t *testing.T) { function Test_http01ChallengeHost (line 3382) | func Test_http01ChallengeHost(t *testing.T) { function Test_doAppleAttestationFormat (line 3438) | func Test_doAppleAttestationFormat(t *testing.T) { function Test_doStepAttestationFormat (line 3555) | func Test_doStepAttestationFormat(t *testing.T) { function Test_doStepAttestationFormat_noCAIntermediate (line 3808) | func Test_doStepAttestationFormat_noCAIntermediate(t *testing.T) { function Test_deviceAttest01Validate (line 3902) | func Test_deviceAttest01Validate(t *testing.T) { function generateValidAKCertificate (line 4939) | func generateValidAKCertificate(t *testing.T) *x509.Certificate { function Test_validateAKCertificate (line 4965) | func Test_validateAKCertificate(t *testing.T) { function Test_validateAKCertificateSubjectAlternativeNames (line 5023) | func Test_validateAKCertificateSubjectAlternativeNames(t *testing.T) { function Test_validateAKCertificateExtendedKeyUsage (line 5104) | func Test_validateAKCertificateExtendedKeyUsage(t *testing.T) { function createSubjectAltNameExtension (line 5161) | func createSubjectAltNameExtension(dnsNames, emailAddresses x509util.Mul... function Test_tlsAlpn01ChallengeHost (line 5231) | func Test_tlsAlpn01ChallengeHost(t *testing.T) { function Test_dns01ChallengeHost (line 5260) | func Test_dns01ChallengeHost(t *testing.T) { FILE: acme/challenge_tpmsimulator_test.go function newSimulatedTPM (line 33) | func newSimulatedTPM(t *testing.T) *tpm.TPM { function withSimulator (line 41) | func withSimulator(t *testing.T) tpm.NewTPMOption { function generateKeyID (line 58) | func generateKeyID(t *testing.T, pub crypto.PublicKey) []byte { function mustAttestTPM (line 66) | func mustAttestTPM(t *testing.T, keyAuthorization string, permanentIdent... function Test_deviceAttest01ValidateWithTPMSimulator (line 171) | func Test_deviceAttest01ValidateWithTPMSimulator(t *testing.T) { function newBadAttestationStatementError (line 406) | func newBadAttestationStatementError(msg string) *Error { function newInternalServerError (line 414) | func newInternalServerError(msg string) *Error { function Test_doTPMAttestationFormat (line 427) | func Test_doTPMAttestationFormat(t *testing.T) { FILE: acme/challenge_wire_test.go function Test_wireDPOP01Validate (line 25) | func Test_wireDPOP01Validate(t *testing.T) { function Test_wireOIDC01Validate (line 1078) | func Test_wireOIDC01Validate(t *testing.T) { function Test_parseAndVerifyWireAccessToken (line 2125) | func Test_parseAndVerifyWireAccessToken(t *testing.T) { function Test_validateWireOIDCClaims (line 2197) | func Test_validateWireOIDCClaims(t *testing.T) { function createWireOptions (line 2247) | func createWireOptions(t *testing.T, transformTemplate string) *wireprov... function Test_idTokenTransformation (line 2277) | func Test_idTokenTransformation(t *testing.T) { FILE: acme/client.go type Client (line 12) | type Client interface type clientKey (line 24) | type clientKey struct function NewClientContext (line 27) | func NewClientContext(ctx context.Context, c Client) context.Context { function ClientFromContext (line 32) | func ClientFromContext(ctx context.Context) (c Client, ok bool) { function MustClientFromContext (line 39) | func MustClientFromContext(ctx context.Context) Client { type client (line 47) | type client struct method Get (line 71) | func (c *client) Get(url string) (*http.Response, error) { method LookupTxt (line 75) | func (c *client) LookupTxt(name string) ([]string, error) { method TLSDial (line 79) | func (c *client) TLSDial(network, addr string, config *tls.Config) (*t... function NewClient (line 53) | func NewClient() Client { FILE: acme/common.go type Clock (line 13) | type Clock struct method Now (line 16) | func (c *Clock) Now() time.Time { type CertificateAuthority (line 23) | type CertificateAuthority interface function NewContext (line 33) | func NewContext(ctx context.Context, db DB, client Client, linker Linker... type PrerequisitesChecker (line 46) | type PrerequisitesChecker function DefaultPrerequisitesChecker (line 50) | func DefaultPrerequisitesChecker(context.Context) (bool, error) { type prerequisitesKey (line 54) | type prerequisitesKey struct function NewPrerequisitesCheckerContext (line 58) | func NewPrerequisitesCheckerContext(ctx context.Context, fn Prerequisite... function PrerequisitesCheckerFromContext (line 64) | func PrerequisitesCheckerFromContext(ctx context.Context) (Prerequisites... type Provisioner (line 71) | type Provisioner interface type provisionerKey (line 84) | type provisionerKey struct function NewProvisionerContext (line 87) | func NewProvisionerContext(ctx context.Context, v Provisioner) context.C... function ProvisionerFromContext (line 92) | func ProvisionerFromContext(ctx context.Context) (v Provisioner, ok bool) { function MustProvisionerFromContext (line 99) | func MustProvisionerFromContext(ctx context.Context) Provisioner { type MockProvisioner (line 111) | type MockProvisioner struct method GetName (line 127) | func (m *MockProvisioner) GetName() string { method AuthorizeOrderIdentifier (line 135) | func (m *MockProvisioner) AuthorizeOrderIdentifier(ctx context.Context... method AuthorizeSign (line 143) | func (m *MockProvisioner) AuthorizeSign(ctx context.Context, ott strin... method AuthorizeRevoke (line 151) | func (m *MockProvisioner) AuthorizeRevoke(ctx context.Context, token s... method IsChallengeEnabled (line 159) | func (m *MockProvisioner) IsChallengeEnabled(ctx context.Context, chal... method IsAttestationFormatEnabled (line 167) | func (m *MockProvisioner) IsAttestationFormatEnabled(ctx context.Conte... method GetAttestationRoots (line 174) | func (m *MockProvisioner) GetAttestationRoots() (*x509.CertPool, bool) { method DefaultTLSCertDuration (line 182) | func (m *MockProvisioner) DefaultTLSCertDuration() time.Duration { method GetOptions (line 190) | func (m *MockProvisioner) GetOptions() *provisioner.Options { method GetID (line 198) | func (m *MockProvisioner) GetID() string { FILE: acme/db.go function IsErrNotFound (line 18) | func IsErrNotFound(err error) bool { type DB (line 23) | type DB interface type WireDB (line 63) | type WireDB interface type dbKey (line 72) | type dbKey struct function NewDatabaseContext (line 75) | func NewDatabaseContext(ctx context.Context, db DB) context.Context { function DatabaseFromContext (line 80) | func DatabaseFromContext(ctx context.Context) (db DB, ok bool) { function MustDatabaseFromContext (line 87) | func MustDatabaseFromContext(ctx context.Context) DB { type MockDB (line 100) | type MockDB struct method CreateAccount (line 152) | func (m *MockDB) CreateAccount(ctx context.Context, acc *Account) error { method GetAccount (line 162) | func (m *MockDB) GetAccount(ctx context.Context, id string) (*Account,... method GetAccountByKeyID (line 172) | func (m *MockDB) GetAccountByKeyID(ctx context.Context, kid string) (*... method UpdateAccount (line 182) | func (m *MockDB) UpdateAccount(ctx context.Context, acc *Account) error { method CreateExternalAccountKey (line 192) | func (m *MockDB) CreateExternalAccountKey(ctx context.Context, provisi... method GetExternalAccountKey (line 202) | func (m *MockDB) GetExternalAccountKey(ctx context.Context, provisione... method GetExternalAccountKeys (line 212) | func (m *MockDB) GetExternalAccountKeys(ctx context.Context, provision... method GetExternalAccountKeyByReference (line 222) | func (m *MockDB) GetExternalAccountKeyByReference(ctx context.Context,... method GetExternalAccountKeyByAccountID (line 232) | func (m *MockDB) GetExternalAccountKeyByAccountID(ctx context.Context,... method DeleteExternalAccountKey (line 242) | func (m *MockDB) DeleteExternalAccountKey(ctx context.Context, provisi... method UpdateExternalAccountKey (line 252) | func (m *MockDB) UpdateExternalAccountKey(ctx context.Context, provisi... method CreateNonce (line 262) | func (m *MockDB) CreateNonce(ctx context.Context) (Nonce, error) { method DeleteNonce (line 272) | func (m *MockDB) DeleteNonce(ctx context.Context, nonce Nonce) error { method CreateAuthorization (line 282) | func (m *MockDB) CreateAuthorization(ctx context.Context, az *Authoriz... method GetAuthorization (line 292) | func (m *MockDB) GetAuthorization(ctx context.Context, id string) (*Au... method UpdateAuthorization (line 302) | func (m *MockDB) UpdateAuthorization(ctx context.Context, az *Authoriz... method GetAuthorizationsByAccountID (line 312) | func (m *MockDB) GetAuthorizationsByAccountID(ctx context.Context, acc... method CreateCertificate (line 322) | func (m *MockDB) CreateCertificate(ctx context.Context, cert *Certific... method GetCertificate (line 332) | func (m *MockDB) GetCertificate(ctx context.Context, id string) (*Cert... method GetCertificateBySerial (line 342) | func (m *MockDB) GetCertificateBySerial(ctx context.Context, serial st... method CreateChallenge (line 352) | func (m *MockDB) CreateChallenge(ctx context.Context, ch *Challenge) e... method GetChallenge (line 362) | func (m *MockDB) GetChallenge(ctx context.Context, chID, azID string) ... method UpdateChallenge (line 372) | func (m *MockDB) UpdateChallenge(ctx context.Context, ch *Challenge) e... method CreateOrder (line 382) | func (m *MockDB) CreateOrder(ctx context.Context, o *Order) error { method GetOrder (line 392) | func (m *MockDB) GetOrder(ctx context.Context, id string) (*Order, err... method UpdateOrder (line 402) | func (m *MockDB) UpdateOrder(ctx context.Context, o *Order) error { method GetOrdersByAccountID (line 412) | func (m *MockDB) GetOrdersByAccountID(ctx context.Context, accID strin... type MockWireDB (line 142) | type MockWireDB struct method GetAllOrdersByAccountID (line 422) | func (m *MockWireDB) GetAllOrdersByAccountID(ctx context.Context, acco... method GetDpopToken (line 432) | func (m *MockWireDB) GetDpopToken(ctx context.Context, orderID string)... method CreateDpopToken (line 442) | func (m *MockWireDB) CreateDpopToken(ctx context.Context, orderID stri... method GetOidcToken (line 450) | func (m *MockWireDB) GetOidcToken(ctx context.Context, orderID string)... method CreateOidcToken (line 460) | func (m *MockWireDB) CreateOidcToken(ctx context.Context, orderID stri... FILE: acme/db/nosql/account.go type dbAccount (line 15) | type dbAccount struct method clone (line 27) | func (dba *dbAccount) clone() *dbAccount { method getAccountIDByKeyID (line 32) | func (db *DB) getAccountIDByKeyID(_ context.Context, kid string) (string... method getDBAccount (line 44) | func (db *DB) getDBAccount(_ context.Context, id string) (*dbAccount, er... method GetAccount (line 61) | func (db *DB) GetAccount(ctx context.Context, id string) (*acme.Account,... method GetAccountByKeyID (line 79) | func (db *DB) GetAccountByKeyID(ctx context.Context, kid string) (*acme.... method CreateAccount (line 88) | func (db *DB) CreateAccount(ctx context.Context, acc *acme.Account) error { method UpdateAccount (line 129) | func (db *DB) UpdateAccount(ctx context.Context, acc *acme.Account) error { FILE: acme/db/nosql/account_test.go function TestDB_getDBAccount (line 18) | func TestDB_getDBAccount(t *testing.T) { function TestDB_getAccountIDByKeyID (line 126) | func TestDB_getAccountIDByKeyID(t *testing.T) { function TestDB_GetAccount (line 200) | func TestDB_GetAccount(t *testing.T) { function TestDB_GetAccountByKeyID (line 283) | func TestDB_GetAccountByKeyID(t *testing.T) { function TestDB_CreateAccount (line 389) | func TestDB_CreateAccount(t *testing.T) { function TestDB_UpdateAccount (line 553) | func TestDB_UpdateAccount(t *testing.T) { FILE: acme/db/nosql/authz.go type dbAuthz (line 14) | type dbAuthz struct method clone (line 28) | func (ba *dbAuthz) clone() *dbAuthz { method getDBAuthz (line 35) | func (db *DB) getDBAuthz(_ context.Context, id string) (*dbAuthz, error) { method GetAuthorization (line 52) | func (db *DB) GetAuthorization(ctx context.Context, id string) (*acme.Au... method CreateAuthorization (line 80) | func (db *DB) CreateAuthorization(ctx context.Context, az *acme.Authoriz... method UpdateAuthorization (line 110) | func (db *DB) UpdateAuthorization(ctx context.Context, az *acme.Authoriz... method GetAuthorizationsByAccountID (line 124) | func (db *DB) GetAuthorizationsByAccountID(_ context.Context, accountID ... FILE: acme/db/nosql/authz_test.go function TestDB_getDBAuthz (line 19) | func TestDB_getDBAuthz(t *testing.T) { function TestDB_GetAuthorization (line 133) | func TestDB_GetAuthorization(t *testing.T) { function TestDB_CreateAuthorization (line 330) | func TestDB_CreateAuthorization(t *testing.T) { function TestDB_UpdateAuthorization (line 460) | func TestDB_UpdateAuthorization(t *testing.T) { function TestDB_GetAuthorizationsByAccountID (line 623) | func TestDB_GetAuthorizationsByAccountID(t *testing.T) { FILE: acme/db/nosql/certificate.go type dbCert (line 15) | type dbCert struct type dbSerial (line 24) | type dbSerial struct method CreateCertificate (line 30) | func (db *DB) CreateCertificate(ctx context.Context, cert *acme.Certific... method GetCertificate (line 72) | func (db *DB) GetCertificate(_ context.Context, id string) (*acme.Certif... method GetCertificateBySerial (line 100) | func (db *DB) GetCertificateBySerial(ctx context.Context, serial string)... function parseBundle (line 116) | func parseBundle(b []byte) ([]*x509.Certificate, error) { FILE: acme/db/nosql/certificate_test.go function TestDB_CreateCertificate (line 22) | func TestDB_CreateCertificate(t *testing.T) { function TestDB_GetCertificate (line 134) | func TestDB_GetCertificate(t *testing.T) { function Test_parseBundle (line 278) | func Test_parseBundle(t *testing.T) { function TestDB_GetCertificateBySerial (line 340) | func TestDB_GetCertificateBySerial(t *testing.T) { FILE: acme/db/nosql/challenge.go type dbChallenge (line 15) | type dbChallenge struct method clone (line 28) | func (dbc *dbChallenge) clone() *dbChallenge { method getDBChallenge (line 33) | func (db *DB) getDBChallenge(_ context.Context, id string) (*dbChallenge... method CreateChallenge (line 50) | func (db *DB) CreateChallenge(ctx context.Context, ch *acme.Challenge) e... method GetChallenge (line 73) | func (db *DB) GetChallenge(ctx context.Context, id, authzID string) (*ac... method UpdateChallenge (line 95) | func (db *DB) UpdateChallenge(ctx context.Context, ch *acme.Challenge) e... FILE: acme/db/nosql/challenge_test.go function TestDB_getDBChallenge (line 17) | func TestDB_getDBChallenge(t *testing.T) { function TestDB_CreateChallenge (line 125) | func TestDB_CreateChallenge(t *testing.T) { function TestDB_GetChallenge (line 221) | func TestDB_GetChallenge(t *testing.T) { function TestDB_UpdateChallenge (line 317) | func TestDB_UpdateChallenge(t *testing.T) { FILE: acme/db/nosql/eab.go type dbExternalAccountKey (line 22) | type dbExternalAccountKey struct type dbExternalAccountKeyReference (line 32) | type dbExternalAccountKeyReference struct method getDBExternalAccountKey (line 38) | func (db *DB) getDBExternalAccountKey(_ context.Context, id string) (*db... method CreateExternalAccountKey (line 56) | func (db *DB) CreateExternalAccountKey(ctx context.Context, provisionerI... method GetExternalAccountKey (line 109) | func (db *DB) GetExternalAccountKey(ctx context.Context, provisionerID, ... method DeleteExternalAccountKey (line 133) | func (db *DB) DeleteExternalAccountKey(ctx context.Context, provisionerI... method GetExternalAccountKeys (line 162) | func (db *DB) GetExternalAccountKeys(ctx context.Context, provisionerID,... method GetExternalAccountKeyByReference (line 209) | func (db *DB) GetExternalAccountKeyByReference(ctx context.Context, prov... method GetExternalAccountKeyByAccountID (line 232) | func (db *DB) GetExternalAccountKeyByAccountID(context.Context, string, ... method UpdateExternalAccountKey (line 237) | func (db *DB) UpdateExternalAccountKey(ctx context.Context, provisionerI... method addEAKID (line 271) | func (db *DB) addEAKID(ctx context.Context, provisionerID, eakID string)... method deleteEAKID (line 322) | func (db *DB) deleteEAKID(ctx context.Context, provisionerID, eakID stri... function referenceKey (line 360) | func referenceKey(provisionerID, reference string) string { function sliceIndex (line 365) | func sliceIndex(slice []string, item string) int { function removeElement (line 376) | func removeElement(slice []string, item string) []string { FILE: acme/db/nosql/eab_test.go function TestDB_getDBExternalAccountKey (line 19) | func TestDB_getDBExternalAccountKey(t *testing.T) { function TestDB_GetExternalAccountKey (line 123) | func TestDB_GetExternalAccountKey(t *testing.T) { function TestDB_GetExternalAccountKeyByReference (line 240) | func TestDB_GetExternalAccountKeyByReference(t *testing.T) { function TestDB_GetExternalAccountKeys (line 404) | func TestDB_GetExternalAccountKeys(t *testing.T) { function TestDB_DeleteExternalAccountKey (line 614) | func TestDB_DeleteExternalAccountKey(t *testing.T) { function TestDB_CreateExternalAccountKey (line 906) | func TestDB_CreateExternalAccountKey(t *testing.T) { function TestDB_UpdateExternalAccountKey (line 1072) | func TestDB_UpdateExternalAccountKey(t *testing.T) { function TestDB_addEAKID (line 1247) | func TestDB_addEAKID(t *testing.T) { function TestDB_deleteEAKID (line 1405) | func TestDB_deleteEAKID(t *testing.T) { function TestDB_addAndDeleteEAKID (line 1539) | func TestDB_addAndDeleteEAKID(t *testing.T) { function Test_removeElement (line 1673) | func Test_removeElement(t *testing.T) { FILE: acme/db/nosql/nonce.go type dbNonce (line 15) | type dbNonce struct method CreateNonce (line 23) | func (db *DB) CreateNonce(ctx context.Context) (acme.Nonce, error) { method DeleteNonce (line 42) | func (db *DB) DeleteNonce(_ context.Context, nonce acme.Nonce) error { FILE: acme/db/nosql/nonce_test.go function TestDB_CreateNonce (line 17) | func TestDB_CreateNonce(t *testing.T) { function TestDB_DeleteNonce (line 84) | func TestDB_DeleteNonce(t *testing.T) { FILE: acme/db/nosql/nosql.go type DB (line 31) | type DB struct method save (line 53) | func (db *DB) save(_ context.Context, id string, nu, old interface{}, ... function New (line 36) | func New(db nosqlDB.DB) (*DB, error) { function randID (line 89) | func randID() (val string, err error) { type Clock (line 98) | type Clock struct method Now (line 101) | func (c *Clock) Now() time.Time { FILE: acme/db/nosql/nosql_test.go function TestNew (line 13) | func TestNew(t *testing.T) { type errorThrower (line 49) | type errorThrower method MarshalJSON (line 51) | func (et errorThrower) MarshalJSON() ([]byte, error) { function TestDB_save (line 55) | func TestDB_save(t *testing.T) { FILE: acme/db/nosql/order.go type dbOrder (line 17) | type dbOrder struct method clone (line 32) | func (a *dbOrder) clone() *dbOrder { method getDBOrder (line 38) | func (db *DB) getDBOrder(_ context.Context, id string) (*dbOrder, error) { method GetOrder (line 53) | func (db *DB) GetOrder(ctx context.Context, id string) (*acme.Order, err... method CreateOrder (line 77) | func (db *DB) CreateOrder(ctx context.Context, o *acme.Order) error { method UpdateOrder (line 109) | func (db *DB) UpdateOrder(ctx context.Context, o *acme.Order) error { method updateAddOrderIDs (line 124) | func (db *DB) updateAddOrderIDs(ctx context.Context, accID string, inclu... method GetOrdersByAccountID (line 187) | func (db *DB) GetOrdersByAccountID(ctx context.Context, accID string) ([... method GetAllOrdersByAccountID (line 192) | func (db *DB) GetAllOrdersByAccountID(ctx context.Context, accID string)... FILE: acme/db/nosql/order_test.go function TestDB_getDBOrder (line 18) | func TestDB_getDBOrder(t *testing.T) { function TestDB_GetOrder (line 136) | func TestDB_GetOrder(t *testing.T) { function TestDB_UpdateOrder (line 240) | func TestDB_UpdateOrder(t *testing.T) { function TestDB_CreateOrder (line 382) | func TestDB_CreateOrder(t *testing.T) { function TestDB_updateAddOrderIDs (line 570) | func TestDB_updateAddOrderIDs(t *testing.T) { FILE: acme/db/nosql/wire.go type dbDpopToken (line 13) | type dbDpopToken struct method getDBDpopToken (line 20) | func (db *DB) getDBDpopToken(_ context.Context, orderID string) (*dbDpop... method GetDpopToken (line 37) | func (db *DB) GetDpopToken(ctx context.Context, orderID string) (map[str... method CreateDpopToken (line 50) | func (db *DB) CreateDpopToken(ctx context.Context, orderID string, dpop ... type dbOidcToken (line 68) | type dbOidcToken struct method getDBOidcToken (line 75) | func (db *DB) getDBOidcToken(_ context.Context, orderID string) (*dbOidc... method GetOidcToken (line 92) | func (db *DB) GetOidcToken(ctx context.Context, orderID string) (map[str... method CreateOidcToken (line 105) | func (db *DB) CreateOidcToken(ctx context.Context, orderID string, idTok... FILE: acme/db/nosql/wire_test.go function TestDB_GetDpopToken (line 17) | func TestDB_GetDpopToken(t *testing.T) { function TestDB_CreateDpopToken (line 127) | func TestDB_CreateDpopToken(t *testing.T) { function TestDB_GetOidcToken (line 205) | func TestDB_GetOidcToken(t *testing.T) { function TestDB_CreateOidcToken (line 316) | func TestDB_CreateOidcToken(t *testing.T) { FILE: acme/db_test.go function TestIsErrNotFound (line 10) | func TestIsErrNotFound(t *testing.T) { FILE: acme/errors.go type ProblemType (line 13) | type ProblemType method String (line 72) | func (ap ProblemType) String() string { constant ErrorAccountDoesNotExistType (line 17) | ErrorAccountDoesNotExistType ProblemType = iota constant ErrorAlreadyRevokedType (line 19) | ErrorAlreadyRevokedType constant ErrorBadAttestationStatementType (line 21) | ErrorBadAttestationStatementType constant ErrorBadCSRType (line 23) | ErrorBadCSRType constant ErrorBadNonceType (line 25) | ErrorBadNonceType constant ErrorBadPublicKeyType (line 27) | ErrorBadPublicKeyType constant ErrorBadRevocationReasonType (line 29) | ErrorBadRevocationReasonType constant ErrorBadSignatureAlgorithmType (line 31) | ErrorBadSignatureAlgorithmType constant ErrorCaaType (line 33) | ErrorCaaType constant ErrorCompoundType (line 35) | ErrorCompoundType constant ErrorConnectionType (line 37) | ErrorConnectionType constant ErrorDNSType (line 39) | ErrorDNSType constant ErrorExternalAccountRequiredType (line 41) | ErrorExternalAccountRequiredType constant ErrorIncorrectResponseType (line 43) | ErrorIncorrectResponseType constant ErrorInvalidContactType (line 45) | ErrorInvalidContactType constant ErrorMalformedType (line 47) | ErrorMalformedType constant ErrorOrderNotReadyType (line 49) | ErrorOrderNotReadyType constant ErrorRateLimitedType (line 51) | ErrorRateLimitedType constant ErrorRejectedIdentifierType (line 53) | ErrorRejectedIdentifierType constant ErrorServerInternalType (line 55) | ErrorServerInternalType constant ErrorTLSType (line 57) | ErrorTLSType constant ErrorUnauthorizedType (line 59) | ErrorUnauthorizedType constant ErrorUnsupportedContactType (line 61) | ErrorUnsupportedContactType constant ErrorUnsupportedIdentifierType (line 63) | ErrorUnsupportedIdentifierType constant ErrorUserActionRequiredType (line 65) | ErrorUserActionRequiredType constant ErrorNotImplementedType (line 67) | ErrorNotImplementedType type errorMetadata (line 129) | type errorMetadata struct type Error (line 274) | type Error struct method withDetail (line 308) | func (e *Error) withDetail() *Error { method AddSubproblems (line 319) | func (e *Error) AddSubproblems(subproblems ...Subproblem) *Error { method StatusCode (line 397) | func (e *Error) StatusCode() int { method Error (line 402) | func (e *Error) Error() string { method Cause (line 410) | func (e *Error) Cause() error { method ToLog (line 418) | func (e *Error) ToLog() (any, error) { method Render (line 427) | func (e *Error) Render(w http.ResponseWriter, r *http.Request) { type Subproblem (line 286) | type Subproblem struct function NewError (line 297) | func NewError(pt ProblemType, msg string, args ...any) *Error { function NewDetailedError (line 304) | func NewDetailedError(pt ProblemType, msg string, args ...any) *Error { function NewSubproblem (line 327) | func NewSubproblem(pt ProblemType, msg string, args ...any) Subproblem { function NewSubproblemWithIdentifier (line 338) | func NewSubproblemWithIdentifier(pt ProblemType, identifier Identifier, ... function newError (line 344) | func newError(pt ProblemType, err error) *Error { function NewErrorISE (line 365) | func NewErrorISE(msg string, args ...any) *Error { function WrapError (line 370) | func WrapError(typ ProblemType, err error, msg string, args ...any) *Err... function WrapDetailedError (line 387) | func WrapDetailedError(typ ProblemType, err error, msg string, args ...a... function WrapErrorISE (line 392) | func WrapErrorISE(err error, msg string, args ...any) *Error { FILE: acme/errors_test.go function mustJSON (line 11) | func mustJSON(t *testing.T, m map[string]interface{}) string { function TestError_WithAdditionalErrorDetail (line 20) | func TestError_WithAdditionalErrorDetail(t *testing.T) { FILE: acme/linker.go type LinkType (line 18) | type LinkType method String (line 51) | func (l LinkType) String() string { constant NewNonceLinkType (line 22) | NewNonceLinkType LinkType = iota constant NewAccountLinkType (line 24) | NewAccountLinkType constant AccountLinkType (line 26) | AccountLinkType constant OrderLinkType (line 28) | OrderLinkType constant NewOrderLinkType (line 30) | NewOrderLinkType constant OrdersByAccountLinkType (line 32) | OrdersByAccountLinkType constant FinalizeLinkType (line 34) | FinalizeLinkType constant NewAuthzLinkType (line 36) | NewAuthzLinkType constant AuthzLinkType (line 38) | AuthzLinkType constant ChallengeLinkType (line 40) | ChallengeLinkType constant CertificateLinkType (line 42) | CertificateLinkType constant DirectoryLinkType (line 44) | DirectoryLinkType constant RevokeCertLinkType (line 46) | RevokeCertLinkType constant KeyChangeLinkType (line 48) | KeyChangeLinkType function GetUnescapedPathSuffix (line 82) | func GetUnescapedPathSuffix(typ LinkType, provisionerName string, inputs... function NewLinker (line 100) | func NewLinker(dns, prefix string) Linker { type Linker (line 119) | type Linker interface type linkerKey (line 129) | type linkerKey struct function NewLinkerContext (line 132) | func NewLinkerContext(ctx context.Context, v Linker) context.Context { function LinkerFromContext (line 137) | func LinkerFromContext(ctx context.Context) (v Linker, ok bool) { function MustLinkerFromContext (line 144) | func MustLinkerFromContext(ctx context.Context) Linker { type baseURLKey (line 155) | type baseURLKey struct function newBaseURLContext (line 157) | func newBaseURLContext(ctx context.Context, r *http.Request) context.Con... function baseURLFromContext (line 165) | func baseURLFromContext(ctx context.Context) *url.URL { type linker (line 173) | type linker struct method Middleware (line 180) | func (l *linker) Middleware(next http.Handler) http.Handler { method GetLink (line 217) | func (l *linker) GetLink(ctx context.Context, typ LinkType, inputs ...... method LinkOrder (line 239) | func (l *linker) LinkOrder(ctx context.Context, o *Order) { method LinkAccount (line 251) | func (l *linker) LinkAccount(ctx context.Context, acc *Account) { method LinkChallenge (line 256) | func (l *linker) LinkChallenge(ctx context.Context, ch *Challenge, azI... method LinkAuthorization (line 261) | func (l *linker) LinkAuthorization(ctx context.Context, az *Authorizat... method LinkOrdersByAccountID (line 268) | func (l *linker) LinkOrdersByAccountID(ctx context.Context, orders []s... FILE: acme/linker_test.go function mockProvisioner (line 14) | func mockProvisioner(t *testing.T) Provisioner { function TestGetUnescapedPathSuffix (line 34) | func TestGetUnescapedPathSuffix(t *testing.T) { function TestLinker_DNS (line 51) | func TestLinker_DNS(t *testing.T) { function TestLinker_GetLink (line 131) | func TestLinker_GetLink(t *testing.T) { function TestLinker_LinkOrder (line 181) | func TestLinker_LinkOrder(t *testing.T) { function TestLinker_LinkAccount (line 246) | func TestLinker_LinkAccount(t *testing.T) { function TestLinker_LinkChallenge (line 278) | func TestLinker_LinkChallenge(t *testing.T) { function TestLinker_LinkAuthorization (line 311) | func TestLinker_LinkAuthorization(t *testing.T) { function TestLinker_LinkOrdersByAccountID (line 353) | func TestLinker_LinkOrdersByAccountID(t *testing.T) { FILE: acme/nonce.go type Nonce (line 4) | type Nonce method String (line 7) | func (n Nonce) String() string { FILE: acme/order.go type IdentifierType (line 26) | type IdentifierType constant IP (line 30) | IP IdentifierType = "ip" constant DNS (line 32) | DNS IdentifierType = "dns" constant PermanentIdentifier (line 35) | PermanentIdentifier IdentifierType = "permanent-identifier" constant WireUser (line 37) | WireUser IdentifierType = "wireapp-user" constant WireDevice (line 39) | WireDevice IdentifierType = "wireapp-device" type Identifier (line 43) | type Identifier struct type Order (line 49) | type Order struct method ToLog (line 67) | func (o *Order) ToLog() (interface{}, error) { method UpdateStatus (line 77) | func (o *Order) UpdateStatus(ctx context.Context, db DB) error { method getAuthorizationFingerprint (line 149) | func (o *Order) getAuthorizationFingerprint(ctx context.Context, db DB... method Finalize (line 171) | func (o *Order) Finalize(ctx context.Context, db DB, csr *x509.Certifi... method containsWireIdentifiers (line 345) | func (o *Order) containsWireIdentifiers() bool { method sans (line 402) | func (o *Order) sans(csr *x509.CertificateRequest) ([]x509util.Subject... function createWireSubject (line 355) | func createWireSubject(o *Order, csr *x509.CertificateRequest) (subject ... function numberOfIdentifierType (line 523) | func numberOfIdentifierType(typ IdentifierType, ids []Identifier) int { function canonicalize (line 538) | func canonicalize(csr *x509.CertificateRequest) (canonicalized *x509.Cer... function ipsAreEqual (line 570) | func ipsAreEqual(x, y net.IP) bool { function uniqueSortedLowerNames (line 580) | func uniqueSortedLowerNames(names []string) (unique []string) { function uniqueSortedURIStrings (line 595) | func uniqueSortedURIStrings(uris []*url.URL) (unique []string) { function uniqueSortedIPs (line 610) | func uniqueSortedIPs(ips []net.IP) (unique []net.IP) { FILE: acme/order_test.go function TestOrder_UpdateStatus (line 28) | func TestOrder_UpdateStatus(t *testing.T) { type mockSignAuth (line 275) | type mockSignAuth struct method SignWithContext (line 283) | func (m *mockSignAuth) SignWithContext(ctx context.Context, csr *x509.... method AreSANsAllowed (line 292) | func (m *mockSignAuth) AreSANsAllowed(ctx context.Context, sans []stri... method LoadProvisionerByName (line 299) | func (m *mockSignAuth) LoadProvisionerByName(name string) (provisioner... method IsRevoked (line 306) | func (m *mockSignAuth) IsRevoked(string) (bool, error) { method Revoke (line 310) | func (m *mockSignAuth) Revoke(context.Context, *authority.RevokeOption... method GetBackdate (line 314) | func (m *mockSignAuth) GetBackdate() *time.Duration { function TestOrder_Finalize (line 318) | func TestOrder_Finalize(t *testing.T) { function Test_uniqueSortedIPs (line 1949) | func Test_uniqueSortedIPs(t *testing.T) { function Test_numberOfIdentifierType (line 2045) | func Test_numberOfIdentifierType(t *testing.T) { function Test_ipsAreEqual (line 2175) | func Test_ipsAreEqual(t *testing.T) { function Test_canonicalize (line 2267) | func Test_canonicalize(t *testing.T) { function TestOrder_sans (line 2380) | func TestOrder_sans(t *testing.T) { function TestOrder_getAuthorizationFingerprint (line 2593) | func TestOrder_getAuthorizationFingerprint(t *testing.T) { FILE: acme/status.go type Status (line 4) | type Status FILE: acme/wire/id.go type UserID (line 11) | type UserID struct type DeviceID (line 17) | type DeviceID struct function ParseUserID (line 24) | func ParseUserID(value string) (id UserID, err error) { function ParseDeviceID (line 41) | func ParseDeviceID(value string) (id DeviceID, err error) { type ClientID (line 60) | type ClientID struct function ParseClientID (line 72) | func ParseClientID(clientID string) (ClientID, error) { FILE: acme/wire/id_test.go function TestParseUserID (line 10) | func TestParseUserID(t *testing.T) { function TestParseDeviceID (line 42) | func TestParseDeviceID(t *testing.T) { function TestParseClientID (line 76) | func TestParseClientID(t *testing.T) { FILE: api/api.go type Authority (line 39) | type Authority interface function NewTimeDuration (line 71) | func NewTimeDuration(t time.Time) TimeDuration { function ParseTimeDuration (line 77) | func ParseTimeDuration(s string) (TimeDuration, error) { type Certificate (line 82) | type Certificate struct method reset (line 95) | func (c *Certificate) reset() { method MarshalJSON (line 103) | func (c Certificate) MarshalJSON() ([]byte, error) { method UnmarshalJSON (line 116) | func (c *Certificate) UnmarshalJSON(data []byte) error { function NewCertificate (line 88) | func NewCertificate(cr *x509.Certificate) Certificate { type CertificateRequest (line 142) | type CertificateRequest struct method reset (line 155) | func (c *CertificateRequest) reset() { method MarshalJSON (line 163) | func (c CertificateRequest) MarshalJSON() ([]byte, error) { method UnmarshalJSON (line 176) | func (c *CertificateRequest) UnmarshalJSON(data []byte) error { function NewCertificateRequest (line 148) | func NewCertificateRequest(cr *x509.CertificateRequest) CertificateReque... type Router (line 201) | type Router interface type RouterHandler (line 209) | type RouterHandler interface type VersionResponse (line 215) | type VersionResponse struct type HealthResponse (line 221) | type HealthResponse struct type RootResponse (line 226) | type RootResponse struct type ProvisionersResponse (line 232) | type ProvisionersResponse struct method MarshalJSON (line 266) | func (p ProvisionersResponse) MarshalJSON() ([]byte, error) { constant redacted (line 237) | redacted = "*** REDACTED ***" function scepFromProvisioner (line 239) | func scepFromProvisioner(p *provisioner.SCEP) *models.SCEP { type ProvisionerKeyResponse (line 291) | type ProvisionerKeyResponse struct type RootsResponse (line 296) | type RootsResponse struct type IntermediatesResponse (line 301) | type IntermediatesResponse struct type FederationResponse (line 306) | type FederationResponse struct type caHandler (line 311) | type caHandler struct method Route (line 316) | func (h *caHandler) Route(r Router) { function New (line 323) | func New(Authority) RouterHandler { function Route (line 327) | func Route(r Router) { function Version (line 364) | func Version(w http.ResponseWriter, r *http.Request) { function Health (line 373) | func Health(w http.ResponseWriter, r *http.Request) { function Root (line 379) | func Root(w http.ResponseWriter, r *http.Request) { function certChainToPEM (line 392) | func certChainToPEM(certChain []*x509.Certificate) []Certificate { function Provisioners (line 401) | func Provisioners(w http.ResponseWriter, r *http.Request) { function ProvisionerKey (line 421) | func ProvisionerKey(w http.ResponseWriter, r *http.Request) { function Roots (line 433) | func Roots(w http.ResponseWriter, r *http.Request) { function RootsPEM (line 451) | func RootsPEM(w http.ResponseWriter, r *http.Request) { function Intermediates (line 474) | func Intermediates(w http.ResponseWriter, r *http.Request) { function IntermediatesPEM (line 492) | func IntermediatesPEM(w http.ResponseWriter, r *http.Request) { function Federation (line 515) | func Federation(w http.ResponseWriter, r *http.Request) { type stepProvisioner (line 534) | type stepProvisioner struct function logOtt (line 540) | func logOtt(w http.ResponseWriter, token string) { function LogCertificate (line 549) | func LogCertificate(w http.ResponseWriter, cert *x509.Certificate) { function LogSSHCertificate (line 582) | func LogSSHCertificate(w http.ResponseWriter, cert *ssh.Certificate) { function ParseCursor (line 617) | func ParseCursor(r *http.Request) (cursor string, limit int, err error) { function fmtSans (line 629) | func fmtSans(cert *x509.Certificate) map[string][]string { function fmtPublicKey (line 654) | func fmtPublicKey(cert *x509.Certificate) string { FILE: api/api_test.go constant rootPEM (line 46) | rootPEM = `-----BEGIN CERTIFICATE----- constant certPEM (line 71) | certPEM = `-----BEGIN CERTIFICATE----- constant csrPEM (line 94) | csrPEM = `-----BEGIN CERTIFICATE REQUEST----- constant stepCertPEM (line 121) | stepCertPEM = `-----BEGIN CERTIFICATE----- constant pubKey (line 138) | pubKey = `{ constant privKey (line 148) | privKey = "eyJhbGciOiJQQkVTMi1IUzI1NitBMTI4S1ciLCJjdHkiOiJqd2sranNvbiIsI... function mustJSON (line 151) | func mustJSON(t *testing.T, v any) []byte { function parseCertificate (line 158) | func parseCertificate(data string) *x509.Certificate { function parseCertificateRequest (line 170) | func parseCertificateRequest(data string) *x509.CertificateRequest { function mockMustAuthority (line 182) | func mockMustAuthority(t *testing.T, a Authority) { type mockAuthority (line 193) | type mockAuthority struct method GetCertificateRevocationList (line 226) | func (m *mockAuthority) GetCertificateRevocationList() (*authority.Cer... method Authorize (line 235) | func (m *mockAuthority) Authorize(ctx context.Context, ott string) ([]... method AuthorizeRenewToken (line 242) | func (m *mockAuthority) AuthorizeRenewToken(ctx context.Context, ott s... method GetTLSOptions (line 249) | func (m *mockAuthority) GetTLSOptions() *authority.TLSOptions { method Root (line 256) | func (m *mockAuthority) Root(shasum string) (*x509.Certificate, error) { method SignWithContext (line 263) | func (m *mockAuthority) SignWithContext(ctx context.Context, cr *x509.... method Renew (line 270) | func (m *mockAuthority) Renew(cert *x509.Certificate) ([]*x509.Certifi... method RenewContext (line 277) | func (m *mockAuthority) RenewContext(ctx context.Context, oldcert *x50... method Rekey (line 284) | func (m *mockAuthority) Rekey(oldcert *x509.Certificate, pk crypto.Pub... method GetProvisioners (line 291) | func (m *mockAuthority) GetProvisioners(nextCursor string, limit int) ... method LoadProvisionerByCertificate (line 298) | func (m *mockAuthority) LoadProvisionerByCertificate(cert *x509.Certif... method LoadProvisionerByName (line 305) | func (m *mockAuthority) LoadProvisionerByName(name string) (provisione... method Revoke (line 312) | func (m *mockAuthority) Revoke(ctx context.Context, opts *authority.Re... method GetEncryptedKey (line 319) | func (m *mockAuthority) GetEncryptedKey(kid string) (string, error) { method GetRoots (line 326) | func (m *mockAuthority) GetRoots() ([]*x509.Certificate, error) { method GetIntermediateCertificates (line 333) | func (m *mockAuthority) GetIntermediateCertificates() []*x509.Certific... method GetFederation (line 340) | func (m *mockAuthority) GetFederation() ([]*x509.Certificate, error) { method SignSSH (line 347) | func (m *mockAuthority) SignSSH(ctx context.Context, key ssh.PublicKey... method SignSSHAddUser (line 354) | func (m *mockAuthority) SignSSHAddUser(ctx context.Context, key ssh.Pu... method RenewSSH (line 361) | func (m *mockAuthority) RenewSSH(ctx context.Context, cert *ssh.Certif... method RekeySSH (line 368) | func (m *mockAuthority) RekeySSH(ctx context.Context, cert *ssh.Certif... method GetSSHHosts (line 375) | func (m *mockAuthority) GetSSHHosts(ctx context.Context, cert *x509.Ce... method GetSSHRoots (line 382) | func (m *mockAuthority) GetSSHRoots(ctx context.Context) (*authority.S... method GetSSHFederation (line 389) | func (m *mockAuthority) GetSSHFederation(ctx context.Context) (*author... method GetSSHConfig (line 396) | func (m *mockAuthority) GetSSHConfig(ctx context.Context, typ string, ... method CheckSSHHost (line 403) | func (m *mockAuthority) CheckSSHHost(ctx context.Context, principal, t... method GetSSHBastion (line 410) | func (m *mockAuthority) GetSSHBastion(ctx context.Context, user, hostn... method Version (line 417) | func (m *mockAuthority) Version() authority.Version { function TestNewCertificate (line 424) | func TestNewCertificate(t *testing.T) { function TestCertificate_MarshalJSON (line 431) | func TestCertificate_MarshalJSON(t *testing.T) { function TestCertificate_UnmarshalJSON (line 464) | func TestCertificate_UnmarshalJSON(t *testing.T) { function TestCertificate_UnmarshalJSON_json (line 495) | func TestCertificate_UnmarshalJSON_json(t *testing.T) { function TestNewCertificateRequest (line 535) | func TestNewCertificateRequest(t *testing.T) { function TestCertificateRequest_MarshalJSON (line 542) | func TestCertificateRequest_MarshalJSON(t *testing.T) { function TestCertificateRequest_UnmarshalJSON (line 574) | func TestCertificateRequest_UnmarshalJSON(t *testing.T) { function TestCertificateRequest_UnmarshalJSON_json (line 604) | func TestCertificateRequest_UnmarshalJSON_json(t *testing.T) { function TestSignRequest_Validate (line 645) | func TestSignRequest_Validate(t *testing.T) { type mockProvisioner (line 683) | type mockProvisioner struct method GetID (line 703) | func (m *mockProvisioner) GetID() string { method GetIDForToken (line 710) | func (m *mockProvisioner) GetIDForToken() string { method GetTokenID (line 717) | func (m *mockProvisioner) GetTokenID(token string) (string, error) { method GetName (line 727) | func (m *mockProvisioner) GetName() string { method GetType (line 734) | func (m *mockProvisioner) GetType() provisioner.Type { method GetEncryptedKey (line 741) | func (m *mockProvisioner) GetEncryptedKey() (string, string, bool) { method Init (line 748) | func (m *mockProvisioner) Init(c provisioner.Config) error { method AuthorizeRenew (line 755) | func (m *mockProvisioner) AuthorizeRenew(ctx context.Context, cert *x5... method AuthorizeRevoke (line 762) | func (m *mockProvisioner) AuthorizeRevoke(ctx context.Context, token s... method AuthorizeSign (line 769) | func (m *mockProvisioner) AuthorizeSign(ctx context.Context, ott strin... method AuthorizeRenewal (line 776) | func (m *mockProvisioner) AuthorizeRenewal(c *x509.Certificate) error { method AuthorizeSSHSign (line 783) | func (m *mockProvisioner) AuthorizeSSHSign(ctx context.Context, token ... method AuthorizeSSHRevoke (line 789) | func (m *mockProvisioner) AuthorizeSSHRevoke(ctx context.Context, toke... method AuthorizeSSHRenew (line 795) | func (m *mockProvisioner) AuthorizeSSHRenew(ctx context.Context, token... method AuthorizeSSHRekey (line 801) | func (m *mockProvisioner) AuthorizeSSHRekey(ctx context.Context, token... function Test_caHandler_Route (line 808) | func Test_caHandler_Route(t *testing.T) { function Test_Health (line 832) | func Test_Health(t *testing.T) { function Test_Root (line 853) | func Test_Root(t *testing.T) { function Test_Sign (line 901) | func Test_Sign(t *testing.T) { function Test_Renew (line 970) | func Test_Renew(t *testing.T) { function Test_Rekey (line 1115) | func Test_Rekey(t *testing.T) { function Test_Provisioners (line 1176) | func Test_Provisioners(t *testing.T) { function Test_ProvisionerKey (line 1278) | func Test_ProvisionerKey(t *testing.T) { function Test_Roots (line 1336) | func Test_Roots(t *testing.T) { function Test_caHandler_RootsPEM (line 1382) | func Test_caHandler_RootsPEM(t *testing.T) { function Test_Federation (line 1422) | func Test_Federation(t *testing.T) { function Test_fmtPublicKey (line 1468) | func Test_fmtPublicKey(t *testing.T) { function mustCertificate (line 1519) | func mustCertificate(t *testing.T, pub, priv interface{}) *x509.Certific... function TestProvisionersResponse_MarshalJSON (line 1545) | func TestProvisionersResponse_MarshalJSON(t *testing.T) { constant fixtureECDSACertificate (line 1655) | fixtureECDSACertificate = `ecdsa-sha2-nistp256-cert-v01@openssh.com AAAA... function TestLogSSHCertificate (line 1658) | func TestLogSSHCertificate(t *testing.T) { function TestIntermediates (line 1682) | func TestIntermediates(t *testing.T) { function TestIntermediatesPEM (line 1721) | func TestIntermediatesPEM(t *testing.T) { FILE: api/crl.go function CRL (line 13) | func CRL(w http.ResponseWriter, r *http.Request) { FILE: api/crl_test.go function Test_CRL (line 21) | func Test_CRL(t *testing.T) { FILE: api/log/log.go type errorLoggerKey (line 13) | type errorLoggerKey struct type ErrorLogger (line 16) | type ErrorLogger method call (line 18) | func (fn ErrorLogger) call(w http.ResponseWriter, r *http.Request, err... function WithErrorLogger (line 26) | func WithErrorLogger(ctx context.Context, fn ErrorLogger) context.Context { function ErrorLoggerFromContext (line 31) | func ErrorLoggerFromContext(ctx context.Context) (fn ErrorLogger) { type StackTracedError (line 40) | type StackTracedError interface type fieldCarrier (line 46) | type fieldCarrier interface function Error (line 54) | func Error(w http.ResponseWriter, r *http.Request, err error) { function EnabledResponse (line 80) | func EnabledResponse(rw http.ResponseWriter, r *http.Request, v any) { FILE: api/log/log_test.go type stackTracedError (line 18) | type stackTracedError struct method Error (line 20) | func (stackTracedError) Error() string { method StackTrace (line 24) | func (stackTracedError) StackTrace() pkgerrors.StackTrace { function TestError (line 32) | func TestError(t *testing.T) { FILE: api/models/scep.go type SCEP (line 18) | type SCEP struct method GetID (line 38) | func (s *SCEP) GetID() string { method GetIDForToken (line 47) | func (s *SCEP) GetIDForToken() string { method GetName (line 52) | func (s *SCEP) GetName() string { method GetType (line 57) | func (s *SCEP) GetType() provisioner.Type { method GetEncryptedKey (line 62) | func (s *SCEP) GetEncryptedKey() (string, string, bool) { method GetTokenID (line 67) | func (s *SCEP) GetTokenID(string) (string, error) { method Init (line 72) | func (s *SCEP) Init(_ provisioner.Config) (err error) { method AuthorizeSign (line 78) | func (s *SCEP) AuthorizeSign(context.Context, string) ([]provisioner.S... method AuthorizeRevoke (line 84) | func (s *SCEP) AuthorizeRevoke(context.Context, string) error { method AuthorizeRenew (line 90) | func (s *SCEP) AuthorizeRenew(context.Context, *x509.Certificate) error { method AuthorizeSSHSign (line 96) | func (s *SCEP) AuthorizeSSHSign(context.Context, string) ([]provisione... method AuthorizeSSHRevoke (line 102) | func (s *SCEP) AuthorizeSSHRevoke(context.Context, string) error { method AuthorizeSSHRenew (line 108) | func (s *SCEP) AuthorizeSSHRenew(context.Context, string) (*ssh.Certif... method AuthorizeSSHRekey (line 114) | func (s *SCEP) AuthorizeSSHRekey(context.Context, string) (*ssh.Certif... FILE: api/read/read.go function JSON (line 20) | func JSON(r io.Reader, v interface{}) error { function ProtoJSON (line 29) | func ProtoJSON(r io.Reader, m proto.Message) error { type badProtoJSONError (line 46) | type badProtoJSONError method Error (line 49) | func (e badProtoJSONError) Error() string { method Render (line 54) | func (e badProtoJSONError) Render(w http.ResponseWriter, r *http.Reque... FILE: api/read/read_test.go function TestJSON (line 23) | func TestJSON(t *testing.T) { function TestProtoJSON (line 59) | func TestProtoJSON(t *testing.T) { function Test_badProtoJSONError_Render (line 124) | func Test_badProtoJSONError_Render(t *testing.T) { FILE: api/rekey.go type RekeyRequest (line 12) | type RekeyRequest struct method Validate (line 18) | func (s *RekeyRequest) Validate() error { function Rekey (line 30) | func Rekey(w http.ResponseWriter, r *http.Request) { FILE: api/render/render.go function JSON (line 16) | func JSON(w http.ResponseWriter, r *http.Request, v interface{}) { function JSONStatus (line 25) | func JSONStatus(w http.ResponseWriter, r *http.Request, v interface{}, s... function ProtoJSON (line 50) | func ProtoJSON(w http.ResponseWriter, m proto.Message) { function ProtoJSONStatus (line 56) | func ProtoJSONStatus(w http.ResponseWriter, m proto.Message, status int) { function setContentTypeUnlessPresent (line 67) | func setContentTypeUnlessPresent(w http.ResponseWriter, contentType stri... type RenderableError (line 80) | type RenderableError interface function Error (line 88) | func Error(rw http.ResponseWriter, r *http.Request, err error) { type StatusCodedError (line 106) | type StatusCodedError interface function statusCodeFromError (line 112) | func statusCodeFromError(err error) (code int) { FILE: api/render/render_test.go function TestJSON (line 18) | func TestJSON(t *testing.T) { function TestJSONPanicsOnUnsupportedType (line 31) | func TestJSONPanicsOnUnsupportedType(t *testing.T) { function TestJSONPanicsOnUnsupportedValue (line 35) | func TestJSONPanicsOnUnsupportedValue(t *testing.T) { function TestJSONPanicsOnMarshalerError (line 39) | func TestJSONPanicsOnMarshalerError(t *testing.T) { type erroneousJSONMarshaler (line 44) | type erroneousJSONMarshaler struct method MarshalJSON (line 46) | func (erroneousJSONMarshaler) MarshalJSON() ([]byte, error) { function jsonPanicTest (line 50) | func jsonPanicTest[T json.UnsupportedTypeError | json.UnsupportedValueEr... type renderableError (line 71) | type renderableError struct method Error (line 76) | func (err renderableError) Error() string { method Render (line 80) | func (err renderableError) Render(w http.ResponseWriter, r *http.Reque... type statusedError (line 85) | type statusedError struct method Error (line 89) | func (err statusedError) Error() string { return err.Contents } method StatusCode (line 91) | func (statusedError) StatusCode() int { return 432 } function TestError (line 93) | func TestError(t *testing.T) { type causedError (line 129) | type causedError struct method Error (line 133) | func (err causedError) Error() string { return fmt.Sprintf("cause: %s"... method Cause (line 134) | func (err causedError) Cause() error { return err.cause } function TestStatusCodeFromError (line 136) | func TestStatusCodeFromError(t *testing.T) { FILE: api/renew.go constant authorizationHeader (line 15) | authorizationHeader = "Authorization" constant bearerScheme (line 16) | bearerScheme = "Bearer" function Renew (line 21) | func Renew(w http.ResponseWriter, r *http.Request) { function getPeerCertificate (line 58) | func getPeerCertificate(r *http.Request) (*x509.Certificate, string, err... FILE: api/revoke.go type RevokeResponse (line 18) | type RevokeResponse struct type RevokeRequest (line 23) | type RevokeRequest struct method Validate (line 33) | func (r *RevokeRequest) Validate() (err error) { function Revoke (line 57) | func Revoke(w http.ResponseWriter, r *http.Request) { function logRevoke (line 118) | func logRevoke(w http.ResponseWriter, ri *authority.RevokeOptions) { FILE: api/revoke_test.go function TestRevokeRequestValidate (line 24) | func TestRevokeRequestValidate(t *testing.T) { function Test_caHandler_Revoke (line 79) | func Test_caHandler_Revoke(t *testing.T) { FILE: api/sign.go type SignRequest (line 16) | type SignRequest struct method Validate (line 26) | func (s *SignRequest) Validate() error { type SignResponse (line 41) | type SignResponse struct function Sign (line 52) | func Sign(w http.ResponseWriter, r *http.Request) { FILE: api/ssh.go type SSHAuthority (line 28) | type SSHAuthority interface type SSHSignRequest (line 42) | type SSHSignRequest struct method Validate (line 56) | func (s *SSHSignRequest) Validate() error { type SSHSignResponse (line 76) | type SSHSignResponse struct type SSHRootsResponse (line 84) | type SSHRootsResponse struct type SSHCertificate (line 90) | type SSHCertificate struct method MarshalJSON (line 102) | func (c SSHCertificate) MarshalJSON() ([]byte, error) { method UnmarshalJSON (line 112) | func (c *SSHCertificate) UnmarshalJSON(data []byte) error { type SSHGetHostsResponse (line 96) | type SSHGetHostsResponse struct type SSHPublicKey (line 138) | type SSHPublicKey struct method MarshalJSON (line 144) | func (p *SSHPublicKey) MarshalJSON() ([]byte, error) { method UnmarshalJSON (line 155) | func (p *SSHPublicKey) UnmarshalJSON(data []byte) error { type SSHConfigRequest (line 181) | type SSHConfigRequest struct method Validate (line 187) | func (r *SSHConfigRequest) Validate() error { type SSHConfigResponse (line 200) | type SSHConfigResponse struct type SSHCheckPrincipalRequest (line 208) | type SSHCheckPrincipalRequest struct method Validate (line 215) | func (r *SSHCheckPrincipalRequest) Validate() error { type SSHCheckPrincipalResponse (line 228) | type SSHCheckPrincipalResponse struct type SSHBastionRequest (line 234) | type SSHBastionRequest struct method Validate (line 240) | func (r *SSHBastionRequest) Validate() error { type SSHBastionResponse (line 249) | type SSHBastionResponse struct function SSHSign (line 257) | func SSHSign(w http.ResponseWriter, r *http.Request) { function SSHRoots (line 357) | func SSHRoots(w http.ResponseWriter, r *http.Request) { function SSHFederation (line 383) | func SSHFederation(w http.ResponseWriter, r *http.Request) { function SSHConfig (line 409) | func SSHConfig(w http.ResponseWriter, r *http.Request) { function SSHCheckHost (line 442) | func SSHCheckHost(w http.ResponseWriter, r *http.Request) { function SSHGetHosts (line 465) | func SSHGetHosts(w http.ResponseWriter, r *http.Request) { function SSHBastion (line 483) | func SSHBastion(w http.ResponseWriter, r *http.Request) { type identityModifier (line 509) | type identityModifier struct method Enforce (line 517) | func (m *identityModifier) Enforce(cert *x509.Certificate) error { function getIdentityURI (line 534) | func getIdentityURI(cr *x509.CertificateRequest) *url.URL { FILE: api/sshRekey.go type SSHRekeyRequest (line 17) | type SSHRekeyRequest struct method Validate (line 23) | func (s *SSHRekeyRequest) Validate() error { type SSHRekeyResponse (line 35) | type SSHRekeyResponse struct function SSHRekey (line 43) | func SSHRekey(w http.ResponseWriter, r *http.Request) { FILE: api/sshRenew.go type SSHRenewRequest (line 18) | type SSHRenewRequest struct method Validate (line 23) | func (s *SSHRenewRequest) Validate() error { type SSHRenewResponse (line 33) | type SSHRenewResponse struct function SSHRenew (line 41) | func SSHRenew(w http.ResponseWriter, r *http.Request) { function renewIdentityCertificate (line 93) | func renewIdentityCertificate(r *http.Request, notBefore, notAfter time.... FILE: api/sshRevoke.go type SSHRevokeResponse (line 17) | type SSHRevokeResponse struct type SSHRevokeRequest (line 22) | type SSHRevokeRequest struct method Validate (line 32) | func (r *SSHRevokeRequest) Validate() (err error) { function SSHRevoke (line 51) | func SSHRevoke(w http.ResponseWriter, r *http.Request) { function logSSHRevoke (line 91) | func logSSHRevoke(w http.ResponseWriter, ri *authority.RevokeOptions) { FILE: api/ssh_test.go function mustKey (line 38) | func mustKey() *ecdsa.PrivateKey { function signSSHCertificate (line 46) | func signSSHCertificate(cert *ssh.Certificate) error { function getSignedUserCertificate (line 66) | func getSignedUserCertificate() (*ssh.Certificate, error) { function getSignedHostCertificate (line 99) | func getSignedHostCertificate() (*ssh.Certificate, error) { function TestSSHCertificate_MarshalJSON (line 126) | func TestSSHCertificate_MarshalJSON(t *testing.T) { function TestSSHCertificate_UnmarshalJSON (line 164) | func TestSSHCertificate_UnmarshalJSON(t *testing.T) { function TestSignSSHRequest_Validate (line 204) | func TestSignSSHRequest_Validate(t *testing.T) { function Test_SSHSign (line 256) | func Test_SSHSign(t *testing.T) { function Test_SSHRoots (line 358) | func Test_SSHRoots(t *testing.T) { function Test_SSHFederation (line 412) | func Test_SSHFederation(t *testing.T) { function Test_SSHConfig (line 466) | func Test_SSHConfig(t *testing.T) { function Test_SSHCheckHost (line 526) | func Test_SSHCheckHost(t *testing.T) { function Test_SSHGetHosts (line 573) | func Test_SSHGetHosts(t *testing.T) { function Test_SSHBastion (line 624) | func Test_SSHBastion(t *testing.T) { function TestSSHPublicKey_MarshalJSON (line 679) | func TestSSHPublicKey_MarshalJSON(t *testing.T) { function TestSSHPublicKey_UnmarshalJSON (line 708) | func TestSSHPublicKey_UnmarshalJSON(t *testing.T) { function Test_identityModifier_Enforce (line 742) | func Test_identityModifier_Enforce(t *testing.T) { function Test_getIdentityURI (line 802) | func Test_getIdentityURI(t *testing.T) { FILE: authority/admin/api/acme.go type CreateExternalAccountKeyRequest (line 16) | type CreateExternalAccountKeyRequest struct method Validate (line 21) | func (r *CreateExternalAccountKeyRequest) Validate() error { type GetExternalAccountKeysResponse (line 29) | type GetExternalAccountKeysResponse struct function requireEABEnabled (line 36) | func requireEABEnabled(next http.HandlerFunc) http.HandlerFunc { type ACMEAdminResponder (line 57) | type ACMEAdminResponder interface type acmeAdminResponder (line 64) | type acmeAdminResponder struct method GetExternalAccountKeys (line 72) | func (h *acmeAdminResponder) GetExternalAccountKeys(w http.ResponseWri... method CreateExternalAccountKey (line 77) | func (h *acmeAdminResponder) CreateExternalAccountKey(w http.ResponseW... method DeleteExternalAccountKey (line 82) | func (h *acmeAdminResponder) DeleteExternalAccountKey(w http.ResponseW... function NewACMEAdminResponder (line 67) | func NewACMEAdminResponder() ACMEAdminResponder { function eakToLinked (line 86) | func eakToLinked(k *acme.ExternalAccountKey) *linkedca.EABKey { function linkedEAKToCertificates (line 118) | func linkedEAKToCertificates(k *linkedca.EABKey) *acme.ExternalAccountKey { FILE: authority/admin/api/acme_test.go function readProtoJSON (line 27) | func readProtoJSON(r io.ReadCloser, m proto.Message) error { function mockMustAuthority (line 36) | func mockMustAuthority(t *testing.T, a adminAuthority) { function TestHandler_requireEABEnabled (line 47) | func TestHandler_requireEABEnabled(t *testing.T) { function TestCreateExternalAccountKeyRequest_Validate (line 157) | func TestCreateExternalAccountKeyRequest_Validate(t *testing.T) { function TestHandler_CreateExternalAccountKey (line 200) | func TestHandler_CreateExternalAccountKey(t *testing.T) { function TestHandler_DeleteExternalAccountKey (line 251) | func TestHandler_DeleteExternalAccountKey(t *testing.T) { function TestHandler_GetExternalAccountKeys (line 303) | func TestHandler_GetExternalAccountKeys(t *testing.T) { function Test_eakToLinked (line 357) | func Test_eakToLinked(t *testing.T) { function Test_linkedEAKToCertificates (line 446) | func Test_linkedEAKToCertificates(t *testing.T) { FILE: authority/admin/api/admin.go type adminAuthority (line 18) | type adminAuthority interface type CreateAdminRequest (line 39) | type CreateAdminRequest struct method Validate (line 46) | func (car *CreateAdminRequest) Validate() error { type GetAdminsResponse (line 62) | type GetAdminsResponse struct type UpdateAdminRequest (line 68) | type UpdateAdminRequest struct method Validate (line 73) | func (uar *UpdateAdminRequest) Validate() error { type DeleteResponse (line 83) | type DeleteResponse struct function GetAdmin (line 88) | func GetAdmin(w http.ResponseWriter, r *http.Request) { function GetAdmins (line 101) | func GetAdmins(w http.ResponseWriter, r *http.Request) { function CreateAdmin (line 121) | func CreateAdmin(w http.ResponseWriter, r *http.Request) { function DeleteAdmin (line 154) | func DeleteAdmin(w http.ResponseWriter, r *http.Request) { function UpdateAdmin (line 166) | func UpdateAdmin(w http.ResponseWriter, r *http.Request) { FILE: authority/admin/api/admin_test.go type mockAdminAuthority (line 26) | type mockAdminAuthority struct method IsAdminAPIEnabled (line 49) | func (m *mockAdminAuthority) IsAdminAPIEnabled() bool { method LoadProvisionerByName (line 56) | func (m *mockAdminAuthority) LoadProvisionerByName(name string) (provi... method GetProvisioners (line 63) | func (m *mockAdminAuthority) GetProvisioners(nextCursor string, limit ... method LoadAdminByID (line 70) | func (m *mockAdminAuthority) LoadAdminByID(id string) (*linkedca.Admin... method GetAdmins (line 77) | func (m *mockAdminAuthority) GetAdmins(cursor string, limit int) ([]*l... method StoreAdmin (line 84) | func (m *mockAdminAuthority) StoreAdmin(ctx context.Context, adm *link... method UpdateAdmin (line 91) | func (m *mockAdminAuthority) UpdateAdmin(ctx context.Context, id strin... method RemoveAdmin (line 98) | func (m *mockAdminAuthority) RemoveAdmin(ctx context.Context, id strin... method AuthorizeAdminToken (line 105) | func (m *mockAdminAuthority) AuthorizeAdminToken(r *http.Request, toke... method StoreProvisioner (line 112) | func (m *mockAdminAuthority) StoreProvisioner(ctx context.Context, pro... method LoadProvisionerByID (line 119) | func (m *mockAdminAuthority) LoadProvisionerByID(id string) (provision... method UpdateProvisioner (line 126) | func (m *mockAdminAuthority) UpdateProvisioner(ctx context.Context, nu... method RemoveProvisioner (line 133) | func (m *mockAdminAuthority) RemoveProvisioner(ctx context.Context, id... method GetAuthorityPolicy (line 140) | func (m *mockAdminAuthority) GetAuthorityPolicy(ctx context.Context) (... method CreateAuthorityPolicy (line 147) | func (m *mockAdminAuthority) CreateAuthorityPolicy(ctx context.Context... method UpdateAuthorityPolicy (line 154) | func (m *mockAdminAuthority) UpdateAuthorityPolicy(ctx context.Context... method RemoveAuthorityPolicy (line 161) | func (m *mockAdminAuthority) RemoveAuthorityPolicy(ctx context.Context... function TestCreateAdminRequest_Validate (line 168) | func TestCreateAdminRequest_Validate(t *testing.T) { function TestUpdateAdminRequest_Validate (line 244) | func TestUpdateAdminRequest_Validate(t *testing.T) { function TestHandler_GetAdmin (line 295) | func TestHandler_GetAdmin(t *testing.T) { function TestHandler_GetAdmins (line 398) | func TestHandler_GetAdmins(t *testing.T) { function TestHandler_CreateAdmin (line 531) | func TestHandler_CreateAdmin(t *testing.T) { function TestHandler_DeleteAdmin (line 715) | func TestHandler_DeleteAdmin(t *testing.T) { function TestHandler_UpdateAdmin (line 803) | func TestHandler_UpdateAdmin(t *testing.T) { FILE: authority/admin/api/handler.go type router (line 15) | type router struct type RouterOption (line 21) | type RouterOption function WithACMEResponder (line 23) | func WithACMEResponder(acmeResponder ACMEAdminResponder) RouterOption { function WithPolicyResponder (line 29) | func WithPolicyResponder(policyResponder PolicyAdminResponder) RouterOpt... function WithWebhookResponder (line 35) | func WithWebhookResponder(webhookResponder WebhookAdminResponder) Router... function Route (line 42) | func Route(r api.Router, options ...RouterOption) { FILE: authority/admin/api/middleware.go function requireAPIEnabled (line 19) | func requireAPIEnabled(next http.HandlerFunc) http.HandlerFunc { function extractAuthorizeTokenAdmin (line 30) | func extractAuthorizeTokenAdmin(next http.HandlerFunc) http.HandlerFunc { function loadProvisionerByName (line 53) | func loadProvisionerByName(next http.HandlerFunc) http.HandlerFunc { function checkAction (line 83) | func checkAction(next http.HandlerFunc, supportedInStandalone bool) http... function loadExternalAccountKey (line 106) | func loadExternalAccountKey(next http.HandlerFunc) http.HandlerFunc { FILE: authority/admin/api/middleware_test.go function TestHandler_requireAPIEnabled (line 28) | func TestHandler_requireAPIEnabled(t *testing.T) { function TestHandler_extractAuthorizeTokenAdmin (line 105) | func TestHandler_extractAuthorizeTokenAdmin(t *testing.T) { function TestHandler_loadProvisionerByName (line 224) | func TestHandler_loadProvisionerByName(t *testing.T) { function TestHandler_checkAction (line 355) | func TestHandler_checkAction(t *testing.T) { function TestHandler_loadExternalAccountKey (line 428) | func TestHandler_loadExternalAccountKey(t *testing.T) { FILE: authority/admin/api/policy.go type PolicyAdminResponder (line 20) | type PolicyAdminResponder interface type policyAdminResponder (line 36) | type policyAdminResponder struct method GetAuthorityPolicy (line 44) | func (par *policyAdminResponder) GetAuthorityPolicy(w http.ResponseWri... method CreateAuthorityPolicy (line 68) | func (par *policyAdminResponder) CreateAuthorityPolicy(w http.Response... method UpdateAuthorityPolicy (line 120) | func (par *policyAdminResponder) UpdateAuthorityPolicy(w http.Response... method DeleteAuthorityPolicy (line 171) | func (par *policyAdminResponder) DeleteAuthorityPolicy(w http.Response... method GetProvisionerPolicy (line 201) | func (par *policyAdminResponder) GetProvisionerPolicy(w http.ResponseW... method CreateProvisionerPolicy (line 219) | func (par *policyAdminResponder) CreateProvisionerPolicy(w http.Respon... method UpdateProvisionerPolicy (line 263) | func (par *policyAdminResponder) UpdateProvisionerPolicy(w http.Respon... method DeleteProvisionerPolicy (line 306) | func (par *policyAdminResponder) DeleteProvisionerPolicy(w http.Respon... method GetACMEAccountPolicy (line 331) | func (par *policyAdminResponder) GetACMEAccountPolicy(w http.ResponseW... method CreateACMEAccountPolicy (line 348) | func (par *policyAdminResponder) CreateACMEAccountPolicy(w http.Respon... method UpdateACMEAccountPolicy (line 389) | func (par *policyAdminResponder) UpdateACMEAccountPolicy(w http.Respon... method DeleteACMEAccountPolicy (line 428) | func (par *policyAdminResponder) DeleteACMEAccountPolicy(w http.Respon... function NewPolicyAdminResponder (line 39) | func NewPolicyAdminResponder() PolicyAdminResponder { function blockLinkedCA (line 457) | func blockLinkedCA(ctx context.Context) error { function isBadRequest (line 468) | func isBadRequest(err error) bool { function validatePolicy (line 474) | func validatePolicy(p *linkedca.Policy) error { FILE: authority/admin/api/policy_test.go type fakeLinkedCA (line 24) | type fakeLinkedCA struct method IsLinkedCA (line 28) | func (f *fakeLinkedCA) IsLinkedCA() bool { type testAdminError (line 34) | type testAdminError struct type testX509Policy (line 40) | type testX509Policy struct type testX509Names (line 46) | type testX509Names struct type testSSHPolicy (line 54) | type testSSHPolicy struct type testSSHHostPolicy (line 59) | type testSSHHostPolicy struct type testSSHHostNames (line 64) | type testSSHHostNames struct type testSSHUserPolicy (line 70) | type testSSHUserPolicy struct type testSSHUserNames (line 75) | type testSSHUserNames struct type testPolicyResponse (line 81) | type testPolicyResponse struct function TestPolicyAdminResponder_GetAuthorityPolicy (line 86) | func TestPolicyAdminResponder_GetAuthorityPolicy(t *testing.T) { function TestPolicyAdminResponder_CreateAuthorityPolicy (line 280) | func TestPolicyAdminResponder_CreateAuthorityPolicy(t *testing.T) { function TestPolicyAdminResponder_UpdateAuthorityPolicy (line 571) | func TestPolicyAdminResponder_UpdateAuthorityPolicy(t *testing.T) { function TestPolicyAdminResponder_DeleteAuthorityPolicy (line 877) | func TestPolicyAdminResponder_DeleteAuthorityPolicy(t *testing.T) { function TestPolicyAdminResponder_GetProvisionerPolicy (line 1029) | func TestPolicyAdminResponder_GetProvisionerPolicy(t *testing.T) { function TestPolicyAdminResponder_CreateProvisionerPolicy (line 1204) | func TestPolicyAdminResponder_CreateProvisionerPolicy(t *testing.T) { function TestPolicyAdminResponder_UpdateProvisionerPolicy (line 1457) | func TestPolicyAdminResponder_UpdateProvisionerPolicy(t *testing.T) { function TestPolicyAdminResponder_DeleteProvisionerPolicy (line 1721) | func TestPolicyAdminResponder_DeleteProvisionerPolicy(t *testing.T) { function TestPolicyAdminResponder_GetACMEAccountPolicy (line 1842) | func TestPolicyAdminResponder_GetACMEAccountPolicy(t *testing.T) { function TestPolicyAdminResponder_CreateACMEAccountPolicy (line 2026) | func TestPolicyAdminResponder_CreateACMEAccountPolicy(t *testing.T) { function TestPolicyAdminResponder_UpdateACMEAccountPolicy (line 2253) | func TestPolicyAdminResponder_UpdateACMEAccountPolicy(t *testing.T) { function TestPolicyAdminResponder_DeleteACMEAccountPolicy (line 2490) | func TestPolicyAdminResponder_DeleteACMEAccountPolicy(t *testing.T) { function Test_isBadRequest (line 2641) | func Test_isBadRequest(t *testing.T) { function Test_validatePolicy (line 2683) | func Test_validatePolicy(t *testing.T) { FILE: authority/admin/api/provisioner.go type GetProvisionersResponse (line 23) | type GetProvisionersResponse struct function GetProvisioner (line 29) | func GetProvisioner(w http.ResponseWriter, r *http.Request) { function GetProvisioners (line 62) | func GetProvisioners(w http.ResponseWriter, r *http.Request) { function CreateProvisioner (line 82) | func CreateProvisioner(w http.ResponseWriter, r *http.Request) { function DeleteProvisioner (line 109) | func DeleteProvisioner(w http.ResponseWriter, r *http.Request) { function UpdateProvisioner (line 140) | func UpdateProvisioner(w http.ResponseWriter, r *http.Request) { function validateTemplates (line 205) | func validateTemplates(x509, ssh *linkedca.Template) error { FILE: authority/admin/api/provisioner_test.go function TestHandler_GetProvisioner (line 28) | func TestHandler_GetProvisioner(t *testing.T) { function TestHandler_GetProvisioners (line 200) | func TestHandler_GetProvisioners(t *testing.T) { function TestHandler_CreateProvisioner (line 324) | func TestHandler_CreateProvisioner(t *testing.T) { function TestHandler_DeleteProvisioner (line 474) | func TestHandler_DeleteProvisioner(t *testing.T) { function TestHandler_UpdateProvisioner (line 629) | func TestHandler_UpdateProvisioner(t *testing.T) { function Test_validateTemplates (line 1189) | func Test_validateTemplates(t *testing.T) { FILE: authority/admin/api/webhook.go type WebhookAdminResponder (line 19) | type WebhookAdminResponder interface type webhookAdminResponder (line 26) | type webhookAdminResponder struct method CreateProvisionerWebhook (line 66) | func (war *webhookAdminResponder) CreateProvisionerWebhook(w http.Resp... method DeleteProvisionerWebhook (line 131) | func (war *webhookAdminResponder) DeleteProvisionerWebhook(w http.Resp... method UpdateProvisionerWebhook (line 165) | func (war *webhookAdminResponder) UpdateProvisionerWebhook(w http.Resp... function NewWebhookAdminResponder (line 29) | func NewWebhookAdminResponder() WebhookAdminResponder { function validateWebhook (line 33) | func validateWebhook(webhook *linkedca.Webhook) error { FILE: authority/admin/api/webhook_test.go function assertEqualWebhook (line 23) | func assertEqualWebhook(t *testing.T, a, b *linkedca.Webhook) { function TestWebhookAdminResponder_CreateProvisionerWebhook (line 33) | func TestWebhookAdminResponder_CreateProvisionerWebhook(t *testing.T) { function TestWebhookAdminResponder_DeleteProvisionerWebhook (line 310) | func TestWebhookAdminResponder_DeleteProvisionerWebhook(t *testing.T) { function TestWebhookAdminResponder_UpdateProvisionerWebhook (line 427) | func TestWebhookAdminResponder_UpdateProvisionerWebhook(t *testing.T) { FILE: authority/admin/db.go constant DefaultAuthorityID (line 16) | DefaultAuthorityID = "00000000-0000-0000-0000-000000000000" function UnmarshalProvisionerDetails (line 24) | func UnmarshalProvisionerDetails(typ linkedca.Provisioner_Type, data []b... type DB (line 60) | type DB interface type dbKey (line 79) | type dbKey struct function NewContext (line 82) | func NewContext(ctx context.Context, db DB) context.Context { function FromContext (line 87) | func FromContext(ctx context.Context) (db DB, ok bool) { function MustFromContext (line 94) | func MustFromContext(ctx context.Context) DB { type MockDB (line 107) | type MockDB struct method CreateProvisioner (line 130) | func (m *MockDB) CreateProvisioner(ctx context.Context, prov *linkedca... method GetProvisioner (line 140) | func (m *MockDB) GetProvisioner(ctx context.Context, id string) (*link... method GetProvisioners (line 150) | func (m *MockDB) GetProvisioners(ctx context.Context) ([]*linkedca.Pro... method UpdateProvisioner (line 160) | func (m *MockDB) UpdateProvisioner(ctx context.Context, prov *linkedca... method DeleteProvisioner (line 168) | func (m *MockDB) DeleteProvisioner(ctx context.Context, id string) err... method CreateAdmin (line 176) | func (m *MockDB) CreateAdmin(ctx context.Context, admin *linkedca.Admi... method GetAdmin (line 184) | func (m *MockDB) GetAdmin(ctx context.Context, id string) (*linkedca.A... method GetAdmins (line 194) | func (m *MockDB) GetAdmins(ctx context.Context) ([]*linkedca.Admin, er... method UpdateAdmin (line 204) | func (m *MockDB) UpdateAdmin(ctx context.Context, adm *linkedca.Admin)... method DeleteAdmin (line 212) | func (m *MockDB) DeleteAdmin(ctx context.Context, id string) error { method CreateAuthorityPolicy (line 220) | func (m *MockDB) CreateAuthorityPolicy(ctx context.Context, policy *li... method GetAuthorityPolicy (line 228) | func (m *MockDB) GetAuthorityPolicy(ctx context.Context) (*linkedca.Po... method UpdateAuthorityPolicy (line 236) | func (m *MockDB) UpdateAuthorityPolicy(ctx context.Context, policy *li... method DeleteAuthorityPolicy (line 244) | func (m *MockDB) DeleteAuthorityPolicy(ctx context.Context) error { FILE: authority/admin/db/nosql/admin.go type dbAdmin (line 16) | type dbAdmin struct method convert (line 26) | func (dba *dbAdmin) convert() *linkedca.Admin { method clone (line 38) | func (dba *dbAdmin) clone() *dbAdmin { method getDBAdminBytes (line 43) | func (db *DB) getDBAdminBytes(_ context.Context, id string) ([]byte, err... method unmarshalDBAdmin (line 53) | func (db *DB) unmarshalDBAdmin(data []byte, id string) (*dbAdmin, error) { method getDBAdmin (line 68) | func (db *DB) getDBAdmin(ctx context.Context, id string) (*dbAdmin, erro... method unmarshalAdmin (line 80) | func (db *DB) unmarshalAdmin(data []byte, id string) (*linkedca.Admin, e... method GetAdmin (line 89) | func (db *DB) GetAdmin(ctx context.Context, id string) (*linkedca.Admin,... method GetAdmins (line 105) | func (db *DB) GetAdmins(context.Context) ([]*linkedca.Admin, error) { method CreateAdmin (line 132) | func (db *DB) CreateAdmin(ctx context.Context, adm *linkedca.Admin) error { method UpdateAdmin (line 153) | func (db *DB) UpdateAdmin(ctx context.Context, adm *linkedca.Admin) error { method DeleteAdmin (line 166) | func (db *DB) DeleteAdmin(ctx context.Context, id string) error { FILE: authority/admin/db/nosql/admin_test.go function TestDB_getDBAdminBytes (line 19) | func TestDB_getDBAdminBytes(t *testing.T) { function TestDB_getDBAdmin (line 92) | func TestDB_getDBAdmin(t *testing.T) { function TestDB_unmarshalDBAdmin (line 222) | func TestDB_unmarshalDBAdmin(t *testing.T) { function TestDB_unmarshalAdmin (line 310) | func TestDB_unmarshalAdmin(t *testing.T) { function TestDB_GetAdmin (line 385) | func TestDB_GetAdmin(t *testing.T) { function TestDB_DeleteAdmin (line 539) | func TestDB_DeleteAdmin(t *testing.T) { function TestDB_UpdateAdmin (line 683) | func TestDB_UpdateAdmin(t *testing.T) { function TestDB_CreateAdmin (line 834) | func TestDB_CreateAdmin(t *testing.T) { function TestDB_GetAdmins (line 932) | func TestDB_GetAdmins(t *testing.T) { FILE: authority/admin/db/nosql/nosql.go type DB (line 20) | type DB struct method save (line 39) | func (db *DB) save(_ context.Context, id string, nu, old interface{}, ... function New (line 26) | func New(db nosqlDB.DB, authorityID string) (*DB, error) { function randID (line 73) | func randID() (val string, err error) { type Clock (line 82) | type Clock struct method Now (line 85) | func (c *Clock) Now() time.Time { FILE: authority/admin/db/nosql/policy.go type dbX509Policy (line 14) | type dbX509Policy struct type dbX509Names (line 20) | type dbX509Names struct type dbSSHPolicy (line 28) | type dbSSHPolicy struct type dbSSHHostPolicy (line 35) | type dbSSHHostPolicy struct type dbSSHHostNames (line 40) | type dbSSHHostNames struct type dbSSHUserPolicy (line 46) | type dbSSHUserPolicy struct type dbSSHUserNames (line 51) | type dbSSHUserNames struct type dbPolicy (line 56) | type dbPolicy struct type dbAuthorityPolicy (line 61) | type dbAuthorityPolicy struct method convert (line 67) | func (dbap *dbAuthorityPolicy) convert() *linkedca.Policy { method getDBAuthorityPolicyBytes (line 74) | func (db *DB) getDBAuthorityPolicyBytes(_ context.Context, authorityID s... method unmarshalDBAuthorityPolicy (line 84) | func (db *DB) unmarshalDBAuthorityPolicy(data []byte) (*dbAuthorityPolic... method getDBAuthorityPolicy (line 96) | func (db *DB) getDBAuthorityPolicy(ctx context.Context, authorityID stri... method CreateAuthorityPolicy (line 116) | func (db *DB) CreateAuthorityPolicy(ctx context.Context, policy *linkedc... method GetAuthorityPolicy (line 130) | func (db *DB) GetAuthorityPolicy(ctx context.Context) (*linkedca.Policy,... method UpdateAuthorityPolicy (line 139) | func (db *DB) UpdateAuthorityPolicy(ctx context.Context, policy *linkedc... method DeleteAuthorityPolicy (line 158) | func (db *DB) DeleteAuthorityPolicy(ctx context.Context) error { function dbToLinked (line 171) | func dbToLinked(p *dbPolicy) *linkedca.Policy { function linkedToDB (line 231) | func linkedToDB(p *linkedca.Policy) *dbPolicy { FILE: authority/admin/db/nosql/policy_test.go function TestDB_getDBAuthorityPolicyBytes (line 18) | func TestDB_getDBAuthorityPolicyBytes(t *testing.T) { function TestDB_getDBAuthorityPolicy (line 96) | func TestDB_getDBAuthorityPolicy(t *testing.T) { function TestDB_CreateAuthorityPolicy (line 236) | func TestDB_CreateAuthorityPolicy(t *testing.T) { function TestDB_GetAuthorityPolicy (line 331) | func TestDB_GetAuthorityPolicy(t *testing.T) { function TestDB_UpdateAuthorityPolicy (line 432) | func TestDB_UpdateAuthorityPolicy(t *testing.T) { function TestDB_DeleteAuthorityPolicy (line 601) | func TestDB_DeleteAuthorityPolicy(t *testing.T) { function Test_linkedToDB (line 741) | func Test_linkedToDB(t *testing.T) { function Test_dbToLinked (line 978) | func Test_dbToLinked(t *testing.T) { FILE: authority/admin/db/nosql/provisioner.go type dbProvisioner (line 16) | type dbProvisioner struct method clone (line 47) | func (dbp *dbProvisioner) clone() *dbProvisioner { method convert2linkedca (line 52) | func (dbp *dbProvisioner) convert2linkedca() (*linkedca.Provisioner, e... type dbBasicAuth (line 30) | type dbBasicAuth struct type dbWebhook (line 35) | type dbWebhook struct method getDBProvisionerBytes (line 73) | func (db *DB) getDBProvisionerBytes(_ context.Context, id string) ([]byt... method unmarshalDBProvisioner (line 83) | func (db *DB) unmarshalDBProvisioner(data []byte, id string) (*dbProvisi... method getDBProvisioner (line 98) | func (db *DB) getDBProvisioner(ctx context.Context, id string) (*dbProvi... method unmarshalProvisioner (line 110) | func (db *DB) unmarshalProvisioner(data []byte, id string) (*linkedca.Pr... method GetProvisioner (line 120) | func (db *DB) GetProvisioner(ctx context.Context, id string) (*linkedca.... method GetProvisioners (line 135) | func (db *DB) GetProvisioners(_ context.Context) ([]*linkedca.Provisione... method CreateProvisioner (line 162) | func (db *DB) CreateProvisioner(ctx context.Context, prov *linkedca.Prov... method UpdateProvisioner (line 195) | func (db *DB) UpdateProvisioner(ctx context.Context, prov *linkedca.Prov... method DeleteProvisioner (line 220) | func (db *DB) DeleteProvisioner(ctx context.Context, id string) error { function dbWebhooksToLinkedca (line 232) | func dbWebhooksToLinkedca(dbwhs []dbWebhook) []*linkedca.Webhook { function linkedcaWebhooksToDB (line 268) | func linkedcaWebhooksToDB(lwhs []*linkedca.Webhook) []dbWebhook { FILE: authority/admin/db/nosql/provisioner_test.go function TestDB_getDBProvisionerBytes (line 18) | func TestDB_getDBProvisionerBytes(t *testing.T) { function TestDB_getDBProvisioner (line 91) | func TestDB_getDBProvisioner(t *testing.T) { function TestDB_unmarshalDBProvisioner (line 220) | func TestDB_unmarshalDBProvisioner(t *testing.T) { function defaultDBP (line 311) | func defaultDBP(t *testing.T) *dbProvisioner { function TestDB_unmarshalProvisioner (line 371) | func TestDB_unmarshalProvisioner(t *testing.T) { function TestDB_GetProvisioner (line 444) | func TestDB_GetProvisioner(t *testing.T) { function TestDB_DeleteProvisioner (line 583) | func TestDB_DeleteProvisioner(t *testing.T) { function TestDB_GetProvisioners (line 721) | func TestDB_GetProvisioners(t *testing.T) { function TestDB_CreateProvisioner (line 886) | func TestDB_CreateProvisioner(t *testing.T) { function TestDB_UpdateProvisioner (line 994) | func TestDB_UpdateProvisioner(t *testing.T) { function Test_linkedcaWebhooksToDB (line 1238) | func Test_linkedcaWebhooksToDB(t *testing.T) { function Test_dbWebhooksToLinkedca (line 1318) | func Test_dbWebhooksToLinkedca(t *testing.T) { FILE: authority/admin/errors.go type ProblemType (line 13) | type ProblemType method String (line 37) | func (ap ProblemType) String() string { constant ErrorNotFoundType (line 17) | ErrorNotFoundType ProblemType = iota constant ErrorAuthorityMismatchType (line 20) | ErrorAuthorityMismatchType constant ErrorDeletedType (line 22) | ErrorDeletedType constant ErrorBadRequestType (line 24) | ErrorBadRequestType constant ErrorNotImplementedType (line 26) | ErrorNotImplementedType constant ErrorUnauthorizedType (line 28) | ErrorUnauthorizedType constant ErrorServerInternalType (line 30) | ErrorServerInternalType constant ErrorConflictType (line 32) | ErrorConflictType type errorMetadata (line 60) | type errorMetadata struct type Error (line 114) | type Error struct method IsType (line 123) | func (e *Error) IsType(pt ProblemType) bool { method StatusCode (line 181) | func (e *Error) StatusCode() int { method Error (line 186) | func (e *Error) Error() string { method Cause (line 191) | func (e *Error) Cause() error { method ToLog (line 199) | func (e *Error) ToLog() (interface{}, error) { method Render (line 208) | func (e *Error) Render(w http.ResponseWriter, r *http.Request) { function NewError (line 128) | func NewError(pt ProblemType, msg string, args ...interface{}) *Error { function newError (line 132) | func newError(pt ProblemType, err error) *Error { function NewErrorISE (line 153) | func NewErrorISE(msg string, args ...interface{}) *Error { function WrapError (line 158) | func WrapError(typ ProblemType, err error, msg string, args ...interface... function WrapErrorISE (line 176) | func WrapErrorISE(err error, msg string, args ...interface{}) *Error { FILE: authority/administrator/collection.go constant DefaultAdminLimit (line 14) | DefaultAdminLimit = 20 constant DefaultAdminMax (line 17) | DefaultAdminMax = 100 type adminSlice (line 19) | type adminSlice method Len (line 21) | func (p adminSlice) Len() int { return len(p) } method Less (line 22) | func (p adminSlice) Less(i, j int) bool { return p[i].Id < p[j].Id } method Swap (line 23) | func (p adminSlice) Swap(i, j int) { p[i], p[j] = p[j], p[i] } type Collection (line 26) | type Collection struct method LoadByID (line 49) | func (c *Collection) LoadByID(id string) (*linkedca.Admin, bool) { method LoadBySubProv (line 63) | func (c *Collection) LoadBySubProv(sub, provName string) (*linkedca.Ad... method LoadByProvisioner (line 68) | func (c *Collection) LoadByProvisioner(provName string) ([]*linkedca.A... method Store (line 82) | func (c *Collection) Store(adm *linkedca.Admin, prov provisioner.Inter... method Remove (line 123) | func (c *Collection) Remove(id string) error { method Update (line 181) | func (c *Collection) Update(id string, nu *linkedca.Admin) (*linkedca.... method SuperCount (line 198) | func (c *Collection) SuperCount() int { method SuperCountByProvisioner (line 203) | func (c *Collection) SuperCountByProvisioner(provName string) int { method Find (line 211) | func (c *Collection) Find(cursor string, limit int) ([]*linkedca.Admin... function NewCollection (line 38) | func NewCollection(provisioners *provisioner.Collection) *Collection { type subProv (line 53) | type subProv struct function newSubProv (line 58) | func newSubProv(subject, prov string) subProv { function loadAdmin (line 233) | func loadAdmin(m *sync.Map, key interface{}) (*linkedca.Admin, bool) { FILE: authority/admins.go method LoadAdminByID (line 12) | func (a *Authority) LoadAdminByID(id string) (*linkedca.Admin, bool) { method LoadAdminBySubProv (line 19) | func (a *Authority) LoadAdminBySubProv(subject, prov string) (*linkedca.... method GetAdmins (line 27) | func (a *Authority) GetAdmins(cursor string, limit int) ([]*linkedca.Adm... method StoreAdmin (line 35) | func (a *Authority) StoreAdmin(ctx context.Context, adm *linkedca.Admin,... method UpdateAdmin (line 61) | func (a *Authority) UpdateAdmin(ctx context.Context, id string, nu *link... method RemoveAdmin (line 78) | func (a *Authority) RemoveAdmin(ctx context.Context, id string) error { method removeAdmin (line 86) | func (a *Authority) removeAdmin(ctx context.Context, id string) error { FILE: authority/authority.go type Authority (line 43) | type Authority struct method ReloadAdminResources (line 242) | func (a *Authority) ReloadAdminResources(ctx context.Context) error { method init (line 323) | func (a *Authority) init() error { method initLogf (line 872) | func (a *Authority) initLogf(format string, v ...any) { method GetID (line 879) | func (a *Authority) GetID() string { method GetDatabase (line 889) | func (a *Authority) GetDatabase() db.AuthDB { method GetAdminDatabase (line 894) | func (a *Authority) GetAdminDatabase() admin.DB { method GetConfig (line 899) | func (a *Authority) GetConfig() *config.Config { method GetBackdate (line 906) | func (a *Authority) GetBackdate() *time.Duration { method GetInfo (line 915) | func (a *Authority) GetInfo() Info { method IsAdminAPIEnabled (line 932) | func (a *Authority) IsAdminAPIEnabled() bool { method Shutdown (line 937) | func (a *Authority) Shutdown() error { method CloseForReload (line 950) | func (a *Authority) CloseForReload() { method IsRevoked (line 966) | func (a *Authority) IsRevoked(sn string) (bool, error) { method requiresSCEP (line 979) | func (a *Authority) requiresSCEP() bool { method getSCEPProvisionerNames (line 990) | func (a *Authority) getSCEPProvisionerNames() (names []string) { method GetSCEP (line 1001) | func (a *Authority) GetSCEP() *scep.Authority { method HasACMEProvisioner (line 1006) | func (a *Authority) HasACMEProvisioner() bool { method startCRLGenerator (line 1015) | func (a *Authority) startCRLGenerator() error { type Info (line 117) | type Info struct function New (line 126) | func New(cfg *config.Config, opts ...Option) (*Authority, error) { function NewEmbedded (line 167) | func NewEmbedded(opts ...Option) (*Authority, error) { type authorityKey (line 215) | type authorityKey struct function NewContext (line 218) | func NewContext(ctx context.Context, a *Authority) context.Context { function FromContext (line 223) | func FromContext(ctx context.Context) (a *Authority, ok bool) { function MustFromContext (line 230) | func MustFromContext(ctx context.Context) *Authority { FILE: authority/authority_test.go function TestMain (line 29) | func TestMain(m *testing.M) { function testAuthority (line 39) | func testAuthority(t *testing.T, opts ...Option) *Authority { function TestAuthorityNew (line 121) | func TestAuthorityNew(t *testing.T) { function TestAuthorityNew_bundles (line 203) | func TestAuthorityNew_bundles(t *testing.T) { function TestAuthority_GetDatabase (line 327) | func TestAuthority_GetDatabase(t *testing.T) { function TestNewEmbedded (line 349) | func TestNewEmbedded(t *testing.T) { function TestNewEmbedded_Sign (line 422) | func TestNewEmbedded_Sign(t *testing.T) { function TestNewEmbedded_GetTLSCertificate (line 448) | func TestNewEmbedded_GetTLSCertificate(t *testing.T) { function TestAuthority_CloseForReload (line 468) | func TestAuthority_CloseForReload(t *testing.T) { function testScepAuthority (line 482) | func testScepAuthority(t *testing.T, opts ...Option) *Authority { function TestAuthority_GetSCEP (line 506) | func TestAuthority_GetSCEP(t *testing.T) { function TestAuthority_GetID (line 578) | func TestAuthority_GetID(t *testing.T) { FILE: authority/authorize.go type Claims (line 25) | type Claims struct type skipTokenReuseKey (line 32) | type skipTokenReuseKey struct function NewContextWithSkipTokenReuse (line 36) | func NewContextWithSkipTokenReuse(ctx context.Context) context.Context { function SkipTokenReuseFromContext (line 41) | func SkipTokenReuseFromContext(ctx context.Context) bool { method getProvisionerFromToken (line 48) | func (a *Authority) getProvisionerFromToken(token string) (provisioner.I... method authorizeToken (line 78) | func (a *Authority) authorizeToken(ctx context.Context, token string) (p... method AuthorizeAdminToken (line 105) | func (a *Authority) AuthorizeAdminToken(r *http.Request, token string) (... method UseToken (line 201) | func (a *Authority) UseToken(ctx context.Context, token string, prov pro... method Authorize (line 230) | func (a *Authority) Authorize(ctx context.Context, token string) ([]prov... method authorizeSign (line 266) | func (a *Authority) authorizeSign(ctx context.Context, token string) ([]... method AuthorizeSign (line 282) | func (a *Authority) AuthorizeSign(token string) ([]provisioner.SignOptio... method authorizeRevoke (line 290) | func (a *Authority) authorizeRevoke(ctx context.Context, token string) e... method authorizeRenew (line 306) | func (a *Authority) authorizeRenew(ctx context.Context, cert *x509.Certi... method authorizeSSHCertificate (line 335) | func (a *Authority) authorizeSSHCertificate(_ context.Context, cert *ssh... method authorizeSSHSign (line 359) | func (a *Authority) authorizeSSHSign(ctx context.Context, token string) ... method authorizeSSHRenew (line 373) | func (a *Authority) authorizeSSHRenew(ctx context.Context, token string)... method authorizeSSHRekey (line 387) | func (a *Authority) authorizeSSHRekey(ctx context.Context, token string)... method authorizeSSHRevoke (line 401) | func (a *Authority) authorizeSSHRevoke(ctx context.Context, token string... method AuthorizeRenewToken (line 414) | func (a *Authority) AuthorizeRenewToken(ctx context.Context, ott string)... function matchesAudience (line 468) | func matchesAudience(as, bs []string) bool { function stripPort (line 485) | func stripPort(rawurl string) string { FILE: authority/authorize_test.go type tokOption (line 44) | type tokOption function withSSHPOPFile (line 46) | func withSSHPOPFile(cert *ssh.Certificate) tokOption { function generateToken (line 53) | func generateToken(sub, iss, aud string, sans []string, iat time.Time, j... function generateCustomToken (line 92) | func generateCustomToken(sub, iss, aud string, jwk *jose.JSONWebKey, ext... function TestAuthority_authorizeToken (line 125) | func TestAuthority_authorizeToken(t *testing.T) { function TestAuthority_authorizeRevoke (line 401) | func TestAuthority_authorizeRevoke(t *testing.T) { function TestAuthority_authorizeSign (line 485) | func TestAuthority_authorizeSign(t *testing.T) { function TestAuthority_Authorize (line 572) | func TestAuthority_Authorize(t *testing.T) { function TestAuthority_authorizeRenew (line 833) | func TestAuthority_authorizeRenew(t *testing.T) { function generateSimpleSSHUserToken (line 969) | func generateSimpleSSHUserToken(iss, aud string, jwk *jose.JSONWebKey) (... type stepPayload (line 976) | type stepPayload struct function generateSSHToken (line 980) | func generateSSHToken(sub, iss, aud string, iat time.Time, sshOpts *prov... function createSSHCert (line 1014) | func createSSHCert(cert *ssh.Certificate, signer ssh.Signer) (*ssh.Certi... function TestAuthority_authorizeSSHSign (line 1036) | func TestAuthority_authorizeSSHSign(t *testing.T) { function TestAuthority_authorizeSSHRenew (line 1115) | func TestAuthority_authorizeSSHRenew(t *testing.T) { function TestAuthority_authorizeSSHRevoke (line 1232) | func TestAuthority_authorizeSSHRevoke(t *testing.T) { function TestAuthority_authorizeSSHRekey (line 1330) | func TestAuthority_authorizeSSHRekey(t *testing.T) { function TestAuthority_AuthorizeRenewToken (line 1426) | func TestAuthority_AuthorizeRenewToken(t *testing.T) { FILE: authority/config/config.go constant legacyAuthority (line 24) | legacyAuthority = "step-certificate-authority" type Config (line 67) | type Config struct method Init (line 242) | func (c *Config) Init() { method Save (line 262) | func (c *Config) Save(filename string) error { method Commit (line 280) | func (c *Config) Commit() error { method WasLoadedFromFile (line 289) | func (c *Config) WasLoadedFromFile() bool { method Filepath (line 295) | func (c *Config) Filepath() string { method Validate (line 300) | func (c *Config) Validate() error { method GetAudiences (line 386) | func (c *Config) GetAudiences() provisioner.Audiences { method Audience (line 428) | func (c *Config) Audience(path string) []string { type CRLConfig (line 94) | type CRLConfig struct method IsEnabled (line 103) | func (c *CRLConfig) IsEnabled() bool { method Validate (line 108) | func (c *CRLConfig) Validate() error { method TickerDuration (line 131) | func (c *CRLConfig) TickerDuration() time.Duration { type ASN1DN (line 145) | type ASN1DN struct type AuthConfig (line 159) | type AuthConfig struct method init (line 176) | func (c *AuthConfig) init() { method Validate (line 191) | func (c *AuthConfig) Validate(provisioner.Audiences) error { function LoadConfiguration (line 219) | func LoadConfiguration(filename string) (*Config, error) { function toHostname (line 439) | func toHostname(name string) string { FILE: authority/config/config_test.go function TestConfigValidate (line 15) | func TestConfigValidate(t *testing.T) { function TestAuthConfigValidate (line 228) | func TestAuthConfigValidate(t *testing.T) { function Test_toHostname (line 309) | func Test_toHostname(t *testing.T) { function TestConfig_Audience (line 329) | func TestConfig_Audience(t *testing.T) { FILE: authority/config/ssh.go type SSHConfig (line 11) | type SSHConfig struct method Validate (line 45) | func (c *SSHConfig) Validate() error { type Bastion (line 21) | type Bastion struct type HostTag (line 31) | type HostTag struct type Host (line 38) | type Host struct type SSHPublicKey (line 59) | type SSHPublicKey struct method Validate (line 67) | func (k *SSHPublicKey) Validate() error { method PublicKey (line 86) | func (k *SSHPublicKey) PublicKey() ssh.PublicKey { type SSHKeys (line 91) | type SSHKeys struct FILE: authority/config/ssh_test.go function TestSSHPublicKey_Validate (line 12) | func TestSSHPublicKey_Validate(t *testing.T) { function TestSSHPublicKey_PublicKey (line 46) | func TestSSHPublicKey_PublicKey(t *testing.T) { FILE: authority/config/tls_options.go type TLSVersion (line 50) | type TLSVersion method Validate (line 54) | func (v TLSVersion) Validate() error { method Value (line 62) | func (v TLSVersion) Value() uint16 { method String (line 67) | func (v TLSVersion) String() string { type CipherSuites (line 96) | type CipherSuites method Validate (line 100) | func (c CipherSuites) Validate() error { method Value (line 110) | func (c CipherSuites) Value() []uint16 { type TLSOptions (line 156) | type TLSOptions struct method TLSConfig (line 164) | func (t *TLSOptions) TLSConfig() *tls.Config { FILE: authority/config/tls_options_test.go function TestTLSVersion_Validate (line 9) | func TestTLSVersion_Validate(t *testing.T) { function TestTLSVersion_String (line 31) | func TestTLSVersion_String(t *testing.T) { function TestCipherSuites_Validate (line 53) | func TestCipherSuites_Validate(t *testing.T) { function TestCipherSuites_Value (line 92) | func TestCipherSuites_Value(t *testing.T) { function TestTLSOptions_TLSConfig (line 131) | func TestTLSOptions_TLSConfig(t *testing.T) { FILE: authority/config/types.go type multiString (line 11) | type multiString method First (line 15) | func (s multiString) First() string { method HasEmpties (line 23) | func (s multiString) HasEmpties() bool { method MarshalJSON (line 38) | func (s multiString) MarshalJSON() ([]byte, error) { method UnmarshalJSON (line 50) | func (s *multiString) UnmarshalJSON(data []byte) error { FILE: authority/config/types_test.go function Test_multiString_First (line 8) | func Test_multiString_First(t *testing.T) { function Test_multiString_Empties (line 27) | func Test_multiString_Empties(t *testing.T) { function Test_multiString_MarshalJSON (line 48) | func Test_multiString_MarshalJSON(t *testing.T) { function Test_multiString_UnmarshalJSON (line 73) | func Test_multiString_UnmarshalJSON(t *testing.T) { FILE: authority/export.go method Export (line 24) | func (a *Authority) Export() (c *linkedca.Configuration, err error) { function mustDuration (line 226) | func mustDuration(d *provisioner.Duration) string { function mustMarshalToStruct (line 233) | func mustMarshalToStruct(v interface{}) *structpb.Struct { function mustReadFileOrURI (line 245) | func mustReadFileOrURI(fn string, m map[string][]byte) string { function mustReadFilesOrURIs (line 272) | func mustReadFilesOrURIs(fns []string, m map[string][]byte) []string { function isFilename (line 280) | func isFilename(fn string) (bool, error) { FILE: authority/http_client.go function initializeSystemCertPool (line 20) | func initializeSystemCertPool() error { function newHTTPClient (line 33) | func newHTTPClient(wt httptransport.Wrapper, roots ...*x509.Certificate)... FILE: authority/http_client_test.go function mustCertificate (line 23) | func mustCertificate(t *testing.T, a *Authority, csr *x509.CertificateRe... function Test_newHTTPClient (line 60) | func Test_newHTTPClient(t *testing.T) { FILE: authority/internal/constraints/constraints.go type ConstraintError (line 15) | type ConstraintError struct method Error (line 22) | func (e ConstraintError) Error() string { method As (line 28) | func (e ConstraintError) As(v any) bool { type Engine (line 42) | type Engine struct method Validate (line 79) | func (e *Engine) Validate(dnsNames []string, ipAddresses []net.IP, ema... method ValidateCertificate (line 133) | func (e *Engine) ValidateCertificate(cert *x509.Certificate) error { function New (line 56) | func New(chain ...*x509.Certificate) *Engine { FILE: authority/internal/constraints/constraints_test.go function TestNew (line 13) | func TestNew(t *testing.T) { function TestNew_hasNameConstraints (line 82) | func TestNew_hasNameConstraints(t *testing.T) { function TestEngine_Validate (line 113) | func TestEngine_Validate(t *testing.T) { function TestEngine_Validate_nil (line 257) | func TestEngine_Validate_nil(t *testing.T) { function TestEngine_ValidateCertificate (line 264) | func TestEngine_ValidateCertificate(t *testing.T) { FILE: authority/internal/constraints/verify.go function checkNameConstraints (line 40) | func checkNameConstraints(nameType, name string, parsedName, permitted, ... function matchDomainConstraint (line 92) | func matchDomainConstraint(domain, constraint string) (bool, error) { function normalizeIP (line 134) | func normalizeIP(ip net.IP) net.IP { function matchIPConstraint (line 141) | func matchIPConstraint(ip net.IP, constraint *net.IPNet) (bool, error) { function matchEmailConstraint (line 157) | func matchEmailConstraint(mailbox rfc2821Mailbox, constraint string) (bo... function matchURIConstraint (line 173) | func matchURIConstraint(uri *url.URL, constraint string) (bool, error) { function domainToReverseLabels (line 205) | func domainToReverseLabels(domain string) (reverseLabels []string, ok bo... type rfc2821Mailbox (line 241) | type rfc2821Mailbox struct function parseRFC2821Mailbox (line 249) | func parseRFC2821Mailbox(in string) (mailbox rfc2821Mailbox, ok bool) { FILE: authority/linkedca.go constant uuidPattern (line 34) | uuidPattern = "^[a-fA-F0-9]{8}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]... type linkedCaClient (line 36) | type linkedCaClient struct method IsLinkedCA (line 129) | func (c *linkedCaClient) IsLinkedCA() bool { method Run (line 133) | func (c *linkedCaClient) Run() { method Stop (line 137) | func (c *linkedCaClient) Stop() { method CreateProvisioner (line 141) | func (c *linkedCaClient) CreateProvisioner(ctx context.Context, prov *... method GetProvisioner (line 158) | func (c *linkedCaClient) GetProvisioner(ctx context.Context, id string... method GetProvisioners (line 168) | func (c *linkedCaClient) GetProvisioners(ctx context.Context) ([]*link... method GetConfiguration (line 176) | func (c *linkedCaClient) GetConfiguration(ctx context.Context) (*linke... method UpdateProvisioner (line 186) | func (c *linkedCaClient) UpdateProvisioner(ctx context.Context, prov *... method DeleteProvisioner (line 198) | func (c *linkedCaClient) DeleteProvisioner(ctx context.Context, id str... method CreateAdmin (line 205) | func (c *linkedCaClient) CreateAdmin(ctx context.Context, adm *linkedc... method GetAdmin (line 219) | func (c *linkedCaClient) GetAdmin(ctx context.Context, id string) (*li... method GetAdmins (line 229) | func (c *linkedCaClient) GetAdmins(ctx context.Context) ([]*linkedca.A... method UpdateAdmin (line 237) | func (c *linkedCaClient) UpdateAdmin(ctx context.Context, adm *linkedc... method DeleteAdmin (line 245) | func (c *linkedCaClient) DeleteAdmin(ctx context.Context, id string) e... method GetCertificateData (line 252) | func (c *linkedCaClient) GetCertificateData(serial string) (*db.Certif... method StoreCertificateChain (line 286) | func (c *linkedCaClient) StoreCertificateChain(p provisioner.Interface... method StoreRenewedCertificate (line 301) | func (c *linkedCaClient) StoreRenewedCertificate(parent *x509.Certific... method StoreSSHCertificate (line 312) | func (c *linkedCaClient) StoreSSHCertificate(p provisioner.Interface, ... method StoreRenewedSSHCertificate (line 322) | func (c *linkedCaClient) StoreRenewedSSHCertificate(p provisioner.Inte... method Revoke (line 333) | func (c *linkedCaClient) Revoke(crt *x509.Certificate, rci *db.Revoked... method RevokeSSH (line 347) | func (c *linkedCaClient) RevokeSSH(cert *ssh.Certificate, rci *db.Revo... method IsRevoked (line 361) | func (c *linkedCaClient) IsRevoked(serial string) (bool, error) { method IsSSHRevoked (line 373) | func (c *linkedCaClient) IsSSHRevoked(serial string) (bool, error) { method CreateAuthorityPolicy (line 385) | func (c *linkedCaClient) CreateAuthorityPolicy(_ context.Context, _ *l... method GetAuthorityPolicy (line 389) | func (c *linkedCaClient) GetAuthorityPolicy(context.Context) (*linkedc... method UpdateAuthorityPolicy (line 393) | func (c *linkedCaClient) UpdateAuthorityPolicy(_ context.Context, _ *l... method DeleteAuthorityPolicy (line 397) | func (c *linkedCaClient) DeleteAuthorityPolicy(context.Context) error { type linkedCAClaims (line 45) | type linkedCAClaims struct function newLinkedCAClient (line 51) | func newLinkedCAClient(token string) (*linkedCaClient, error) { function createProvisionerIdentity (line 401) | func createProvisionerIdentity(p provisioner.Interface) *linkedca.Provis... function createRegistrationAuthorityProvisioner (line 412) | func createRegistrationAuthorityProvisioner(p provisioner.Interface) (*l... function createAttestationData (line 429) | func createAttestationData(p provisioner.Interface) *linkedca.Attestatio... function serializeCertificate (line 440) | func serializeCertificate(crt *x509.Certificate) string { function serializeCertificateChain (line 450) | func serializeCertificateChain(fullchain ...*x509.Certificate) string { function serializeSSHCertificate (line 461) | func serializeSSHCertificate(crt *ssh.Certificate) string { function getAuthority (line 468) | func getAuthority(sans []string) (string, error) { function getRootCertificate (line 481) | func getRootCertificate(endpoint, fingerprint string) (*x509.Certificate... function login (line 531) | func login(authority, token string, csr *x509.CertificateRequest, signer... FILE: authority/meter.go type Meter (line 16) | type Meter interface type noopMeter (line 52) | type noopMeter struct method SSHRekeyed (line 54) | func (noopMeter) SSHRekeyed(*ssh.Certificate, provisioner.Interface, e... method SSHRenewed (line 55) | func (noopMeter) SSHRenewed(*ssh.Certificate, provisioner.Interface, e... method SSHSigned (line 56) | func (noopMeter) SSHSigned(*ssh.Certificate, provisioner.Interface, er... method SSHWebhookAuthorized (line 57) | func (noopMeter) SSHWebhookAuthorized(provisioner.Interface, error) ... method SSHWebhookEnriched (line 58) | func (noopMeter) SSHWebhookEnriched(provisioner.Interface, error) ... method X509Rekeyed (line 59) | func (noopMeter) X509Rekeyed([]*x509.Certificate, provisioner.Interfac... method X509Renewed (line 60) | func (noopMeter) X509Renewed([]*x509.Certificate, provisioner.Interfac... method X509Signed (line 61) | func (noopMeter) X509Signed([]*x509.Certificate, provisioner.Interface... method X509WebhookAuthorized (line 62) | func (noopMeter) X509WebhookAuthorized(provisioner.Interface, error) ... method X509WebhookEnriched (line 63) | func (noopMeter) X509WebhookEnriched(provisioner.Interface, error) ... method KMSSigned (line 64) | func (noopMeter) KMSSigned(error) ... type instrumentedKeyManager (line 66) | type instrumentedKeyManager struct method CreateSigner (line 87) | func (i *instrumentedKeyManager) CreateSigner(req *kmsapi.CreateSigner... type instrumentedKeyAndDecrypterManager (line 71) | type instrumentedKeyAndDecrypterManager struct method CreateDecrypter (line 95) | func (i *instrumentedKeyAndDecrypterManager) CreateDecrypter(req *kmsa... function newInstrumentedKeyManager (line 77) | func newInstrumentedKeyManager(k kms.KeyManager, m Meter) kms.KeyManager { type instrumentedKMSSigner (line 99) | type instrumentedKMSSigner struct method Sign (line 104) | func (i *instrumentedKMSSigner) Sign(rand io.Reader, digest []byte, op... FILE: authority/options.go type Option (line 25) | type Option function WithConfig (line 29) | func WithConfig(cfg *config.Config) Option { function WithConfigFile (line 38) | func WithConfigFile(filename string) Option { function WithPassword (line 47) | func WithPassword(password []byte) Option { function WithSSHHostPassword (line 56) | func WithSSHHostPassword(password []byte) Option { function WithSSHUserPassword (line 65) | func WithSSHUserPassword(password []byte) Option { function WithIssuerPassword (line 74) | func WithIssuerPassword(password []byte) Option { function WithDatabase (line 83) | func WithDatabase(d db.AuthDB) Option { function WithQuietInit (line 91) | func WithQuietInit() Option { function WithWebhookClient (line 99) | func WithWebhookClient(c provisioner.HTTPClient) Option { function WithTransportWrapper (line 111) | func WithTransportWrapper(tw httptransport.Wrapper) Option { function WithGetIdentityFunc (line 124) | func WithGetIdentityFunc(fn func(ctx context.Context, p provisioner.Inte... function WithAuthorizeRenewFunc (line 133) | func WithAuthorizeRenewFunc(fn func(ctx context.Context, p *provisioner.... function WithAuthorizeSSHRenewFunc (line 142) | func WithAuthorizeSSHRenewFunc(fn func(ctx context.Context, p *provision... function WithSSHBastionFunc (line 151) | func WithSSHBastionFunc(fn func(ctx context.Context, user, host string) ... function WithSSHGetHosts (line 160) | func WithSSHGetHosts(fn func(ctx context.Context, cert *x509.Certificate... function WithSSHCheckHost (line 170) | func WithSSHCheckHost(fn func(ctx context.Context, principal string, tok... function WithKeyManager (line 179) | func WithKeyManager(k kms.KeyManager) Option { function WithX509CAService (line 188) | func WithX509CAService(svc casapi.CertificateAuthorityService) Option { function WithX509Signer (line 196) | func WithX509Signer(crt *x509.Certificate, s crypto.Signer) Option { function WithX509SignerChain (line 202) | func WithX509SignerChain(issuerChain []*x509.Certificate, s crypto.Signe... function WithX509SignerFunc (line 220) | func WithX509SignerFunc(fn func() ([]*x509.Certificate, crypto.Signer, e... function WithFullSCEPOptions (line 237) | func WithFullSCEPOptions(options *scep.Options) Option { function WithSCEPKeyManager (line 248) | func WithSCEPKeyManager(skm provisioner.SCEPKeyManager) Option { function WithSSHUserSigner (line 256) | func WithSSHUserSigner(s crypto.Signer) Option { function WithSSHHostSigner (line 272) | func WithSSHHostSigner(s crypto.Signer) Option { function WithX509RootCerts (line 290) | func WithX509RootCerts(rootCerts ...*x509.Certificate) Option { function WithX509FederatedCerts (line 300) | func WithX509FederatedCerts(certs ...*x509.Certificate) Option { function WithX509IntermediateCerts (line 319) | func WithX509IntermediateCerts(intermediateCerts ...*x509.Certificate) O... function WithX509RootBundle (line 328) | func WithX509RootBundle(pemCerts []byte) Option { function WithX509FederatedBundle (line 342) | func WithX509FederatedBundle(pemCerts []byte) Option { function WithAdminDB (line 354) | func WithAdminDB(d admin.DB) Option { function WithProvisioners (line 364) | func WithProvisioners(ps *provisioner.Collection) Option { function WithLinkedCAToken (line 373) | func WithLinkedCAToken(token string) Option { function WithX509Enforcers (line 382) | func WithX509Enforcers(ces ...provisioner.CertificateEnforcer) Option { function WithSkipInit (line 391) | func WithSkipInit() Option { function readCertificateBundle (line 398) | func readCertificateBundle(pemCerts []byte) ([]*x509.Certificate, error) { function WithMeter (line 421) | func WithMeter(m Meter) Option { FILE: authority/policy.go type policyErrorType (line 15) | type policyErrorType constant AdminLockOut (line 18) | AdminLockOut policyErrorType = iota + 1 constant StoreFailure (line 19) | StoreFailure constant ReloadFailure (line 20) | ReloadFailure constant ConfigurationFailure (line 21) | ConfigurationFailure constant EvaluationFailure (line 22) | EvaluationFailure constant InternalFailure (line 23) | InternalFailure type PolicyError (line 26) | type PolicyError struct method Error (line 31) | func (p *PolicyError) Error() string { method GetAuthorityPolicy (line 35) | func (a *Authority) GetAuthorityPolicy(ctx context.Context) (*linkedca.P... method CreateAuthorityPolicy (line 50) | func (a *Authority) CreateAuthorityPolicy(ctx context.Context, adm *link... method UpdateAuthorityPolicy (line 75) | func (a *Authority) UpdateAuthorityPolicy(ctx context.Context, adm *link... method RemoveAuthorityPolicy (line 100) | func (a *Authority) RemoveAuthorityPolicy(ctx context.Context) error { method checkAuthorityPolicy (line 121) | func (a *Authority) checkAuthorityPolicy(ctx context.Context, currentAdm... method checkProvisionerPolicy (line 139) | func (a *Authority) checkProvisionerPolicy(ctx context.Context, provName... method checkPolicy (line 157) | func (a *Authority) checkPolicy(_ context.Context, currentAdmin *linkedc... method reloadPolicyEngines (line 209) | func (a *Authority) reloadPolicyEngines(ctx context.Context) error { function isAllowed (line 244) | func isAllowed(engine authPolicy.X509Policy, sans []string) error { FILE: authority/policy/engine.go type Engine (line 12) | type Engine struct method IsX509CertificateAllowed (line 58) | func (e *Engine) IsX509CertificateAllowed(cert *x509.Certificate) error { method AreSANsAllowed (line 70) | func (e *Engine) AreSANsAllowed(sans []string) error { method IsSSHCertificateAllowed (line 83) | func (e *Engine) IsSSHCertificateAllowed(cert *ssh.Certificate) error { function New (line 19) | func New(options *Options) (*Engine, error) { FILE: authority/policy/options.go type Options (line 5) | type Options struct method GetX509Options (line 12) | func (o *Options) GetX509Options() *X509PolicyOptions { method GetSSHOptions (line 21) | func (o *Options) GetSSHOptions() *SSHPolicyOptions { type X509PolicyOptionsInterface (line 30) | type X509PolicyOptionsInterface interface type X509PolicyOptions (line 38) | type X509PolicyOptions struct method GetAllowedNameOptions (line 70) | func (o *X509PolicyOptions) GetAllowedNameOptions() *X509NameOptions { method GetDeniedNameOptions (line 78) | func (o *X509PolicyOptions) GetDeniedNameOptions() *X509NameOptions { method AreWildcardNamesAllowed (line 87) | func (o *X509PolicyOptions) AreWildcardNamesAllowed() bool { type X509NameOptions (line 51) | type X509NameOptions struct method HasNames (line 61) | func (o *X509NameOptions) HasNames() bool { type SSHPolicyOptionsInterface (line 96) | type SSHPolicyOptionsInterface interface type SSHPolicyOptions (line 105) | type SSHPolicyOptions struct method GetAllowedUserNameOptions (line 114) | func (o *SSHPolicyOptions) GetAllowedUserNameOptions() *SSHNameOptions { method GetDeniedUserNameOptions (line 123) | func (o *SSHPolicyOptions) GetDeniedUserNameOptions() *SSHNameOptions { method GetAllowedHostNameOptions (line 132) | func (o *SSHPolicyOptions) GetAllowedHostNameOptions() *SSHNameOptions { method GetDeniedHostNameOptions (line 141) | func (o *SSHPolicyOptions) GetDeniedHostNameOptions() *SSHNameOptions { type SSHUserCertificateOptions (line 149) | type SSHUserCertificateOptions struct method GetAllowedNameOptions (line 171) | func (o *SSHUserCertificateOptions) GetAllowedNameOptions() *SSHNameOp... method GetDeniedNameOptions (line 180) | func (o *SSHUserCertificateOptions) GetDeniedNameOptions() *SSHNameOpt... type SSHHostCertificateOptions (line 159) | type SSHHostCertificateOptions type SSHNameOptions (line 162) | type SSHNameOptions struct method HasNames (line 189) | func (o *SSHNameOptions) HasNames() bool { FILE: authority/policy/options_test.go function TestX509PolicyOptions_IsWildcardLiteralAllowed (line 7) | func TestX509PolicyOptions_IsWildcardLiteralAllowed(t *testing.T) { FILE: authority/policy/policy.go type X509Policy (line 12) | type X509Policy type UserPolicy (line 15) | type UserPolicy type HostPolicy (line 18) | type HostPolicy function NewX509PolicyEngine (line 21) | func NewX509PolicyEngine(policyOptions X509PolicyOptionsInterface) (X509... type sshPolicyEngineType (line 69) | type sshPolicyEngineType constant UserPolicyEngineType (line 72) | UserPolicyEngineType sshPolicyEngineType = "user" constant HostPolicyEngineType (line 73) | HostPolicyEngineType sshPolicyEngineType = "host" function NewSSHUserPolicyEngine (line 77) | func NewSSHUserPolicyEngine(policyOptions SSHPolicyOptionsInterface) (Us... function NewSSHHostPolicyEngine (line 86) | func NewSSHHostPolicyEngine(policyOptions SSHPolicyOptionsInterface) (Ho... function newSSHPolicyEngine (line 95) | func newSSHPolicyEngine(policyOptions SSHPolicyOptionsInterface, typ ssh... function LinkedToCertificates (line 147) | func LinkedToCertificates(p *linkedca.Policy) *Options { FILE: authority/policy/policy_test.go function TestPolicyToCertificates (line 11) | func TestPolicyToCertificates(t *testing.T) { FILE: authority/policy_test.go function TestAuthority_checkPolicy (line 22) | func TestAuthority_checkPolicy(t *testing.T) { function mustPolicyEngine (line 198) | func mustPolicyEngine(t *testing.T, options *policy.Options) *policy.Eng... function TestAuthority_reloadPolicyEngines (line 206) | func TestAuthority_reloadPolicyEngines(t *testing.T) { function TestAuthority_checkAuthorityPolicy (line 869) | func TestAuthority_checkAuthorityPolicy(t *testing.T) { function TestAuthority_checkProvisionerPolicy (line 1005) | func TestAuthority_checkProvisionerPolicy(t *testing.T) { function TestAuthority_RemoveAuthorityPolicy (line 1098) | func TestAuthority_RemoveAuthorityPolicy(t *testing.T) { function TestAuthority_GetAuthorityPolicy (line 1193) | func TestAuthority_GetAuthorityPolicy(t *testing.T) { function TestAuthority_CreateAuthorityPolicy (line 1268) | func TestAuthority_CreateAuthorityPolicy(t *testing.T) { function TestAuthority_UpdateAuthorityPolicy (line 1448) | func TestAuthority_UpdateAuthorityPolicy(t *testing.T) { FILE: authority/poolhttp/poolhttp.go type Transporter (line 12) | type Transporter interface type Client (line 19) | type Client struct method SetNew (line 37) | func (c *Client) SetNew(fn func() *http.Client) { method getClient (line 46) | func (c *Client) getClient() *http.Client { method Get (line 58) | func (c *Client) Get(u string) (resp *http.Response, err error) { method Do (line 71) | func (c *Client) Do(req *http.Request) (resp *http.Response, err error) { method Transport (line 84) | func (c *Client) Transport() *http.Transport { function New (line 26) | func New(fn func() *http.Client) *Client { FILE: authority/poolhttp/poolhttp_test.go function requireBody (line 15) | func requireBody(t *testing.T, want string, r io.ReadCloser) { function TestClient (line 26) | func TestClient(t *testing.T) { function TestClient_SetNew (line 69) | func TestClient_SetNew(t *testing.T) { function TestClient_parallel (line 100) | func TestClient_parallel(t *testing.T) { FILE: authority/provisioner/acme.go type ACMEChallenge (line 18) | type ACMEChallenge method String (line 37) | func (c ACMEChallenge) String() string { method Validate (line 42) | func (c ACMEChallenge) Validate() error { constant HTTP_01 (line 23) | HTTP_01 ACMEChallenge = "http-01" constant DNS_01 (line 25) | DNS_01 ACMEChallenge = "dns-01" constant TLS_ALPN_01 (line 27) | TLS_ALPN_01 ACMEChallenge = "tls-alpn-01" constant DEVICE_ATTEST_01 (line 29) | DEVICE_ATTEST_01 ACMEChallenge = "device-attest-01" constant WIREOIDC_01 (line 31) | WIREOIDC_01 ACMEChallenge = "wire-oidc-01" constant WIREDPOP_01 (line 33) | WIREDPOP_01 ACMEChallenge = "wire-dpop-01" type ACMEAttestationFormat (line 53) | type ACMEAttestationFormat method String (line 70) | func (f ACMEAttestationFormat) String() string { method Validate (line 75) | func (f ACMEAttestationFormat) Validate() error { constant APPLE (line 57) | APPLE ACMEAttestationFormat = "apple" constant STEP (line 63) | STEP ACMEAttestationFormat = "step" constant TPM (line 66) | TPM ACMEAttestationFormat = "tpm" type ACME (line 86) | type ACME struct method GetID (line 128) | func (p ACME) GetID() string { method GetIDForToken (line 137) | func (p *ACME) GetIDForToken() string { method GetTokenID (line 143) | func (p *ACME) GetTokenID(string) (string, error) { method GetName (line 148) | func (p *ACME) GetName() string { method GetType (line 153) | func (p *ACME) GetType() Type { method GetEncryptedKey (line 158) | func (p *ACME) GetEncryptedKey() (string, string, bool) { method GetOptions (line 163) | func (p *ACME) GetOptions() *Options { method DefaultTLSCertDuration (line 169) | func (p *ACME) DefaultTLSCertDuration() time.Duration { method Init (line 174) | func (p *ACME) Init(config Config) (err error) { method initializeWireOptions (line 227) | func (p *ACME) initializeWireOptions() error { method AuthorizeOrderIdentifier (line 282) | func (p *ACME) AuthorizeOrderIdentifier(_ context.Context, identifier ... method AuthorizeSign (line 319) | func (p *ACME) AuthorizeSign(context.Context, string) ([]SignOption, e... method AuthorizeRevoke (line 340) | func (p *ACME) AuthorizeRevoke(context.Context, string) error { method AuthorizeRenew (line 348) | func (p *ACME) AuthorizeRenew(ctx context.Context, cert *x509.Certific... method IsChallengeEnabled (line 355) | func (p *ACME) IsChallengeEnabled(_ context.Context, challenge ACMECha... method IsAttestationFormatEnabled (line 373) | func (p *ACME) IsAttestationFormatEnabled(_ context.Context, format AC... method GetAttestationRoots (line 393) | func (p *ACME) GetAttestationRoots() (*x509.CertPool, bool) { type ACMEIdentifierType (line 261) | type ACMEIdentifierType constant IP (line 265) | IP ACMEIdentifierType = "ip" constant DNS (line 267) | DNS ACMEIdentifierType = "dns" constant WireUser (line 269) | WireUser ACMEIdentifierType = "wireapp-user" constant WireDevice (line 271) | WireDevice ACMEIdentifierType = "wireapp-device" type ACMEIdentifier (line 275) | type ACMEIdentifier struct FILE: authority/provisioner/acme_118_test.go function TestACME_GetAttestationRoots (line 12) | func TestACME_GetAttestationRoots(t *testing.T) { FILE: authority/provisioner/acme_119_test.go function TestACME_GetAttestationRoots (line 12) | func TestACME_GetAttestationRoots(t *testing.T) { FILE: authority/provisioner/acme_test.go function TestACMEChallenge_Validate (line 20) | func TestACMEChallenge_Validate(t *testing.T) { function TestACMEAttestationFormat_Validate (line 48) | func TestACMEAttestationFormat_Validate(t *testing.T) { function TestACME_Getters (line 73) | func TestACME_Getters(t *testing.T) { function TestACME_Init (line 90) | func TestACME_Init(t *testing.T) { function TestACME_AuthorizeRenew (line 250) | func TestACME_AuthorizeRenew(t *testing.T) { function TestACME_AuthorizeSign (line 309) | func TestACME_AuthorizeSign(t *testing.T) { function TestACME_IsChallengeEnabled (line 373) | func TestACME_IsChallengeEnabled(t *testing.T) { function TestACME_IsAttestationFormatEnabled (line 417) | func TestACME_IsAttestationFormatEnabled(t *testing.T) { FILE: authority/provisioner/aws.go constant awsIssuer (line 33) | awsIssuer = "ec2.amazonaws.com" constant awsIdentityURL (line 36) | awsIdentityURL = "http://169.254.169.254/latest/dynamic/instance-identit... constant awsSignatureURL (line 39) | awsSignatureURL = "http://169.254.169.254/latest/dynamic/instance-identi... constant awsAPITokenURL (line 42) | awsAPITokenURL = "http://169.254.169.254/latest/api/token" constant awsAPITokenTTL (line 46) | awsAPITokenTTL = "30" constant awsMetadataTokenHeader (line 49) | awsMetadataTokenHeader = "X-aws-ec2-metadata-token" constant awsMetadataTokenTTLHeader (line 52) | awsMetadataTokenTTLHeader = "X-aws-ec2-metadata-token-ttl-seconds" constant awsSignatureAlgorithm (line 62) | awsSignatureAlgorithm = x509.SHA256WithRSA type awsConfig (line 64) | type awsConfig struct function newAWSConfig (line 73) | func newAWSConfig(certPath string) (*awsConfig, error) { type awsPayload (line 116) | type awsPayload struct type awsAmazonPayload (line 123) | type awsAmazonPayload struct type awsInstanceIdentityDocument (line 128) | type awsInstanceIdentityDocument struct type AWS (line 163) | type AWS struct method GetID (line 181) | func (p *AWS) GetID() string { method GetIDForToken (line 190) | func (p *AWS) GetIDForToken() string { method GetTokenID (line 195) | func (p *AWS) GetTokenID(token string) (string, error) { method GetName (line 214) | func (p *AWS) GetName() string { method GetType (line 219) | func (p *AWS) GetType() Type { method GetEncryptedKey (line 224) | func (p *AWS) GetEncryptedKey() (kid, key string, ok bool) { method GetIdentityToken (line 230) | func (p *AWS) GetIdentityToken(subject, caURL string) (string, error) { method Init (line 302) | func (p *AWS) Init(config Config) (err error) { method AuthorizeSign (line 339) | func (p *AWS) AuthorizeSign(ctx context.Context, token string) ([]Sign... method AuthorizeRenew (line 401) | func (p *AWS) AuthorizeRenew(ctx context.Context, cert *x509.Certifica... method assertConfig (line 406) | func (p *AWS) assertConfig() (err error) { method checkSignature (line 415) | func (p *AWS) checkSignature(signed, signature []byte) error { method readURL (line 427) | func (p *AWS) readURL(url string) ([]byte, error) { method readURLv1 (line 465) | func (p *AWS) readURLv1(url string) (*http.Response, error) { method readURLv2 (line 479) | func (p *AWS) readURLv2(url string) (*http.Response, error) { method readResponseBody (line 514) | func (p *AWS) readResponseBody(resp *http.Response) ([]byte, error) { method authorizeToken (line 526) | func (p *AWS) authorizeToken(token string) (*awsPayload, error) { method AuthorizeSSHSign (line 616) | func (p *AWS) AuthorizeSSHSign(_ context.Context, token string) ([]Sig... FILE: authority/provisioner/aws_test.go function TestAWS_Getters (line 27) | func TestAWS_Getters(t *testing.T) { function TestAWS_GetTokenID (line 47) | func TestAWS_GetTokenID(t *testing.T) { function TestAWS_GetIdentityToken (line 98) | func TestAWS_GetIdentityToken(t *testing.T) { function TestAWS_GetIdentityToken_V1Only (line 202) | func TestAWS_GetIdentityToken_V1Only(t *testing.T) { function TestAWS_GetIdentityToken_BadIDMS (line 231) | func TestAWS_GetIdentityToken_BadIDMS(t *testing.T) { function TestAWS_Init (line 249) | func TestAWS_Init(t *testing.T) { function TestAWS_authorizeToken (line 312) | func TestAWS_authorizeToken(t *testing.T) { function TestAWS_AuthorizeSign (line 545) | func TestAWS_AuthorizeSign(t *testing.T) { function TestAWS_AuthorizeSSHSign (line 716) | func TestAWS_AuthorizeSSHSign(t *testing.T) { function TestAWS_AuthorizeRenew (line 833) | func TestAWS_AuthorizeRenew(t *testing.T) { function TestAWS_HardcodedCertificates (line 878) | func TestAWS_HardcodedCertificates(t *testing.T) { FILE: authority/provisioner/azure.go constant azureOIDCBaseURL (line 27) | azureOIDCBaseURL = "https://login.microsoftonline.com" constant azureIdentityTokenURL (line 30) | azureIdentityTokenURL = "http://169.254.169.254/metadata/identity/oauth2... constant azureIdentityTokenAPIVersion (line 32) | azureIdentityTokenAPIVersion = "2018-02-01" constant azureInstanceComputeURL (line 35) | azureInstanceComputeURL = "http://169.254.169.254/metadata/instance/comp... constant azureDefaultAudience (line 38) | azureDefaultAudience = "https://management.azure.com/" type azureConfig (line 54) | type azureConfig struct function newAzureConfig (line 60) | func newAzureConfig(tenantID string) *azureConfig { type azureIdentityToken (line 68) | type azureIdentityToken struct type azurePayload (line 80) | type azurePayload struct type Azure (line 106) | type Azure struct method GetID (line 128) | func (p *Azure) GetID() string { method GetIDForToken (line 137) | func (p *Azure) GetIDForToken() string { method GetTokenID (line 144) | func (p *Azure) GetTokenID(token string) (string, error) { method GetName (line 169) | func (p *Azure) GetName() string { method GetType (line 174) | func (p *Azure) GetType() Type { method GetEncryptedKey (line 179) | func (p *Azure) GetEncryptedKey() (kid, key string, ok bool) { method GetIdentityToken (line 185) | func (p *Azure) GetIdentityToken(subject, caURL string) (string, error) { method Init (line 238) | func (p *Azure) Init(config Config) (err error) { method authorizeToken (line 270) | func (p *Azure) authorizeToken(token string) (*azurePayload, string, s... method AuthorizeSign (line 319) | func (p *Azure) AuthorizeSign(ctx context.Context, token string) ([]Si... method AuthorizeRenew (line 419) | func (p *Azure) AuthorizeRenew(ctx context.Context, cert *x509.Certifi... method AuthorizeSSHSign (line 424) | func (p *Azure) AuthorizeSSHSign(_ context.Context, token string) ([]S... method assertConfig (line 490) | func (p *Azure) assertConfig() { method getAzureEnvironment (line 497) | func (p *Azure) getAzureEnvironment() (string, error) { FILE: authority/provisioner/azure_test.go function TestAzure_Getters (line 25) | func TestAzure_Getters(t *testing.T) { function TestAzure_GetTokenID (line 44) | func TestAzure_GetTokenID(t *testing.T) { function TestAzure_GetIdentityToken (line 94) | func TestAzure_GetIdentityToken(t *testing.T) { function TestAzure_Init (line 185) | func TestAzure_Init(t *testing.T) { function TestAzure_authorizeToken (line 252) | func TestAzure_authorizeToken(t *testing.T) { function TestAzure_AuthorizeSign (line 396) | func TestAzure_AuthorizeSign(t *testing.T) { function TestAzure_AuthorizeRenew (line 581) | func TestAzure_AuthorizeRenew(t *testing.T) { function TestAzure_AuthorizeSSHSign (line 626) | func TestAzure_AuthorizeSSHSign(t *testing.T) { function TestAzure_assertConfig (line 735) | func TestAzure_assertConfig(t *testing.T) { FILE: authority/provisioner/claims.go type Claims (line 11) | type Claims struct type Claimer (line 36) | type Claimer struct method Claims (line 49) | func (c *Claimer) Claims() Claims { method DefaultTLSCertDuration (line 75) | func (c *Claimer) DefaultTLSCertDuration() time.Duration { method MinTLSCertDuration (line 85) | func (c *Claimer) MinTLSCertDuration() time.Duration { method MaxTLSCertDuration (line 98) | func (c *Claimer) MaxTLSCertDuration() time.Duration { method IsDisableRenewal (line 111) | func (c *Claimer) IsDisableRenewal() bool { method IsDisableSmallstepExtensions (line 120) | func (c *Claimer) IsDisableSmallstepExtensions() bool { method AllowRenewalAfterExpiry (line 130) | func (c *Claimer) AllowRenewalAfterExpiry() bool { method DefaultSSHCertDuration (line 139) | func (c *Claimer) DefaultSSHCertDuration(certType uint32) (time.Durati... method DefaultUserSSHCertDuration (line 155) | func (c *Claimer) DefaultUserSSHCertDuration() time.Duration { method MinUserSSHCertDuration (line 165) | func (c *Claimer) MinUserSSHCertDuration() time.Duration { method MaxUserSSHCertDuration (line 178) | func (c *Claimer) MaxUserSSHCertDuration() time.Duration { method DefaultHostSSHCertDuration (line 191) | func (c *Claimer) DefaultHostSSHCertDuration() time.Duration { method MinHostSSHCertDuration (line 201) | func (c *Claimer) MinHostSSHCertDuration() time.Duration { method MaxHostSSHCertDuration (line 214) | func (c *Claimer) MaxHostSSHCertDuration() time.Duration { method IsSSHCAEnabled (line 227) | func (c *Claimer) IsSSHCAEnabled() bool { method Validate (line 235) | func (c *Claimer) Validate() error { function NewClaimer (line 42) | func NewClaimer(claims *Claims, global Claims) (*Claimer, error) { FILE: authority/provisioner/claims_test.go function TestClaimer_DefaultSSHCertDuration (line 10) | func TestClaimer_DefaultSSHCertDuration(t *testing.T) { FILE: authority/provisioner/collection.go constant DefaultProvisionersLimit (line 22) | DefaultProvisionersLimit = 20 constant DefaultProvisionersMax (line 25) | DefaultProvisionersMax = 100 type uidProvisioner (line 27) | type uidProvisioner struct type provisionerSlice (line 32) | type provisionerSlice method Len (line 34) | func (p provisionerSlice) Len() int { return len(p) } method Less (line 35) | func (p provisionerSlice) Less(i, j int) bool { return p[i].uid < p[j]... method Swap (line 36) | func (p provisionerSlice) Swap(i, j int) { p[i], p[j] = p[j], p[i] } type loadByTokenPayload (line 40) | type loadByTokenPayload struct type Collection (line 48) | type Collection struct method Load (line 70) | func (c *Collection) Load(id string) (Interface, bool) { method LoadByName (line 75) | func (c *Collection) LoadByName(name string) (Interface, bool) { method LoadByTokenID (line 82) | func (c *Collection) LoadByTokenID(tokenProvisionerID string) (Interfa... method LoadByToken (line 87) | func (c *Collection) LoadByToken(token *jose.JSONWebToken, claims *jos... method LoadByCertificate (line 155) | func (c *Collection) LoadByCertificate(cert *x509.Certificate) (Interf... method LoadEncryptedKey (line 173) | func (c *Collection) LoadEncryptedKey(keyID string) (string, bool) { method Store (line 184) | func (c *Collection) Store(p Interface) error { method Remove (line 226) | func (c *Collection) Remove(id string) error { method Update (line 259) | func (c *Collection) Update(nu Interface) error { method Find (line 286) | func (c *Collection) Find(cursor string, limit int) (List, string) { function NewCollection (line 59) | func NewCollection(audiences Audiences) *Collection { function loadProvisioner (line 309) | func loadProvisioner(m *sync.Map, key string) (Interface, bool) { function provisionerSum (line 323) | func provisionerSum(p Interface) []byte { function matchesAudience (line 330) | func matchesAudience(as, bs []string) bool { function stripPort (line 347) | func stripPort(rawurl string) string { function extractFragment (line 357) | func extractFragment(audience []string) string { FILE: authority/provisioner/collection_test.go function TestCollection_Load (line 17) | func TestCollection_Load(t *testing.T) { function TestCollection_LoadByTokenID (line 57) | func TestCollection_LoadByTokenID(t *testing.T) { function TestCollection_LoadByToken (line 102) | func TestCollection_LoadByToken(t *testing.T) { function TestCollection_LoadByCertificate (line 196) | func TestCollection_LoadByCertificate(t *testing.T) { function TestCollection_LoadEncryptedKey (line 276) | func TestCollection_LoadEncryptedKey(t *testing.T) { function TestCollection_Store (line 316) | func TestCollection_Store(t *testing.T) { function TestCollection_Find (line 345) | func TestCollection_Find(t *testing.T) { function Test_matchesAudience (line 392) | func Test_matchesAudience(t *testing.T) { function Test_stripPort (line 446) | func Test_stripPort(t *testing.T) { FILE: authority/provisioner/controller.go type Controller (line 23) | type Controller struct method GetHTTPClient (line 74) | func (c *Controller) GetHTTPClient() HTTPClient { method GetIdentity (line 82) | func (c *Controller) GetIdentity(ctx context.Context, email string) (*... method AuthorizeRenew (line 91) | func (c *Controller) AuthorizeRenew(ctx context.Context, cert *x509.Ce... method AuthorizeSSHRenew (line 100) | func (c *Controller) AuthorizeSSHRenew(ctx context.Context, cert *ssh.... method newWebhookController (line 107) | func (c *Controller) newWebhookController(templateData WebhookSetter, ... method getPolicy (line 251) | func (c *Controller) getPolicy() *policyEngine { function NewController (line 38) | func NewController(p Interface, claims *Claims, config Config, options *... type Identity (line 127) | type Identity struct type GetIdentityFunc (line 133) | type GetIdentityFunc type AuthorizeRenewFunc (line 137) | type AuthorizeRenewFunc type AuthorizeSSHRenewFunc (line 141) | type AuthorizeSSHRenewFunc function DefaultIdentityFunc (line 146) | func DefaultIdentityFunc(_ context.Context, p Interface, email string) (... function DefaultAuthorizeRenew (line 173) | func DefaultAuthorizeRenew(_ context.Context, p *Controller, cert *x509.... function DefaultAuthorizeSSHRenew (line 195) | func DefaultAuthorizeSSHRenew(_ context.Context, p *Controller, cert *ss... function SanitizeStringSlices (line 212) | func SanitizeStringSlices(original []string) []string { function SanitizeSSHUserPrincipal (line 231) | func SanitizeSSHUserPrincipal(email string) string { FILE: authority/provisioner/controller_test.go function mustClaimer (line 24) | func mustClaimer(t *testing.T, claims *Claims, global Claims) *Claimer { function mustDuration (line 32) | func mustDuration(t *testing.T, s string) *Duration { function mustNewPolicyEngine (line 41) | func mustNewPolicyEngine(t *testing.T, options *Options) *policyEngine { function TestNewController (line 50) | func TestNewController(t *testing.T) { function TestController_GetHTTPClient (line 163) | func TestController_GetHTTPClient(t *testing.T) { function TestController_GetIdentity (line 187) | func TestController_GetIdentity(t *testing.T) { function TestController_AuthorizeRenew (line 241) | func TestController_AuthorizeRenew(t *testing.T) { function TestController_AuthorizeSSHRenew (line 312) | func TestController_AuthorizeSSHRenew(t *testing.T) { function TestDefaultAuthorizeRenew (line 383) | func TestDefaultAuthorizeRenew(t *testing.T) { function TestDefaultAuthorizeSSHRenew (line 441) | func TestDefaultAuthorizeSSHRenew(t *testing.T) { function Test_newWebhookController (line 499) | func Test_newWebhookController(t *testing.T) { FILE: authority/provisioner/duration.go type Duration (line 11) | type Duration struct method MarshalJSON (line 30) | func (d *Duration) MarshalJSON() ([]byte, error) { method UnmarshalJSON (line 39) | func (d *Duration) UnmarshalJSON(data []byte) (err error) { method Value (line 58) | func (d *Duration) Value() time.Duration { function NewDuration (line 17) | func NewDuration(s string) (*Duration, error) { FILE: authority/provisioner/duration_test.go function TestNewDuration (line 9) | func TestNewDuration(t *testing.T) { function TestDuration_UnmarshalJSON (line 38) | func TestDuration_UnmarshalJSON(t *testing.T) { function TestDuration_MarshalJSON (line 69) | func TestDuration_MarshalJSON(t *testing.T) { function TestDuration_Value (line 92) | func TestDuration_Value(t *testing.T) { FILE: authority/provisioner/extension.go type Extension (line 18) | type Extension struct method Marshal (line 33) | func (e *Extension) Marshal() ([]byte, error) { method ToExtension (line 44) | func (e *Extension) ToExtension() (pkix.Extension, error) { type extensionASN1 (line 25) | type extensionASN1 struct function GetProvisionerExtension (line 57) | func GetProvisionerExtension(cert *x509.Certificate) (*Extension, bool) { FILE: authority/provisioner/extension_test.go function TestExtension_Marshal (line 12) | func TestExtension_Marshal(t *testing.T) { function TestExtension_ToExtension (line 59) | func TestExtension_ToExtension(t *testing.T) { function TestGetProvisionerExtension (line 121) | func TestGetProvisionerExtension(t *testing.T) { FILE: authority/provisioner/gcp.go constant gcpCertsURL (line 29) | gcpCertsURL = "https://www.googleapis.com/oauth2/v3/certs" constant gcpIdentityURL (line 32) | gcpIdentityURL = "http://metadata/computeMetadata/v1/instance/service-ac... type gcpPayload (line 41) | type gcpPayload struct type gcpGooglePayload (line 49) | type gcpGooglePayload struct type gcpComputeEnginePayload (line 53) | type gcpComputeEnginePayload struct type gcpConfig (line 63) | type gcpConfig struct function newGCPConfig (line 68) | func newGCPConfig() *gcpConfig { type projectValidator (line 77) | type projectValidator interface type GCP (line 96) | type GCP struct method GetID (line 119) | func (p *GCP) GetID() string { method GetIDForToken (line 128) | func (p *GCP) GetIDForToken() string { method GetTokenID (line 135) | func (p *GCP) GetTokenID(token string) (string, error) { method GetName (line 162) | func (p *GCP) GetName() string { method GetType (line 167) | func (p *GCP) GetType() Type { method GetEncryptedKey (line 172) | func (p *GCP) GetEncryptedKey() (kid, key string, ok bool) { method GetIdentityURL (line 177) | func (p *GCP) GetIdentityURL(audience string) string { method GetIdentityToken (line 189) | func (p *GCP) GetIdentityToken(subject, caURL string) (string, error) { method Init (line 218) | func (p *GCP) Init(config Config) (err error) { method AuthorizeSign (line 264) | func (p *GCP) AuthorizeSign(ctx context.Context, token string) ([]Sign... method AuthorizeRenew (line 326) | func (p *GCP) AuthorizeRenew(ctx context.Context, cert *x509.Certifica... method assertConfig (line 331) | func (p *GCP) assertConfig() { method authorizeToken (line 340) | func (p *GCP) authorizeToken(ctx context.Context, token string) (*gcpP... method AuthorizeSSHSign (line 419) | func (p *GCP) AuthorizeSSHSign(ctx context.Context, token string) ([]S... method genHostOptions (line 497) | func (p *GCP) genHostOptions(_ context.Context, claims *gcpPayload) (S... method genUserOptions (line 513) | func (p *GCP) genUserOptions(_ context.Context, claims *gcpPayload) (S... method isUnauthorizedToIssueSSHCert (line 523) | func (p *GCP) isUnauthorizedToIssueSSHCert(certType string) error { function FormatServiceAccountUsername (line 509) | func FormatServiceAccountUsername(serviceAccountID string) string { FILE: authority/provisioner/gcp/projectvalidator.go type ProjectValidator (line 12) | type ProjectValidator struct method ValidateProject (line 16) | func (p *ProjectValidator) ValidateProject(_ context.Context, projectI... type OrganizationValidator (line 30) | type OrganizationValidator struct method ValidateProject (line 55) | func (p *OrganizationValidator) ValidateProject(ctx context.Context, p... function NewOrganizationValidator (line 36) | func NewOrganizationValidator(projectIDs []string, organizationID string... FILE: authority/provisioner/gcp/projectvalidator_test.go function TestProjectValidator_ValidateProject (line 11) | func TestProjectValidator_ValidateProject(t *testing.T) { function TestNewOrganizationValidator (line 41) | func TestNewOrganizationValidator(t *testing.T) { function TestOrganizationValidator_ValidateProject (line 84) | func TestOrganizationValidator_ValidateProject(t *testing.T) { FILE: authority/provisioner/gcp_test.go function TestGCP_Getters (line 27) | func TestGCP_Getters(t *testing.T) { function TestGCP_GetTokenID (line 53) | func TestGCP_GetTokenID(t *testing.T) { function TestGCP_GetIdentityToken (line 108) | func TestGCP_GetIdentityToken(t *testing.T) { function TestGCP_Init (line 162) | func TestGCP_Init(t *testing.T) { function TestGCP_authorizeToken (line 228) | func TestGCP_authorizeToken(t *testing.T) { function TestGCP_AuthorizeSign (line 424) | func TestGCP_AuthorizeSign(t *testing.T) { function TestGCP_AuthorizeSSHSign (line 598) | func TestGCP_AuthorizeSSHSign(t *testing.T) { function TestGCP_AuthorizeRenew (line 738) | func TestGCP_AuthorizeRenew(t *testing.T) { FILE: authority/provisioner/jwk.go type jwtPayload (line 21) | type jwtPayload struct type stepPayload (line 28) | type stepPayload struct type cnfPayload (line 33) | type cnfPayload struct type JWK (line 39) | type JWK struct method GetID (line 53) | func (p *JWK) GetID() string { method GetIDForToken (line 62) | func (p *JWK) GetIDForToken() string { method GetTokenID (line 67) | func (p *JWK) GetTokenID(ott string) (string, error) { method GetName (line 85) | func (p *JWK) GetName() string { method GetType (line 90) | func (p *JWK) GetType() Type { method GetEncryptedKey (line 95) | func (p *JWK) GetEncryptedKey() (string, string, bool) { method Init (line 100) | func (p *JWK) Init(config Config) (err error) { method authorizeToken (line 117) | func (p *JWK) authorizeToken(token string, audiences []string) (*jwtPa... method AuthorizeRevoke (line 152) | func (p *JWK) AuthorizeRevoke(_ context.Context, token string) error { method AuthorizeSign (line 159) | func (p *JWK) AuthorizeSign(ctx context.Context, token string) ([]Sign... method AuthorizeRenew (line 219) | func (p *JWK) AuthorizeRenew(ctx context.Context, cert *x509.Certifica... method AuthorizeSSHSign (line 225) | func (p *JWK) AuthorizeSSHSign(_ context.Context, token string) ([]Sig... method AuthorizeSSHRevoke (line 302) | func (p *JWK) AuthorizeSSHRevoke(_ context.Context, token string) error { FILE: authority/provisioner/jwk_test.go function TestJWK_Getters (line 24) | func TestJWK_Getters(t *testing.T) { function TestJWK_Init (line 49) | func TestJWK_Init(t *testing.T) { function TestJWK_authorizeToken (line 113) | func TestJWK_authorizeToken(t *testing.T) { function TestJWK_AuthorizeRevoke (line 203) | func TestJWK_AuthorizeRevoke(t *testing.T) { function TestJWK_AuthorizeSign (line 240) | func TestJWK_AuthorizeSign(t *testing.T) { function TestJWK_AuthorizeRenew (line 351) | func TestJWK_AuthorizeRenew(t *testing.T) { function TestJWK_AuthorizeSSHSign (line 396) | func TestJWK_AuthorizeSSHSign(t *testing.T) { function TestJWK_AuthorizeSign_SSHOptions (line 527) | func TestJWK_AuthorizeSign_SSHOptions(t *testing.T) { function TestJWK_AuthorizeSSHRevoke (line 635) | func TestJWK_AuthorizeSSHRevoke(t *testing.T) { FILE: authority/provisioner/k8sSA.go constant K8sSAName (line 29) | K8sSAName = "k8sSA-default" constant K8sSAID (line 31) | K8sSAID = "k8ssa/" + K8sSAName constant k8sSAIssuer (line 32) | k8sSAIssuer = "kubernetes/serviceaccount" type k8sSAPayload (line 36) | type k8sSAPayload struct type K8sSA (line 46) | type K8sSA struct method GetID (line 61) | func (p *K8sSA) GetID() string { method GetIDForToken (line 70) | func (p *K8sSA) GetIDForToken() string { method GetTokenID (line 75) | func (p *K8sSA) GetTokenID(string) (string, error) { method GetName (line 80) | func (p *K8sSA) GetName() string { method GetType (line 85) | func (p *K8sSA) GetType() Type { method GetEncryptedKey (line 91) | func (p *K8sSA) GetEncryptedKey() (string, string, bool) { method Init (line 96) | func (p *K8sSA) Init(config Config) (err error) { method authorizeToken (line 150) | func (p *K8sSA) authorizeToken(token string, audiences []string) (*k8s... method AuthorizeRevoke (line 211) | func (p *K8sSA) AuthorizeRevoke(_ context.Context, token string) error { method AuthorizeSign (line 217) | func (p *K8sSA) AuthorizeSign(_ context.Context, token string) ([]Sign... method AuthorizeRenew (line 252) | func (p *K8sSA) AuthorizeRenew(ctx context.Context, cert *x509.Certifi... method AuthorizeSSHSign (line 257) | func (p *K8sSA) AuthorizeSSHSign(_ context.Context, token string) ([]S... FILE: authority/provisioner/k8sSA_test.go function TestK8sSA_Getters (line 18) | func TestK8sSA_Getters(t *testing.T) { function TestK8sSA_authorizeToken (line 38) | func TestK8sSA_authorizeToken(t *testing.T) { function TestK8sSA_AuthorizeRevoke (line 135) | func TestK8sSA_AuthorizeRevoke(t *testing.T) { function TestK8sSA_AuthorizeRenew (line 183) | func TestK8sSA_AuthorizeRenew(t *testing.T) { function TestK8sSA_AuthorizeSign (line 239) | func TestK8sSA_AuthorizeSign(t *testing.T) { function TestK8sSA_AuthorizeSSHSign (line 314) | func TestK8sSA_AuthorizeSSHSign(t *testing.T) { FILE: authority/provisioner/keystore.go constant defaultCacheAge (line 16) | defaultCacheAge = 12 * time.Hour constant defaultCacheJitter (line 17) | defaultCacheJitter = 1 * time.Hour type keyStore (line 22) | type keyStore struct method Get (line 46) | func (ks *keyStore) Get(kid string) (keys []jose.JSONWebKey) { method reload (line 59) | func (ks *keyStore) reload() { function newKeyStore (line 31) | func newKeyStore(client HTTPClient, uri string) (*keyStore, error) { function getKeysFromJWKsURI (line 69) | func getKeysFromJWKsURI(client HTTPClient, uri string) (jose.JSONWebKeyS... function getCacheAge (line 82) | func getCacheAge(cacheControl string) time.Duration { function getCacheJitter (line 100) | func getCacheJitter(age time.Duration) time.Duration { function getExpirationTime (line 113) | func getExpirationTime(age, jitter time.Duration) time.Time { function abs (line 122) | func abs(n time.Duration) time.Duration { FILE: authority/provisioner/keystore_test.go function Test_newKeyStore (line 16) | func Test_newKeyStore(t *testing.T) { function Test_keyStore (line 56) | func Test_keyStore(t *testing.T) { function Test_keyStore_noCache (line 100) | func Test_keyStore_noCache(t *testing.T) { function Test_keyStore_Get (line 128) | func Test_keyStore_Get(t *testing.T) { function Test_abs (line 156) | func Test_abs(t *testing.T) { FILE: authority/provisioner/method.go type Method (line 9) | type Method method String (line 34) | func (m Method) String() string { type methodKey (line 12) | type methodKey struct constant SignMethod (line 16) | SignMethod Method = iota constant SignIdentityMethod (line 18) | SignIdentityMethod constant RevokeMethod (line 20) | RevokeMethod constant RenewMethod (line 22) | RenewMethod constant SSHSignMethod (line 24) | SSHSignMethod constant SSHRenewMethod (line 26) | SSHRenewMethod constant SSHRevokeMethod (line 28) | SSHRevokeMethod constant SSHRekeyMethod (line 30) | SSHRekeyMethod function NewContextWithMethod (line 59) | func NewContextWithMethod(ctx context.Context, method Method) context.Co... function MethodFromContext (line 64) | func MethodFromContext(ctx context.Context) Method { type tokenKey (line 69) | type tokenKey struct function NewContextWithToken (line 72) | func NewContextWithToken(ctx context.Context, token string) context.Cont... function TokenFromContext (line 77) | func TokenFromContext(ctx context.Context) (string, bool) { type certTypeKey (line 83) | type certTypeKey struct function NewContextWithCertType (line 86) | func NewContextWithCertType(ctx context.Context, certType string) contex... function CertTypeFromContext (line 91) | func CertTypeFromContext(ctx context.Context) (string, bool) { FILE: authority/provisioner/nebula.go constant NebulaCertHeader (line 33) | NebulaCertHeader jose.HeaderKey = "nebula" type Nebula (line 46) | type Nebula struct method Init (line 58) | func (p *Nebula) Init(config Config) (err error) { method GetID (line 79) | func (p *Nebula) GetID() string { method GetIDForToken (line 88) | func (p *Nebula) GetIDForToken() string { method GetTokenID (line 93) | func (p *Nebula) GetTokenID(token string) (string, error) { method GetName (line 111) | func (p *Nebula) GetName() string { method GetType (line 116) | func (p *Nebula) GetType() Type { method GetEncryptedKey (line 121) | func (p *Nebula) GetEncryptedKey() (kid, key string, ok bool) { method AuthorizeSign (line 126) | func (p *Nebula) AuthorizeSign(_ context.Context, token string) ([]Sig... method AuthorizeSSHSign (line 182) | func (p *Nebula) AuthorizeSSHSign(_ context.Context, token string) ([]... method AuthorizeRenew (line 282) | func (p *Nebula) AuthorizeRenew(ctx context.Context, crt *x509.Certifi... method AuthorizeRevoke (line 287) | func (p *Nebula) AuthorizeRevoke(context.Context, string) error { method AuthorizeSSHRevoke (line 292) | func (p *Nebula) AuthorizeSSHRevoke(context.Context, string) error { method AuthorizeSSHRenew (line 297) | func (p *Nebula) AuthorizeSSHRenew(context.Context, string) (*ssh.Cert... method AuthorizeSSHRekey (line 302) | func (p *Nebula) AuthorizeSSHRekey(context.Context, string) (*ssh.Cert... method authorizeToken (line 306) | func (p *Nebula) authorizeToken(token string, audiences []string) (neb... type nebulaSANsValidator (line 388) | type nebulaSANsValidator struct method Valid (line 395) | func (v nebulaSANsValidator) Valid(req *x509.CertificateRequest) error { type nebulaPrincipalsValidator (line 443) | type nebulaPrincipalsValidator struct method Valid (line 450) | func (v nebulaPrincipalsValidator) Valid(got SignSSHOptions) error { FILE: authority/provisioner/nebula_test.go function mustNebulaPrefix (line 29) | func mustNebulaPrefix(t *testing.T, s string) netip.Prefix { function mustNebulaCA (line 36) | func mustNebulaCA(t *testing.T) (cert.Certificate, ed25519.PrivateKey) { function mustExpiredNebulaCA (line 58) | func mustExpiredNebulaCA(t *testing.T) (cert.Certificate, ed25519.Privat... function mustNebulaP256CA (line 80) | func mustNebulaP256CA(t *testing.T) (cert.Certificate, *ecdsa.PrivateKey) { function mustNebulaCert (line 107) | func mustNebulaCert(t *testing.T, name string, network netip.Prefix, gro... function mustNebulaP256Cert (line 132) | func mustNebulaP256Cert(t *testing.T, name string, network netip.Prefix,... function mustNebulaProvisioner (line 162) | func mustNebulaProvisioner(t *testing.T) (*Nebula, cert.Certificate, ed2... function mustNebulaP256Provisioner (line 186) | func mustNebulaP256Provisioner(t *testing.T) (*Nebula, cert.Certificate,... function mustNebulaToken (line 210) | func mustNebulaToken(t *testing.T, sub, iss, aud string, iat time.Time, ... function mustNebulaSSHToken (line 246) | func mustNebulaSSHToken(t *testing.T, sub, iss, aud string, iat time.Tim... function TestNebula_Init (line 287) | func TestNebula_Init(t *testing.T) { function TestNebula_GetID (line 345) | func TestNebula_GetID(t *testing.T) { function TestNebula_GetIDForToken (line 371) | func TestNebula_GetIDForToken(t *testing.T) { function TestNebula_GetTokenID (line 394) | func TestNebula_GetTokenID(t *testing.T) { function TestNebula_GetName (line 433) | func TestNebula_GetName(t *testing.T) { function TestNebula_GetType (line 456) | func TestNebula_GetType(t *testing.T) { function TestNebula_GetEncryptedKey (line 479) | func TestNebula_GetEncryptedKey(t *testing.T) { function TestNebula_AuthorizeSign (line 505) | func TestNebula_AuthorizeSign(t *testing.T) { function TestNebula_AuthorizeSSHSign (line 546) | func TestNebula_AuthorizeSSHSign(t *testing.T) { function TestNebula_AuthorizeRenew (line 615) | func TestNebula_AuthorizeRenew(t *testing.T) { function TestNebula_AuthorizeRevoke (line 655) | func TestNebula_AuthorizeRevoke(t *testing.T) { function TestNebula_AuthorizeSSHRevoke (line 689) | func TestNebula_AuthorizeSSHRevoke(t *testing.T) { function TestNebula_AuthorizeSSHRenew (line 730) | func TestNebula_AuthorizeSSHRenew(t *testing.T) { function TestNebula_AuthorizeSSHRekey (line 760) | func TestNebula_AuthorizeSSHRekey(t *testing.T) { function TestNebula_authorizeToken (line 792) | func TestNebula_authorizeToken(t *testing.T) { function TestNebula_authorizeToken_P256 (line 899) | func TestNebula_authorizeToken_P256(t *testing.T) { function Test_nebulaSANsValidator_Valid (line 1006) | func Test_nebulaSANsValidator_Valid(t *testing.T) { function Test_nebulaPrincipalsValidator_Valid (line 1079) | func Test_nebulaPrincipalsValidator_Valid(t *testing.T) { FILE: authority/provisioner/noop.go type noop (line 11) | type noop struct method GetID (line 13) | func (p *noop) GetID() string { method GetIDForToken (line 17) | func (p *noop) GetIDForToken() string { method GetTokenID (line 21) | func (p *noop) GetTokenID(string) (string, error) { method GetName (line 25) | func (p *noop) GetName() string { method GetType (line 28) | func (p *noop) GetType() Type { method GetEncryptedKey (line 32) | func (p *noop) GetEncryptedKey() (kid, key string, ok bool) { method Init (line 36) | func (p *noop) Init(Config) error { method AuthorizeSign (line 40) | func (p *noop) AuthorizeSign(context.Context, string) ([]SignOption, e... method AuthorizeRenew (line 44) | func (p *noop) AuthorizeRenew(context.Context, *x509.Certificate) error { method AuthorizeRevoke (line 48) | func (p *noop) AuthorizeRevoke(context.Context, string) error { method AuthorizeSSHSign (line 52) | func (p *noop) AuthorizeSSHSign(context.Context, string) ([]SignOption... method AuthorizeSSHRenew (line 56) | func (p *noop) AuthorizeSSHRenew(context.Context, string) (*ssh.Certif... method AuthorizeSSHRevoke (line 61) | func (p *noop) AuthorizeSSHRevoke(context.Context, string) error { method AuthorizeSSHRekey (line 65) | func (p *noop) AuthorizeSSHRekey(context.Context, string) (*ssh.Certif... FILE: authority/provisioner/noop_test.go function Test_noop (line 11) | func Test_noop(t *testing.T) { FILE: authority/provisioner/oidc.go type openIDConfiguration (line 26) | type openIDConfiguration struct method Validate (line 32) | func (c openIDConfiguration) Validate() error { type openIDPayload (line 44) | type openIDPayload struct method IsAdmin (line 55) | func (o *openIDPayload) IsAdmin(admins []string) bool { type OIDC (line 81) | type OIDC struct method GetID (line 112) | func (o *OIDC) GetID() string { method GetIDForToken (line 121) | func (o *OIDC) GetIDForToken() string { method GetTokenID (line 127) | func (o *OIDC) GetTokenID(ott string) (string, error) { method GetName (line 145) | func (o *OIDC) GetName() string { method GetType (line 150) | func (o *OIDC) GetType() Type { method GetEncryptedKey (line 155) | func (o *OIDC) GetEncryptedKey() (kid, key string, ok bool) { method Init (line 160) | func (o *OIDC) Init(config Config) (err error) { method ValidatePayload (line 214) | func (o *OIDC) ValidatePayload(p openIDPayload) error { method authorizeToken (line 266) | func (o *OIDC) authorizeToken(token string) (*openIDPayload, error) { method AuthorizeRevoke (line 303) | func (o *OIDC) AuthorizeRevoke(_ context.Context, token string) error { method AuthorizeSign (line 318) | func (o *OIDC) AuthorizeSign(_ context.Context, token string) ([]SignO... method AuthorizeRenew (line 377) | func (o *OIDC) AuthorizeRenew(ctx context.Context, cert *x509.Certific... method AuthorizeSSHSign (line 382) | func (o *OIDC) AuthorizeSSHSign(ctx context.Context, token string) ([]... method AuthorizeSSHRevoke (line 474) | func (o *OIDC) AuthorizeSSHRevoke(_ context.Context, token string) err... function sanitizeEmail (line 103) | func sanitizeEmail(email string) string { function getAndDecode (line 488) | func getAndDecode(client HTTPClient, uri string, v interface{}) error { FILE: authority/provisioner/oidc_test.go function Test_openIDConfiguration_Validate (line 24) | func Test_openIDConfiguration_Validate(t *testing.T) { function TestOIDC_Getters (line 52) | func TestOIDC_Getters(t *testing.T) { function TestOIDC_Init (line 71) | func TestOIDC_Init(t *testing.T) { function TestOIDC_authorizeToken (line 159) | func TestOIDC_authorizeToken(t *testing.T) { function TestOIDC_AuthorizeSign (line 277) | func TestOIDC_AuthorizeSign(t *testing.T) { function TestOIDC_AuthorizeRevoke (line 370) | func TestOIDC_AuthorizeRevoke(t *testing.T) { function TestOIDC_AuthorizeRenew (line 432) | func TestOIDC_AuthorizeRenew(t *testing.T) { function TestOIDC_AuthorizeSSHSign (line 478) | func TestOIDC_AuthorizeSSHSign(t *testing.T) { function TestOIDC_AuthorizeSSHRevoke (line 654) | func TestOIDC_AuthorizeSSHRevoke(t *testing.T) { function Test_sanitizeEmail (line 710) | func Test_sanitizeEmail(t *testing.T) { function Test_openIDPayload_IsAdmin (line 730) | func Test_openIDPayload_IsAdmin(t *testing.T) { FILE: authority/provisioner/options.go type CertificateOptions (line 19) | type CertificateOptions interface type certificateOptionsFunc (line 23) | type certificateOptionsFunc method Options (line 25) | func (fn certificateOptionsFunc) Options(so SignOptions) []x509util.Op... type Options (line 31) | type Options struct method GetX509Options (line 41) | func (o *Options) GetX509Options() *X509Options { method GetSSHOptions (line 49) | func (o *Options) GetSSHOptions() *SSHOptions { method GetWireOptions (line 58) | func (o *Options) GetWireOptions() (*wire.Options, error) { method GetWebhooks (line 69) | func (o *Options) GetWebhooks() []*Webhook { type X509Options (line 77) | type X509Options struct method HasTemplate (line 101) | func (o *X509Options) HasTemplate() bool { method GetAllowedNameOptions (line 107) | func (o *X509Options) GetAllowedNameOptions() *policy.X509NameOptions { method GetDeniedNameOptions (line 116) | func (o *X509Options) GetDeniedNameOptions() *policy.X509NameOptions { method AreWildcardNamesAllowed (line 123) | func (o *X509Options) AreWildcardNamesAllowed() bool { function TemplateOptions (line 134) | func TemplateOptions(o *Options, data x509util.TemplateData) (Certificat... function CustomTemplateOptions (line 142) | func CustomTemplateOptions(o *Options, data x509util.TemplateData, defau... function unsafeParseSigned (line 199) | func unsafeParseSigned(s string) (map[string]interface{}, error) { FILE: authority/provisioner/options_test.go function parseCertificateRequest (line 14) | func parseCertificateRequest(t *testing.T, filename string) *x509.Certif... function TestOptions_GetX509Options (line 27) | func TestOptions_GetX509Options(t *testing.T) { function TestOptions_GetSSHOptions (line 49) | func TestOptions_GetSSHOptions(t *testing.T) { function TestOptions_GetWebhooks (line 71) | func TestOptions_GetWebhooks(t *testing.T) { function TestProvisionerX509Options_HasTemplate (line 101) | func TestProvisionerX509Options_HasTemplate(t *testing.T) { function TestTemplateOptions (line 131) | func TestTemplateOptions(t *testing.T) { function TestCustomTemplateOptions (line 190) | func TestCustomTemplateOptions(t *testing.T) { function Test_unsafeParseSigned (line 286) | func Test_unsafeParseSigned(t *testing.T) { function TestX509Options_IsWildcardLiteralAllowed (line 322) | func TestX509Options_IsWildcardLiteralAllowed(t *testing.T) { FILE: authority/provisioner/policy.go type policyEngine (line 5) | type policyEngine struct method getX509 (line 46) | func (p *policyEngine) getX509() policy.X509Policy { method getSSHHost (line 53) | func (p *policyEngine) getSSHHost() policy.HostPolicy { method getSSHUser (line 60) | func (p *policyEngine) getSSHUser() policy.UserPolicy { function newPolicyEngine (line 11) | func newPolicyEngine(options *Options) (*policyEngine, error) { FILE: authority/provisioner/provisioner.go type Interface (line 20) | type Interface interface type HTTPClient (line 39) | type HTTPClient interface type Uninitialized (line 46) | type Uninitialized struct method MarshalJSON (line 53) | func (p Uninitialized) MarshalJSON() ([]byte, error) { type Audiences (line 88) | type Audiences struct method All (line 99) | func (a Audiences) All() (auds []string) { method WithFragment (line 112) | func (a Audiences) WithFragment(fragment string) Audiences { function generateSignAudience (line 176) | func generateSignAudience(caURL, provisionerID string) (string, error) { type Type (line 185) | type Type method String (line 214) | func (t Type) String() string { constant noopType (line 188) | noopType Type = 0 constant TypeJWK (line 190) | TypeJWK Type = 1 constant TypeOIDC (line 192) | TypeOIDC Type = 2 constant TypeGCP (line 194) | TypeGCP Type = 3 constant TypeAWS (line 196) | TypeAWS Type = 4 constant TypeAzure (line 198) | TypeAzure Type = 5 constant TypeACME (line 200) | TypeACME Type = 6 constant TypeX5C (line 202) | TypeX5C Type = 7 constant TypeK8sSA (line 204) | TypeK8sSA Type = 8 constant TypeSSHPOP (line 206) | TypeSSHPOP Type = 9 constant TypeSCEP (line 208) | TypeSCEP Type = 10 constant TypeNebula (line 210) | TypeNebula Type = 11 type SSHKeys (line 244) | type SSHKeys struct type SCEPKeyManager (line 251) | type SCEPKeyManager interface type Config (line 258) | type Config struct type provisioner (line 286) | type provisioner struct type List (line 291) | type List method UnmarshalJSON (line 295) | func (l *List) UnmarshalJSON(data []byte) error { type base (line 352) | type base struct method AuthorizeSign (line 356) | func (b *base) AuthorizeSign(context.Context, string) ([]SignOption, e... method AuthorizeRevoke (line 362) | func (b *base) AuthorizeRevoke(context.Context, string) error { method AuthorizeRenew (line 368) | func (b *base) AuthorizeRenew(context.Context, *x509.Certificate) error { method AuthorizeSSHSign (line 374) | func (b *base) AuthorizeSSHSign(context.Context, string) ([]SignOption... method AuthorizeSSHRevoke (line 380) | func (b *base) AuthorizeSSHRevoke(context.Context, string) error { method AuthorizeSSHRenew (line 386) | func (b *base) AuthorizeSSHRenew(context.Context, string) (*ssh.Certif... method AuthorizeSSHRekey (line 392) | func (b *base) AuthorizeSSHRekey(context.Context, string) (*ssh.Certif... type Permissions (line 397) | type Permissions struct type RAInfo (line 404) | type RAInfo struct type raProvisioner (line 413) | type raProvisioner struct method RAInfo (line 419) | func (p *raProvisioner) RAInfo() *RAInfo { type MockProvisioner (line 424) | type MockProvisioner struct method GetID (line 444) | func (m *MockProvisioner) GetID() string { method GetIDForToken (line 452) | func (m *MockProvisioner) GetIDForToken() string { method GetTokenID (line 460) | func (m *MockProvisioner) GetTokenID(token string) (string, error) { method GetName (line 471) | func (m *MockProvisioner) GetName() string { method GetType (line 479) | func (m *MockProvisioner) GetType() Type { method GetEncryptedKey (line 487) | func (m *MockProvisioner) GetEncryptedKey() (string, string, bool) { method Init (line 495) | func (m *MockProvisioner) Init(c Config) error { method AuthorizeSign (line 503) | func (m *MockProvisioner) AuthorizeSign(ctx context.Context, ott strin... method AuthorizeRevoke (line 511) | func (m *MockProvisioner) AuthorizeRevoke(ctx context.Context, ott str... method AuthorizeRenew (line 519) | func (m *MockProvisioner) AuthorizeRenew(ctx context.Context, c *x509.... method AuthorizeSSHSign (line 527) | func (m *MockProvisioner) AuthorizeSSHSign(ctx context.Context, ott st... method AuthorizeSSHRenew (line 535) | func (m *MockProvisioner) AuthorizeSSHRenew(ctx context.Context, ott s... method AuthorizeSSHRekey (line 543) | func (m *MockProvisioner) AuthorizeSSHRekey(ctx context.Context, ott s... method AuthorizeSSHRevoke (line 551) | func (m *MockProvisioner) AuthorizeSSHRevoke(ctx context.Context, ott ... FILE: authority/provisioner/provisioner_test.go function TestType_String (line 15) | func TestType_String(t *testing.T) { function TestSanitizeSSHUserPrincipal (line 38) | func TestSanitizeSSHUserPrincipal(t *testing.T) { function TestDefaultIdentityFunc (line 64) | func TestDefaultIdentityFunc(t *testing.T) { function TestUnimplementedMethods (line 163) | func TestUnimplementedMethods(t *testing.T) { function TestUninitialized_MarshalJSON (line 253) | func TestUninitialized_MarshalJSON(t *testing.T) { FILE: authority/provisioner/scep.go type SCEP (line 26) | type SCEP struct method GetID (line 70) | func (s *SCEP) GetID() string { method GetIDForToken (line 79) | func (s *SCEP) GetIDForToken() string { method GetName (line 84) | func (s *SCEP) GetName() string { method GetType (line 89) | func (s *SCEP) GetType() Type { method GetEncryptedKey (line 94) | func (s *SCEP) GetEncryptedKey() (string, string, bool) { method GetTokenID (line 100) | func (s *SCEP) GetTokenID(string) (string, error) { method GetOptions (line 105) | func (s *SCEP) GetOptions() *Options { method DefaultTLSCertDuration (line 111) | func (s *SCEP) DefaultTLSCertDuration() time.Duration { method Init (line 250) | func (s *SCEP) Init(config Config) (err error) { method AuthorizeSign (line 413) | func (s *SCEP) AuthorizeSign(context.Context, string) ([]SignOption, e... method GetCapabilities (line 429) | func (s *SCEP) GetCapabilities() []string { method ShouldIncludeRootInChain (line 437) | func (s *SCEP) ShouldIncludeRootInChain() bool { method ShouldIncludeIntermediateInChain (line 446) | func (s *SCEP) ShouldIncludeIntermediateInChain() bool { method GetContentEncryptionAlgorithm (line 452) | func (s *SCEP) GetContentEncryptionAlgorithm() int { method ValidateChallenge (line 459) | func (s *SCEP) ValidateChallenge(ctx context.Context, csr *x509.Certif... method NotifySuccess (line 474) | func (s *SCEP) NotifySuccess(ctx context.Context, csr *x509.Certificat... method NotifyFailure (line 481) | func (s *SCEP) NotifyFailure(ctx context.Context, csr *x509.Certificat... method selectValidationMethod (line 500) | func (s *SCEP) selectValidationMethod() validationMethod { method GetDecrypter (line 515) | func (s *SCEP) GetDecrypter() (*x509.Certificate, crypto.Decrypter) { method GetSigner (line 523) | func (s *SCEP) GetSigner() (*x509.Certificate, crypto.Signer) { type challengeValidationController (line 115) | type challengeValidationController struct method Validate (line 152) | func (c *challengeValidationController) Validate(ctx context.Context, ... function newChallengeValidationController (line 123) | func newChallengeValidationController(client HTTPClient, tw httptranspor... type notificationController (line 181) | type notificationController struct method Success (line 207) | func (c *notificationController) Success(ctx context.Context, csr *x50... method Failure (line 223) | func (c *notificationController) Failure(ctx context.Context, csr *x50... function newNotificationController (line 189) | func newNotificationController(client HTTPClient, tw httptransport.Wrapp... function isCertTypeOK (line 242) | func isCertTypeOK(wh *Webhook) bool { type validationMethod (line 488) | type validationMethod constant validationMethodNone (line 491) | validationMethodNone validationMethod = "none" constant validationMethodStatic (line 492) | validationMethodStatic validationMethod = "static" constant validationMethodWebhook (line 493) | validationMethodWebhook validationMethod = "webhook" FILE: authority/provisioner/scep_test.go function generateSCEP (line 29) | func generateSCEP(t *testing.T) *SCEP { function Test_challengeValidationController_Validate (line 67) | func Test_challengeValidationController_Validate(t *testing.T) { function TestController_isCertTypeOK (line 263) | func TestController_isCertTypeOK(t *testing.T) { function Test_selectValidationMethod (line 270) | func Test_selectValidationMethod(t *testing.T) { function TestSCEP_ValidateChallenge (line 336) | func TestSCEP_ValidateChallenge(t *testing.T) { function TestSCEP_Init (line 504) | func TestSCEP_Init(t *testing.T) { function TestSCEP_Getters (line 771) | func TestSCEP_Getters(t *testing.T) { FILE: authority/provisioner/sign_options.go constant DefaultCertValidity (line 27) | DefaultCertValidity = 24 * time.Hour type SignOptions (line 31) | type SignOptions struct type SignOption (line 40) | type SignOption interface type CertificateValidator (line 43) | type CertificateValidator interface type CertificateRequestValidator (line 48) | type CertificateRequestValidator interface type CertificateModifier (line 55) | type CertificateModifier interface type CertificateEnforcer (line 62) | type CertificateEnforcer interface type CertificateModifierFunc (line 68) | type CertificateModifierFunc method Modify (line 71) | func (fn CertificateModifierFunc) Modify(cert *x509.Certificate, opts ... type CertificateEnforcerFunc (line 77) | type CertificateEnforcerFunc method Enforce (line 80) | func (fn CertificateEnforcerFunc) Enforce(cert *x509.Certificate) error { type AttestationData (line 86) | type AttestationData struct type defaultPublicKeyValidator (line 91) | type defaultPublicKeyValidator struct method Valid (line 94) | func (v defaultPublicKeyValidator) Valid(req *x509.CertificateRequest)... type publicKeyMinimumLengthValidator (line 110) | type publicKeyMinimumLengthValidator struct method Valid (line 124) | func (v publicKeyMinimumLengthValidator) Valid(req *x509.CertificateRe... function newPublicKeyMinimumLengthValidator (line 117) | func newPublicKeyMinimumLengthValidator(length int) publicKeyMinimumLeng... type commonNameValidator (line 140) | type commonNameValidator method Valid (line 144) | func (v commonNameValidator) Valid(req *x509.CertificateRequest) error { type commonNameSliceValidator (line 156) | type commonNameSliceValidator method Valid (line 158) | func (v commonNameSliceValidator) Valid(req *x509.CertificateRequest) ... type dnsNamesValidator (line 171) | type dnsNamesValidator method Valid (line 175) | func (v dnsNamesValidator) Valid(req *x509.CertificateRequest) error { type dnsNamesSubsetValidator (line 194) | type dnsNamesSubsetValidator method Valid (line 198) | func (v dnsNamesSubsetValidator) Valid(req *x509.CertificateRequest) e... type ipAddressesValidator (line 215) | type ipAddressesValidator method Valid (line 219) | func (v ipAddressesValidator) Valid(req *x509.CertificateRequest) error { type emailAddressesValidator (line 238) | type emailAddressesValidator method Valid (line 242) | func (v emailAddressesValidator) Valid(req *x509.CertificateRequest) e... type urisValidator (line 261) | type urisValidator struct method Valid (line 272) | func (v urisValidator) Valid(req *x509.CertificateRequest) error { function newURIsValidator (line 266) | func newURIsValidator(ctx context.Context, uris []*url.URL) *urisValidat... type defaultSANsValidator (line 297) | type defaultSANsValidator struct method Valid (line 308) | func (v defaultSANsValidator) Valid(req *x509.CertificateRequest) (err... function newDefaultSANsValidator (line 302) | func newDefaultSANsValidator(ctx context.Context, sans []string) *defaul... type profileDefaultDuration (line 324) | type profileDefaultDuration method Modify (line 331) | func (v profileDefaultDuration) Modify(cert *x509.Certificate, so Sign... type profileLimitDuration (line 354) | type profileLimitDuration struct method Modify (line 367) | func (v profileLimitDuration) Modify(cert *x509.Certificate, so SignOp... type validityValidator (line 401) | type validityValidator struct method Valid (line 413) | func (v *validityValidator) Valid(cert *x509.Certificate, o SignOption... function newValidityValidator (line 407) | func newValidityValidator(minDur, maxDur time.Duration) *validityValidat... type x509NamePolicyValidator (line 443) | type x509NamePolicyValidator struct method Valid (line 455) | func (v *x509NamePolicyValidator) Valid(cert *x509.Certificate, _ Sign... function newX509NamePolicyValidator (line 448) | func newX509NamePolicyValidator(engine policy.X509Policy) *x509NamePolic... type forceCNOption (line 462) | type forceCNOption struct method Modify (line 470) | func (o *forceCNOption) Modify(cert *x509.Certificate, _ SignOptions) ... function newForceCNOption (line 466) | func newForceCNOption(forceCN bool) *forceCNOption { type provisionerExtensionOption (line 486) | type provisionerExtensionOption struct method WithControllerOptions (line 505) | func (o *provisionerExtensionOption) WithControllerOptions(c *Controll... method Modify (line 510) | func (o *provisionerExtensionOption) Modify(cert *x509.Certificate, _ ... function newProvisionerExtensionOption (line 491) | func newProvisionerExtensionOption(typ Type, name, credentialID string, ... type csrFingerprintValidator (line 533) | type csrFingerprintValidator method Valid (line 535) | func (s csrFingerprintValidator) Valid(cr *x509.CertificateRequest) er... type SignCSROption (line 551) | type SignCSROption type TemplateDataModifier (line 554) | type TemplateDataModifier interface type templateDataModifier (line 558) | type templateDataModifier struct method Modify (line 562) | func (t *templateDataModifier) Modify(data x509util.TemplateData) { function TemplateDataModifierFunc (line 568) | func TemplateDataModifierFunc(fn func(data x509util.TemplateData)) Templ... FILE: authority/provisioner/sign_options_test.go function Test_defaultPublicKeyValidator_Valid (line 20) | func Test_defaultPublicKeyValidator_Valid(t *testing.T) { function Test_commonNameValidator_Valid (line 86) | func Test_commonNameValidator_Valid(t *testing.T) { function Test_commonNameSliceValidator_Valid (line 109) | func Test_commonNameSliceValidator_Valid(t *testing.T) { function Test_emailAddressesValidator_Valid (line 133) | func Test_emailAddressesValidator_Valid(t *testing.T) { function Test_dnsNamesValidator_Valid (line 161) | func Test_dnsNamesValidator_Valid(t *testing.T) { function Test_dnsNamesSubsetValidator_Valid (line 189) | func Test_dnsNamesSubsetValidator_Valid(t *testing.T) { function Test_ipAddressesValidator_Valid (line 222) | func Test_ipAddressesValidator_Valid(t *testing.T) { function Test_urisValidator_Valid (line 254) | func Test_urisValidator_Valid(t *testing.T) { function Test_defaultSANsValidator_Valid (line 294) | func Test_defaultSANsValidator_Valid(t *testing.T) { function Test_validityValidator_Valid (line 385) | func Test_validityValidator_Valid(t *testing.T) { function Test_forceCN_Option (line 483) | func Test_forceCN_Option(t *testing.T) { function Test_profileDefaultDuration_Option (line 563) | func Test_profileDefaultDuration_Option(t *testing.T) { function Test_newProvisionerExtension_Option (line 706) | func Test_newProvisionerExtension_Option(t *testing.T) { function Test_profileLimitDuration_Option (line 781) | func Test_profileLimitDuration_Option(t *testing.T) { FILE: authority/provisioner/sign_ssh_options.go constant SSHUserCert (line 24) | SSHUserCert = "user" constant SSHHostCert (line 27) | SSHHostCert = "host" type SSHCertModifier (line 32) | type SSHCertModifier interface type SSHCertValidator (line 38) | type SSHCertValidator interface type SSHCertOptionsValidator (line 45) | type SSHCertOptionsValidator interface type SSHPublicKeyValidator (line 52) | type SSHPublicKeyValidator interface type SignSSHOptions (line 58) | type SignSSHOptions struct method Validate (line 69) | func (o SignSSHOptions) Validate() error { method Type (line 82) | func (o SignSSHOptions) Type() uint32 { method Modify (line 87) | func (o SignSSHOptions) Modify(cert *ssh.Certificate, _ SignSSHOptions... method ModifyValidity (line 106) | func (o SignSSHOptions) ModifyValidity(cert *ssh.Certificate) error { method match (line 122) | func (o SignSSHOptions) match(got SignSSHOptions) error { type sshCertValidAfterModifier (line 140) | type sshCertValidAfterModifier method Modify (line 142) | func (m sshCertValidAfterModifier) Modify(cert *ssh.Certificate, _ Sig... type sshCertValidBeforeModifier (line 149) | type sshCertValidBeforeModifier method Modify (line 151) | func (m sshCertValidBeforeModifier) Modify(cert *ssh.Certificate, _ Si... type sshDefaultDuration (line 159) | type sshDefaultDuration struct method Modify (line 165) | func (m *sshDefaultDuration) Modify(cert *ssh.Certificate, o SignSSHOp... type sshLimitDuration (line 191) | type sshLimitDuration struct method Modify (line 198) | func (m *sshLimitDuration) Modify(cert *ssh.Certificate, o SignSSHOpti... type sshCertOptionsValidator (line 246) | type sshCertOptionsValidator method Valid (line 250) | func (v sshCertOptionsValidator) Valid(got SignSSHOptions) error { type sshCertOptionsRequireValidator (line 256) | type sshCertOptionsRequireValidator struct method Valid (line 262) | func (v *sshCertOptionsRequireValidator) Valid(got SignSSHOptions) err... type sshCertValidityValidator (line 275) | type sshCertValidityValidator struct method Valid (line 279) | func (v *sshCertValidityValidator) Valid(cert *ssh.Certificate, opts S... type sshCertDefaultValidator (line 319) | type sshCertDefaultValidator struct method Valid (line 324) | func (v *sshCertDefaultValidator) Valid(cert *ssh.Certificate, _ SignS... type sshDefaultPublicKeyValidator (line 352) | type sshDefaultPublicKeyValidator struct method Valid (line 359) | func (v sshDefaultPublicKeyValidator) Valid(cert *ssh.Certificate, _ S... type sshNamePolicyValidator (line 387) | type sshNamePolicyValidator struct method Valid (line 401) | func (v *sshNamePolicyValidator) Valid(cert *ssh.Certificate, _ SignSS... function newSSHNamePolicyValidator (line 393) | func newSSHNamePolicyValidator(host policy.HostPolicy, user policy.UserP... function sshCertTypeUInt32 (line 433) | func sshCertTypeUInt32(ct string) uint32 { function containsAllMembers (line 445) | func containsAllMembers(group, subgroup []string) bool { function sshParseString (line 462) | func sshParseString(in []byte) (out, rest []byte, ok bool) { function sshParseRSAPublicKey (line 477) | func sshParseRSAPublicKey(in []byte) (*rsa.PublicKey, error) { FILE: authority/provisioner/sign_ssh_options_test.go function TestSSHOptions_Type (line 14) | func TestSSHOptions_Type(t *testing.T) { function TestSSHOptions_Modify (line 40) | func TestSSHOptions_Modify(t *testing.T) { function TestSSHOptions_Match (line 114) | func TestSSHOptions_Match(t *testing.T) { function Test_sshCertValidAfterModifier_Modify (line 205) | func Test_sshCertValidAfterModifier_Modify(t *testing.T) { function Test_sshCertDefaultValidator_Valid (line 230) | func Test_sshCertDefaultValidator_Valid(t *testing.T) { function Test_sshCertValidityValidator (line 424) | func Test_sshCertValidityValidator(t *testing.T) { function Test_sshValidityModifier (line 533) | func Test_sshValidityModifier(t *testing.T) { function Test_sshDefaultDuration_Option (line 675) | func Test_sshDefaultDuration_Option(t *testing.T) { FILE: authority/provisioner/ssh_options.go type SSHCertificateOptions (line 17) | type SSHCertificateOptions interface type sshCertificateOptionsFunc (line 21) | type sshCertificateOptionsFunc method Options (line 23) | func (fn sshCertificateOptionsFunc) Options(so SignSSHOptions) []sshut... type SSHOptions (line 29) | type SSHOptions struct method GetAllowedUserNameOptions (line 50) | func (o *SSHOptions) GetAllowedUserNameOptions() *policy.SSHNameOptions { method GetDeniedUserNameOptions (line 62) | func (o *SSHOptions) GetDeniedUserNameOptions() *policy.SSHNameOptions { method GetAllowedHostNameOptions (line 74) | func (o *SSHOptions) GetAllowedHostNameOptions() *policy.SSHNameOptions { method GetDeniedHostNameOptions (line 86) | func (o *SSHOptions) GetDeniedHostNameOptions() *policy.SSHNameOptions { method HasTemplate (line 97) | func (o *SSHOptions) HasTemplate() bool { function TemplateSSHOptions (line 105) | func TemplateSSHOptions(o *Options, data sshutil.TemplateData) (SSHCerti... function CustomSSHTemplateOptions (line 113) | func CustomSSHTemplateOptions(o *Options, data sshutil.TemplateData, def... FILE: authority/provisioner/ssh_options_test.go function TestCustomSSHTemplateOptions (line 11) | func TestCustomSSHTemplateOptions(t *testing.T) { FILE: authority/provisioner/ssh_test.go function validateSSHCertificate (line 19) | func validateSSHCertificate(cert *ssh.Certificate, opts *SignSSHOptions)... function signSSHCertificate (line 48) | func signSSHCertificate(key crypto.PublicKey, opts SignSSHOptions, signO... FILE: authority/provisioner/sshpop.go type sshPOPPayload (line 20) | type sshPOPPayload struct type SSHPOP (line 29) | type SSHPOP struct method GetID (line 41) | func (p *SSHPOP) GetID() string { method GetIDForToken (line 50) | func (p *SSHPOP) GetIDForToken() string { method GetTokenID (line 55) | func (p *SSHPOP) GetTokenID(ott string) (string, error) { method GetName (line 73) | func (p *SSHPOP) GetName() string { method GetType (line 78) | func (p *SSHPOP) GetType() Type { method GetEncryptedKey (line 83) | func (p *SSHPOP) GetEncryptedKey() (string, string, bool) { method Init (line 88) | func (p *SSHPOP) Init(config Config) (err error) { method authorizeToken (line 110) | func (p *SSHPOP) authorizeToken(token string, audiences []string, chec... method AuthorizeSSHRevoke (line 191) | func (p *SSHPOP) AuthorizeSSHRevoke(_ context.Context, token string) e... method AuthorizeSSHRenew (line 207) | func (p *SSHPOP) AuthorizeSSHRenew(ctx context.Context, token string) ... method AuthorizeSSHRekey (line 220) | func (p *SSHPOP) AuthorizeSSHRekey(_ context.Context, token string) (*... function ExtractSSHPOPCert (line 241) | func ExtractSSHPOPCert(token string) (*ssh.Certificate, *jose.JSONWebTok... function bytesForSigning (line 271) | func bytesForSigning(cert *ssh.Certificate) []byte { FILE: authority/provisioner/sshpop_test.go function TestSSHPOP_Getters (line 23) | func TestSSHPOP_Getters(t *testing.T) { function createSSHCert (line 43) | func createSSHCert(cert *ssh.Certificate, signer ssh.Signer) (*ssh.Certi... function generateSSHPOPToken (line 65) | func generateSSHPOPToken(p Interface, cert *ssh.Certificate, jwk *jose.J... function TestSSHPOP_authorizeToken (line 70) | func TestSSHPOP_authorizeToken(t *testing.T) { function TestSSHPOP_AuthorizeSSHRevoke (line 235) | func TestSSHPOP_AuthorizeSSHRevoke(t *testing.T) { function TestSSHPOP_AuthorizeSSHRenew (line 307) | func TestSSHPOP_AuthorizeSSHRenew(t *testing.T) { function TestSSHPOP_AuthorizeSSHRekey (line 390) | func TestSSHPOP_AuthorizeSSHRekey(t *testing.T) { function TestSSHPOP_ExtractSSHPOPCert (line 485) | func TestSSHPOP_ExtractSSHPOPCert(t *testing.T) { FILE: authority/provisioner/timeduration.go function timeOr (line 16) | func timeOr(ts ...time.Time) time.Time { type TimeDuration (line 28) | type TimeDuration struct method SetDuration (line 61) | func (t *TimeDuration) SetDuration(d time.Duration) { method SetTime (line 67) | func (t *TimeDuration) SetTime(tt time.Time) { method IsZero (line 73) | func (t *TimeDuration) IsZero() bool { method Equal (line 78) | func (t *TimeDuration) Equal(other *TimeDuration) bool { method MarshalJSON (line 85) | func (t TimeDuration) MarshalJSON() ([]byte, error) { method UnmarshalJSON (line 99) | func (t *TimeDuration) UnmarshalJSON(data []byte) error { method Time (line 128) | func (t *TimeDuration) Time() time.Time { method Unix (line 133) | func (t *TimeDuration) Unix() int64 { method RelativeTime (line 139) | func (t *TimeDuration) RelativeTime(base time.Time) time.Time { method String (line 155) | func (t *TimeDuration) String() string { function NewTimeDuration (line 34) | func NewTimeDuration(t time.Time) TimeDuration { function ParseTimeDuration (line 40) | func ParseTimeDuration(s string) (TimeDuration, error) { FILE: authority/provisioner/timeduration_test.go function mockNow (line 9) | func mockNow() (time.Time, func()) { function TestNewTimeDuration (line 20) | func TestNewTimeDuration(t *testing.T) { function TestParseTimeDuration (line 42) | func TestParseTimeDuration(t *testing.T) { function TestTimeDuration_SetDuration (line 79) | func TestTimeDuration_SetDuration(t *testing.T) { function TestTimeDuration_SetTime (line 110) | func TestTimeDuration_SetTime(t *testing.T) { function TestTimeDuration_MarshalJSON (line 143) | func TestTimeDuration_MarshalJSON(t *testing.T) { function TestTimeDuration_UnmarshalJSON (line 170) | func TestTimeDuration_UnmarshalJSON(t *testing.T) { function TestTimeDuration_Time (line 199) | func TestTimeDuration_Time(t *testing.T) { function TestTimeDuration_Unix (line 223) | func TestTimeDuration_Unix(t *testing.T) { function TestTimeDuration_String (line 248) | func TestTimeDuration_String(t *testing.T) { FILE: authority/provisioner/utils_test.go constant awsTestCertificate (line 58) | awsTestCertificate = `-----BEGIN CERTIFICATE----- constant awsTestKey (line 73) | awsTestKey = `-----BEGIN RSA PRIVATE KEY----- function must (line 89) | func must(args ...interface{}) []interface{} { function generateJSONWebKey (line 98) | func generateJSONWebKey() (*jose.JSONWebKey, error) { function generateJSONWebKeySet (line 111) | func generateJSONWebKeySet(n int) (jose.JSONWebKeySet, error) { function encryptJSONWebKey (line 123) | func encryptJSONWebKey(jwk *jose.JSONWebKey) (*jose.JSONWebEncryption, e... function decryptJSONWebKey (line 147) | func decryptJSONWebKey(key string) (*jose.JSONWebKey, error) { function generateJWK (line 163) | func generateJWK() (*JWK, error) { function generateK8sSA (line 195) | func generateK8sSA(inputPubKey interface{}) (*K8sSA, error) { function generateSSHPOP (line 230) | func generateSSHPOP() (*SSHPOP, error) { function generateX5C (line 267) | func generateX5C(root []byte) (*X5C, error) { function generateOIDC (line 316) | func generateOIDC() (*OIDC, error) { function generateGCP (line 354) | func generateGCP() (*GCP, error) { function generateAWS (line 387) | func generateAWS() (*AWS, error) { function generateAWSWithServer (line 425) | func generateAWSWithServer() (*AWS, *httptest.Server, error) { function generateAWSV1Only (line 495) | func generateAWSV1Only() (*AWS, error) { function generateAWSWithServerV1Only (line 533) | func generateAWSWithServerV1Only() (*AWS, *httptest.Server, error) { function generateAzure (line 588) | func generateAzure() (*Azure, error) { function generateAzureWithServer (line 623) | func generateAzureWithServer() (*Azure, *httptest.Server, error) { function generateCollection (line 689) | func generateCollection(nJWK, nOIDC int) (*Collection, error) { function generateSimpleToken (line 708) | func generateSimpleToken(iss, aud string, jwk *jose.JSONWebKey) (string,... type tokOption (line 712) | type tokOption function withX5CHdr (line 714) | func withX5CHdr(certs []*x509.Certificate) tokOption { function withSSHPOPFile (line 725) | func withSSHPOPFile(cert *ssh.Certificate) tokOption { function generateToken (line 732) | func generateToken(sub, iss, aud, email string, sans []string, iat time.... function generateCustomToken (line 773) | func generateCustomToken(sub, iss, aud string, jwk *jose.JSONWebKey, ext... function generateOIDCToken (line 804) | func generateOIDCToken(sub, iss, aud, email, preferredUsername string, i... function generateX5CSSHToken (line 845) | func generateX5CSSHToken(jwk *jose.JSONWebKey, claims *x5cPayload, tokOp... function getK8sSAPayload (line 863) | func getK8sSAPayload() *k8sSAPayload { function generateK8sSAToken (line 876) | func generateK8sSAToken(jwk *jose.JSONWebKey, claims *k8sSAPayload, tokO... function generateSimpleSSHUserToken (line 897) | func generateSimpleSSHUserToken(iss, aud string, jwk *jose.JSONWebKey) (... function generateSimpleSSHHostToken (line 904) | func generateSimpleSSHHostToken(iss, aud string, jwk *jose.JSONWebKey) (... function generateSSHToken (line 911) | func generateSSHToken(sub, iss, aud string, iat time.Time, sshOpts *Sign... function generateGCPToken (line 945) | func generateGCPToken(sub, iss, aud, instanceID, instanceName, projectID... function generateAWSToken (line 983) | func generateAWSToken(p *AWS, sub, iss, aud, accountID, instanceID, priv... function generateAzureToken (line 1040) | func generateAzureToken(sub, iss, aud, tenantID, subscriptionID, resourc... function parseToken (line 1078) | func parseToken(token string) (*jose.JSONWebToken, *jose.Claims, error) { function parseAWSToken (line 1090) | func parseAWSToken(token string) (*jose.JSONWebToken, *awsPayload, error) { function generateJWKServerHandler (line 1107) | func generateJWKServerHandler(n int, srv *httptest.Server) http.Handler { function generateJWKServer (line 1158) | func generateJWKServer(n int) *httptest.Server { function generateTLSJWKServer (line 1165) | func generateTLSJWKServer(n int) *httptest.Server { function generateACME (line 1172) | func generateACME() (*ACME, error) { function parseCerts (line 1184) | func parseCerts(b []byte) ([]*x509.Certificate, error) { FILE: authority/provisioner/webhook.go type WebhookSetter (line 32) | type WebhookSetter interface type WebhookController (line 36) | type WebhookController struct method Enrich (line 47) | func (wc *WebhookController) Enrich(ctx context.Context, req *webhook.... method Authorize (line 86) | func (wc *WebhookController) Authorize(ctx context.Context, req *webho... method isCertTypeOK (line 123) | func (wc *WebhookController) isCertTypeOK(wh *Webhook) bool { type Webhook (line 133) | type Webhook struct method Validate (line 149) | func (w *Webhook) Validate() error { method DoWithContext (line 191) | func (w *Webhook) DoWithContext(ctx context.Context, client HTTPClient... FILE: authority/provisioner/webhook_test.go function TestWebhookController_isCertTypeOK (line 31) | func TestWebhookController_isCertTypeOK(t *testing.T) { function withRequestID (line 108) | func withRequestID(t *testing.T, ctx context.Context, requestID string) ... function TestWebhookController_Enrich (line 113) | func TestWebhookController_Enrich(t *testing.T) { function TestWebhookController_Authorize (line 301) | func TestWebhookController_Authorize(t *testing.T) { function TestWebhook_Do (line 440) | func TestWebhook_Do(t *testing.T) { function TestWebhook_Validate (line 677) | func TestWebhook_Validate(t *testing.T) { FILE: authority/provisioner/wire/dpop_options.go type DPOPOptions (line 13) | type DPOPOptions struct method GetSigningKey (line 23) | func (o *DPOPOptions) GetSigningKey() crypto.PublicKey { method EvaluateTarget (line 27) | func (o *DPOPOptions) EvaluateTarget(deviceID string) (string, error) { method validateAndInitialize (line 38) | func (o *DPOPOptions) validateAndInitialize() (err error) { FILE: authority/provisioner/wire/dpop_options_test.go function TestDPOPOptions_EvaluateTarget (line 12) | func TestDPOPOptions_EvaluateTarget(t *testing.T) { FILE: authority/provisioner/wire/oidc_options.go type Provider (line 17) | type Provider struct type Config (line 27) | type Config struct type OIDCOptions (line 39) | type OIDCOptions struct method GetVerifier (line 51) | func (o *OIDCOptions) GetVerifier(ctx context.Context) (*oidc.IDTokenV... method getConfig (line 75) | func (o *OIDCOptions) getConfig() *oidc.Config { method validateAndInitialize (line 93) | func (o *OIDCOptions) validateAndInitialize() (err error) { method EvaluateTarget (line 129) | func (o *OIDCOptions) EvaluateTarget(deviceID string) (string, error) { method Transform (line 137) | func (o *OIDCOptions) Transform(v map[string]any) (map[string]any, err... constant defaultTemplate (line 91) | defaultTemplate = `{"name": "{{ .name }}", "preferred_username": "{{ .pr... function parseTransform (line 121) | func parseTransform(transformTemplate string) (*template.Template, error) { function toOIDCProviderConfig (line 159) | func toOIDCProviderConfig(in *Provider) (*oidc.ProviderConfig, error) { FILE: authority/provisioner/wire/oidc_options_test.go function TestOIDCOptions_Transform (line 20) | func TestOIDCOptions_Transform(t *testing.T) { function TestOIDCOptions_EvaluateTarget (line 132) | func TestOIDCOptions_EvaluateTarget(t *testing.T) { function TestOIDCOptions_GetVerifier (line 183) | func TestOIDCOptions_GetVerifier(t *testing.T) { function mustDiscoveryServer (line 269) | func mustDiscoveryServer(t *testing.T, pub jose.JSONWebKey) *httptest.Se... FILE: authority/provisioner/wire/wire_options.go type Options (line 9) | type Options struct method GetOIDCOptions (line 15) | func (o *Options) GetOIDCOptions() *OIDCOptions { method GetDPOPOptions (line 23) | func (o *Options) GetDPOPOptions() *DPOPOptions { method Validate (line 33) | func (o *Options) Validate() error { FILE: authority/provisioner/wire/wire_options_test.go function TestOptions_Validate (line 10) | func TestOptions_Validate(t *testing.T) { FILE: authority/provisioner/x5c.go type x5cPayload (line 23) | type x5cPayload struct type X5C (line 33) | type X5C struct method GetID (line 47) | func (p *X5C) GetID() string { method GetIDForToken (line 56) | func (p *X5C) GetIDForToken() string { method GetTokenID (line 61) | func (p *X5C) GetTokenID(ott string) (string, error) { method GetName (line 79) | func (p *X5C) GetName() string { method GetType (line 84) | func (p *X5C) GetType() Type { method GetEncryptedKey (line 89) | func (p *X5C) GetEncryptedKey() (string, string, bool) { method Init (line 94) | func (p *X5C) Init(config Config) (err error) { method authorizeToken (line 137) | func (p *X5C) authorizeToken(token string, audiences []string) (*x5cPa... method AuthorizeRevoke (line 193) | func (p *X5C) AuthorizeRevoke(_ context.Context, token string) error { method AuthorizeSign (line 199) | func (p *X5C) AuthorizeSign(ctx context.Context, token string) ([]Sign... method AuthorizeRenew (line 270) | func (p *X5C) AuthorizeRenew(ctx context.Context, cert *x509.Certifica... method AuthorizeSSHSign (line 275) | func (p *X5C) AuthorizeSSHSign(_ context.Context, token string) ([]Sig... FILE: authority/provisioner/x5c_test.go function assertHasPrefix (line 24) | func assertHasPrefix(t *testing.T, s, p string) bool { function TestX5C_Getters (line 29) | func TestX5C_Getters(t *testing.T) { function TestX5C_Init (line 49) | func TestX5C_Init(t *testing.T) { function TestX5C_authorizeToken (line 168) | func TestX5C_authorizeToken(t *testing.T) { function TestX5C_AuthorizeSign (line 417) | func TestX5C_AuthorizeSign(t *testing.T) { function TestX5C_AuthorizeRevoke (line 550) | func TestX5C_AuthorizeRevoke(t *testing.T) { function TestX5C_AuthorizeRenew (line 622) | func TestX5C_AuthorizeRenew(t *testing.T) { function TestX5C_AuthorizeSSHSign (line 673) | func TestX5C_AuthorizeSSHSign(t *testing.T) { FILE: authority/provisioners.go type raProvisioner (line 28) | type raProvisioner interface type attProvisioner (line 32) | type attProvisioner interface function wrapProvisioner (line 38) | func wrapProvisioner(p provisioner.Interface, attData *provisioner.Attes... function wrapRAProvisioner (line 52) | func wrapRAProvisioner(p provisioner.Interface, raInfo *provisioner.RAIn... function isRAProvisioner (line 60) | func isRAProvisioner(p provisioner.Interface) bool { type wrappedProvisioner (line 68) | type wrappedProvisioner struct method AttestationData (line 74) | func (p *wrappedProvisioner) AttestationData() *provisioner.Attestatio... method RAInfo (line 78) | func (p *wrappedProvisioner) RAInfo() *provisioner.RAInfo { method GetEncryptedKey (line 83) | func (a *Authority) GetEncryptedKey(kid string) (string, error) { method GetProvisioners (line 95) | func (a *Authority) GetProvisioners(cursor string, limit int) (provision... method LoadProvisionerByCertificate (line 104) | func (a *Authority) LoadProvisionerByCertificate(crt *x509.Certificate) ... method unsafeLoadProvisionerFromExtension (line 113) | func (a *Authority) unsafeLoadProvisionerFromExtension(crt *x509.Certifi... method unsafeLoadProvisionerFromDatabase (line 121) | func (a *Authority) unsafeLoadProvisionerFromDatabase(crt *x509.Certific... method LoadProvisionerByToken (line 149) | func (a *Authority) LoadProvisionerByToken(token *jose.JSONWebToken, cla... method LoadProvisionerByID (line 160) | func (a *Authority) LoadProvisionerByID(id string) (provisioner.Interfac... method LoadProvisionerByName (line 171) | func (a *Authority) LoadProvisionerByName(name string) (provisioner.Inte... method generateProvisionerConfig (line 181) | func (a *Authority) generateProvisionerConfig(ctx context.Context) (prov... method StoreProvisioner (line 212) | func (a *Authority) StoreProvisioner(ctx context.Context, prov *linkedca... method UpdateProvisioner (line 270) | func (a *Authority) UpdateProvisioner(ctx context.Context, nu *linkedca.... method RemoveProvisioner (line 306) | func (a *Authority) RemoveProvisioner(ctx context.Context, id string) er... function CreateFirstProvisioner (line 353) | func CreateFirstProvisioner(ctx context.Context, adminDB admin.DB, passw... function ValidateClaims (line 403) | func ValidateClaims(c *linkedca.Claims) error { function ValidateDurations (line 430) | func ValidateDurations(d *linkedca.Durations) error { function provisionerListToCertificates (line 478) | func provisionerListToCertificates(l []*linkedca.Provisioner) (provision... function optionsToCertificates (line 490) | func optionsToCertificates(p *linkedca.Provisioner) *provisioner.Options { function webhookToCertificates (line 564) | func webhookToCertificates(wh *linkedca.Webhook) *provisioner.Webhook { function provisionerWebhookToLinkedca (line 586) | func provisionerWebhookToLinkedca(pwh *provisioner.Webhook) *linkedca.We... function durationsToCertificates (line 614) | func durationsToCertificates(d *linkedca.Durations) (minDur, maxDur, def... function durationsToLinkedca (line 636) | func durationsToLinkedca(d *provisioner.Duration) string { function claimsToCertificates (line 645) | func claimsToCertificates(c *linkedca.Claims) (*provisioner.Claims, erro... function claimsToLinkedca (line 686) | func claimsToLinkedca(c *provisioner.Claims) *linkedca.Claims { function provisionerOptionsToLinkedca (line 745) | func provisionerOptionsToLinkedca(p *provisioner.Options) (*linkedca.Tem... function provisionerPEMToLinkedca (line 801) | func provisionerPEMToLinkedca(b []byte) [][]byte { function provisionerPEMToCertificates (line 813) | func provisionerPEMToCertificates(bs [][]byte) []byte { function ProvisionerToCertificates (line 826) | func ProvisionerToCertificates(p *linkedca.Provisioner) (provisioner.Int... function ProvisionerToLinkedca (line 1029) | func ProvisionerToLinkedca(p provisioner.Interface) (*linkedca.Provision... function parseInstanceAge (line 1307) | func parseInstanceAge(age string) (provisioner.Duration, error) { function challengesToCertificates (line 1321) | func challengesToCertificates(challenges []linkedca.ACMEProvisioner_Chal... function challengesToLinkedca (line 1340) | func challengesToLinkedca(challenges []provisioner.ACMEChallenge) []link... function attestationFormatsToCertificates (line 1359) | func attestationFormatsToCertificates(formats []linkedca.ACMEProvisioner... function attestationFormatsToLinkedca (line 1376) | func attestationFormatsToLinkedca(formats []provisioner.ACMEAttestationF... FILE: authority/provisioners_test.go function TestGetEncryptedKey (line 25) | func TestGetEncryptedKey(t *testing.T) { type mockAdminDB (line 83) | type mockAdminDB struct method GetCertificateData (line 88) | func (c *mockAdminDB) GetCertificateData(sn string) (*db.CertificateDa... function TestGetProvisioners (line 92) | func TestGetProvisioners(t *testing.T) { function TestAuthority_LoadProvisionerByCertificate (line 138) | func TestAuthority_LoadProvisionerByCertificate(t *testing.T) { function TestProvisionerWebhookToLinkedca (line 264) | func TestProvisionerWebhookToLinkedca(t *testing.T) { function Test_wrapRAProvisioner (line 343) | func Test_wrapRAProvisioner(t *testing.T) { function Test_isRAProvisioner (line 367) | func Test_isRAProvisioner(t *testing.T) { FILE: authority/root.go method Root (line 10) | func (a *Authority) Root(sum string) (*x509.Certificate, error) { method GetRootCertificate (line 24) | func (a *Authority) GetRootCertificate() *x509.Certificate { method GetRootCertificates (line 35) | func (a *Authority) GetRootCertificates() []*x509.Certificate { method GetRoots (line 41) | func (a *Authority) GetRoots() ([]*x509.Certificate, error) { method GetFederation (line 47) | func (a *Authority) GetFederation() (federation []*x509.Certificate, err... method GetIntermediateCertificate (line 67) | func (a *Authority) GetIntermediateCertificate() *x509.Certificate { method GetIntermediateCertificates (line 80) | func (a *Authority) GetIntermediateCertificates() []*x509.Certificate { FILE: authority/root_test.go function TestRoot (line 19) | func TestRoot(t *testing.T) { function TestAuthority_GetRootCertificate (line 52) | func TestAuthority_GetRootCertificate(t *testing.T) { function TestAuthority_GetRootCertificates (line 74) | func TestAuthority_GetRootCertificates(t *testing.T) { function TestAuthority_GetRoots (line 96) | func TestAuthority_GetRoots(t *testing.T) { function TestAuthority_GetFederation (line 124) | func TestAuthority_GetFederation(t *testing.T) { function TestAuthority_GetIntermediateCertificate (line 159) | func TestAuthority_GetIntermediateCertificate(t *testing.T) { FILE: authority/ssh.go constant SSHAddUserPrincipal (line 30) | SSHAddUserPrincipal = "provisioner" constant SSHAddUserCommand (line 36) | SSHAddUserCommand = "sudo useradd -m ; nc -q0 localhost 22" method GetSSHRoots (line 40) | func (a *Authority) GetSSHRoots(context.Context) (*config.SSHKeys, error) { method GetSSHFederation (line 48) | func (a *Authority) GetSSHFederation(context.Context) (*config.SSHKeys, ... method GetSSHConfig (line 56) | func (a *Authority) GetSSHConfig(_ context.Context, typ string, data map... method GetSSHBastion (line 124) | func (a *Authority) GetSSHBastion(ctx context.Context, user, hostname st... method SignSSH (line 150) | func (a *Authority) SignSSH(ctx context.Context, key ssh.PublicKey, opts... method signSSH (line 156) | func (a *Authority) signSSH(ctx context.Context, key ssh.PublicKey, opts... method isAllowedToSignSSHCertificate (line 333) | func (a *Authority) isAllowedToSignSSHCertificate(cert *ssh.Certificate)... method RenewSSH (line 338) | func (a *Authority) RenewSSH(ctx context.Context, oldCert *ssh.Certifica... method renewSSH (line 344) | func (a *Authority) renewSSH(ctx context.Context, oldCert *ssh.Certifica... method RekeySSH (line 409) | func (a *Authority) RekeySSH(ctx context.Context, oldCert *ssh.Certifica... method rekeySSH (line 415) | func (a *Authority) rekeySSH(ctx context.Context, oldCert *ssh.Certifica... method storeSSHCertificate (line 496) | func (a *Authority) storeSSHCertificate(prov provisioner.Interface, cert... method storeRenewedSSHCertificate (line 520) | func (a *Authority) storeRenewedSSHCertificate(prov provisioner.Interfac... function IsValidForAddUser (line 546) | func IsValidForAddUser(cert *ssh.Certificate) error { method SignSSHAddUser (line 569) | func (a *Authority) SignSSHAddUser(ctx context.Context, key ssh.PublicKe... method CheckSSHHost (line 633) | func (a *Authority) CheckSSHHost(ctx context.Context, principal, token s... method GetSSHHosts (line 656) | func (a *Authority) GetSSHHosts(ctx context.Context, cert *x509.Certific... method getAddUserPrincipal (line 676) | func (a *Authority) getAddUserPrincipal() (cmd string) { method getAddUserCommand (line 683) | func (a *Authority) getAddUserCommand(principal string) string { method callEnrichingWebhooksSSH (line 693) | func (a *Authority) callEnrichingWebhooksSSH(ctx context.Context, prov p... method callAuthorizingWebhooksSSH (line 709) | func (a *Authority) callAuthorizingWebhooksSSH(ctx context.Context, prov... FILE: authority/ssh_test.go type sshTestModifier (line 29) | type sshTestModifier method Modify (line 31) | func (m sshTestModifier) Modify(cert *ssh.Certificate, _ provisioner.S... type sshTestCertModifier (line 56) | type sshTestCertModifier method Modify (line 58) | func (m sshTestCertModifier) Modify(*ssh.Certificate, provisioner.Sign... type sshTestCertValidator (line 65) | type sshTestCertValidator method Valid (line 67) | func (v sshTestCertValidator) Valid(*ssh.Certificate, provisioner.Sign... type sshTestOptionsValidator (line 74) | type sshTestOptionsValidator method Valid (line 76) | func (v sshTestOptionsValidator) Valid(provisioner.SignSSHOptions) err... type sshTestOptionsModifier (line 83) | type sshTestOptionsModifier method Modify (line 85) | func (m sshTestOptionsModifier) Modify(*ssh.Certificate, provisioner.S... function TestAuthority_initHostOnly (line 92) | func TestAuthority_initHostOnly(t *testing.T) { function TestAuthority_initUserOnly (line 115) | func TestAuthority_initUserOnly(t *testing.T) { function TestAuthority_SignSSH (line 138) | func TestAuthority_SignSSH(t *testing.T) { function TestAuthority_SignSSHAddUser (line 320) | func TestAuthority_SignSSHAddUser(t *testing.T) { function TestAuthority_GetSSHRoots (line 412) | func TestAuthority_GetSSHRoots(t *testing.T) { function TestAuthority_GetSSHFederation (line 454) | func TestAuthority_GetSSHFederation(t *testing.T) { function TestAuthority_GetSSHConfig (line 496) | func TestAuthority_GetSSHConfig(t *testing.T) { function TestAuthority_CheckSSHHost (line 669) | func TestAuthority_CheckSSHHost(t *testing.T) { function TestSSHConfig_Validate (line 713) | func TestSSHConfig_Validate(t *testing.T) { function TestAuthority_GetSSHBastion (line 738) | func TestAuthority_GetSSHBastion(t *testing.T) { function TestAuthority_GetSSHHosts (line 787) | func TestAuthority_GetSSHHosts(t *testing.T) { function TestAuthority_RekeySSH (line 882) | func TestAuthority_RekeySSH(t *testing.T) { function TestIsValidForAddUser (line 1110) | func TestIsValidForAddUser(t *testing.T) { FILE: authority/tls.go type tokenKey (line 37) | type tokenKey struct function NewTokenContext (line 40) | func NewTokenContext(ctx context.Context, token string) context.Context { function TokenFromContext (line 45) | func TokenFromContext(ctx context.Context) (token string, ok bool) { method GetTLSOptions (line 51) | func (a *Authority) GetTLSOptions() *config.TLSOptions { function withDefaultASN1DN (line 61) | func withDefaultASN1DN(def *config.ASN1DN) provisioner.CertificateModifi... method GetX509Signer (line 102) | func (a *Authority) GetX509Signer() (crypto.Signer, error) { method Sign (line 113) | func (a *Authority) Sign(csr *x509.CertificateRequest, signOpts provisio... method SignWithContext (line 119) | func (a *Authority) SignWithContext(ctx context.Context, csr *x509.Certi... method signX509 (line 125) | func (a *Authority) signX509(ctx context.Context, csr *x509.CertificateR... method isAllowedToSignX509Certificate (line 330) | func (a *Authority) isAllowedToSignX509Certificate(cert *x509.Certificat... method AreSANsAllowed (line 339) | func (a *Authority) AreSANsAllowed(_ context.Context, sans []string) err... method Renew (line 345) | func (a *Authority) Renew(oldCert *x509.Certificate) ([]*x509.Certificat... method Rekey (line 359) | func (a *Authority) Rekey(oldCert *x509.Certificate, pk crypto.PublicKey... method RenewContext (line 372) | func (a *Authority) RenewContext(ctx context.Context, oldCert *x509.Cert... method renewContext (line 382) | func (a *Authority) renewContext(ctx context.Context, oldCert *x509.Cert... method storeCertificate (line 503) | func (a *Authority) storeCertificate(prov provisioner.Interface, fullcha... method storeRenewedCertificate (line 536) | func (a *Authority) storeRenewedCertificate(oldCert *x509.Certificate, f... type RevokeOptions (line 558) | type RevokeOptions struct method Revoke (line 575) | func (a *Authority) Revoke(ctx context.Context, revokeOpts *RevokeOption... method revoke (line 715) | func (a *Authority) revoke(crt *x509.Certificate, rci *db.RevokedCertifi... method revokeSSH (line 724) | func (a *Authority) revokeSSH(crt *ssh.Certificate, rci *db.RevokedCerti... type CertificateRevocationListInfo (line 734) | type CertificateRevocationListInfo struct method GetCertificateRevocationList (line 743) | func (a *Authority) GetCertificateRevocationList() (*CertificateRevocati... method GenerateCertificateRevocationList (line 768) | func (a *Authority) GenerateCertificateRevocationList() error { method GetTLSCertificate (line 885) | func (a *Authority) GetTLSCertificate() (*tls.Certificate, error) { type distributionPoint (line 987) | type distributionPoint struct type distributionPointName (line 996) | type distributionPointName struct function marshalDistributionPoint (line 1009) | func marshalDistributionPoint(fullName string) ([]byte, error) { function templatingError (line 1022) | func templatingError(err error) error { method callEnrichingWebhooksX509 (line 1038) | func (a *Authority) callEnrichingWebhooksX509(ctx context.Context, prov ... method callAuthorizingWebhooksX509 (line 1062) | func (a *Authority) callAuthorizingWebhooksX509(ctx context.Context, pro... FILE: authority/tls_test.go constant provisionerTypeJWK (line 47) | provisionerTypeJWK = 1 type stepProvisionerASN1 (line 49) | type stepProvisionerASN1 struct type certificateDurationEnforcer (line 55) | type certificateDurationEnforcer struct method Enforce (line 60) | func (m *certificateDurationEnforcer) Enforce(cert *x509.Certificate) ... type certificateChainDB (line 66) | type certificateChainDB struct method StoreCertificateChain (line 71) | func (d *certificateChainDB) StoreCertificateChain(p provisioner.Inter... function getDefaultIssuer (line 75) | func getDefaultIssuer(a *Authority) *x509.Certificate { function getDefaultSigner (line 79) | func getDefaultSigner(a *Authority) crypto.Signer { function generateCertificate (line 83) | func generateCertificate(t *testing.T, commonName string, sans []string,... function generateRootCertificate (line 112) | func generateRootCertificate(t *testing.T) (*x509.Certificate, crypto.Si... function generateIntermidiateCertificate (line 130) | func generateIntermidiateCertificate(t *testing.T, issuer *x509.Certific... function withSubject (line 148) | func withSubject(sub pkix.Name) provisioner.CertificateModifierFunc { function withProvisionerOID (line 155) | func withProvisionerOID(name, kid string) provisioner.CertificateModifie... function withNotBeforeNotAfter (line 174) | func withNotBeforeNotAfter(notBefore, notAfter time.Time) provisioner.Ce... type signerFunc (line 182) | type signerFunc function withSigner (line 184) | func withSigner(issuer *x509.Certificate, signer crypto.Signer) signerFu... function getCSR (line 190) | func getCSR(t *testing.T, priv interface{}, opts ...func(*x509.Certifica... function setExtraExtsCSR (line 205) | func setExtraExtsCSR(exts []pkix.Extension) func(*x509.CertificateReques... function generateSubjectKeyID (line 211) | func generateSubjectKeyID(pub crypto.PublicKey) ([]byte, error) { type basicConstraints (line 228) | type basicConstraints struct type testEnforcer (line 233) | type testEnforcer struct method Enforce (line 237) | func (e *testEnforcer) Enforce(cert *x509.Certificate) error { function assertHasPrefix (line 244) | func assertHasPrefix(t *testing.T, s, p string) bool { function TestAuthority_SignWithContext (line 249) | func TestAuthority_SignWithContext(t *testing.T) { function TestAuthority_Renew (line 1019) | func TestAuthority_Renew(t *testing.T) { function TestAuthority_Rekey (line 1254) | func TestAuthority_Rekey(t *testing.T) { function TestAuthority_GetTLSOptions (line 1468) | func TestAuthority_GetTLSOptions(t *testing.T) { function TestAuthority_Revoke (line 1504) | func TestAuthority_Revoke(t *testing.T) { function TestAuthority_constraints (line 1844) | func TestAuthority_constraints(t *testing.T) { function TestAuthority_CRL (line 1927) | func TestAuthority_CRL(t *testing.T) { type notImplementedCAS (line 2142) | type notImplementedCAS struct method CreateCertificate (line 2144) | func (notImplementedCAS) CreateCertificate(req *apiv1.CreateCertificat... method RenewCertificate (line 2147) | func (notImplementedCAS) RenewCertificate(req *apiv1.RenewCertificateR... method RevokeCertificate (line 2150) | func (notImplementedCAS) RevokeCertificate(req *apiv1.RevokeCertificat... function TestAuthority_GetX509Signer (line 2154) | func TestAuthority_GetX509Signer(t *testing.T) { FILE: authority/version.go type Version (line 9) | type Version struct method Version (line 15) | func (a *Authority) Version() Version { FILE: authority/webhook.go type webhookController (line 9) | type webhookController interface FILE: authority/webhook_test.go type mockWebhookController (line 10) | type mockWebhookController struct method Enrich (line 19) | func (wc *mockWebhookController) Enrich(context.Context, *webhook.Requ... method Authorize (line 27) | func (wc *mockWebhookController) Authorize(context.Context, *webhook.R... FILE: ca/acmeClient.go type ACMEClient (line 22) | type ACMEClient struct method GetDirectory (line 103) | func (c *ACMEClient) GetDirectory() (*acmeAPI.Directory, error) { method GetNonce (line 109) | func (c *ACMEClient) GetNonce() (string, error) { method post (line 160) | func (c *ACMEClient) post(payload []byte, url string, headerOps ...wit... method NewOrder (line 204) | func (c *ACMEClient) NewOrder(payload []byte) (*acme.Order, error) { method GetChallenge (line 225) | func (c *ACMEClient) GetChallenge(url string) (*acme.Challenge, error) { method ValidateChallenge (line 245) | func (c *ACMEClient) ValidateChallenge(url string) error { method ValidateWithPayload (line 259) | func (c *ACMEClient) ValidateWithPayload(url string, payload []byte) e... method GetAuthz (line 272) | func (c *ACMEClient) GetAuthz(url string) (*acme.Authorization, error) { method GetOrder (line 290) | func (c *ACMEClient) GetOrder(url string) (*acme.Order, error) { method FinalizeOrder (line 308) | func (c *ACMEClient) FinalizeOrder(url string, csr *x509.CertificateRe... method GetCertificate (line 327) | func (c *ACMEClient) GetCertificate(url string) (*x509.Certificate, []... method GetAccountOrders (line 361) | func (c *ACMEClient) GetAccountOrders() ([]string, error) { function NewACMEClient (line 32) | func NewACMEClient(endpoint string, contact []string, opts ...ClientOpti... type withHeaderOption (line 127) | type withHeaderOption function withJWK (line 129) | func withJWK(c *ACMEClient) withHeaderOption { function withKid (line 135) | func withKid(c *ACMEClient) withHeaderOption { function serialize (line 142) | func serialize(obj *jose.JSONWebSignature) (string, error) { function readACMEError (line 382) | func readACMEError(r io.ReadCloser) error { FILE: ca/acmeClient_test.go function TestNewACMEClient (line 25) | func TestNewACMEClient(t *testing.T) { function TestACMEClient_GetDirectory (line 145) | func TestACMEClient_GetDirectory(t *testing.T) { function TestACMEClient_GetNonce (line 160) | func TestACMEClient_GetNonce(t *testing.T) { function TestACMEClient_post (line 227) | func TestACMEClient_post(t *testing.T) { function TestACMEClient_NewOrder (line 361) | func TestACMEClient_NewOrder(t *testing.T) { function TestACMEClient_GetOrder (line 498) | func TestACMEClient_GetOrder(t *testing.T) { function TestACMEClient_GetAuthz (line 620) | func TestACMEClient_GetAuthz(t *testing.T) { function TestACMEClient_GetChallenge (line 742) | func TestACMEClient_GetChallenge(t *testing.T) { function TestACMEClient_ValidateChallenge (line 865) | func TestACMEClient_ValidateChallenge(t *testing.T) { function TestACMEClient_ValidateWithPayload (line 984) | func TestACMEClient_ValidateWithPayload(t *testing.T) { function TestACMEClient_FinalizeOrder (line 1078) | func TestACMEClient_FinalizeOrder(t *testing.T) { function TestACMEClient_GetAccountOrders (line 1204) | func TestACMEClient_GetAccountOrders(t *testing.T) { function TestACMEClient_GetCertificate (line 1337) | func TestACMEClient_GetCertificate(t *testing.T) { FILE: ca/adminClient.go constant adminURLPrefix (line 30) | adminURLPrefix = "admin" constant adminIssuer (line 31) | adminIssuer = "step-admin-client/1.0" type AdminClient (line 35) | type AdminClient struct method generateAdminToken (line 101) | func (c *AdminClient) generateAdminToken(aud *url.URL) (string, error) { method retryOnError (line 133) | func (c *AdminClient) retryOnError(r *http.Response) bool { method IsEnabled (line 153) | func (c *AdminClient) IsEnabled() error { method GetAdmin (line 175) | func (c *AdminClient) GetAdmin(id string) (*linkedca.Admin, error) { method GetAdminsPaginate (line 242) | func (c *AdminClient) GetAdminsPaginate(opts ...AdminOption) (*adminAP... method GetAdmins (line 281) | func (c *AdminClient) GetAdmins(...AdminOption) ([]*linkedca.Admin, er... method CreateAdmin (line 300) | func (c *AdminClient) CreateAdmin(createAdminRequest *adminAPI.CreateA... method RemoveAdmin (line 336) | func (c *AdminClient) RemoveAdmin(id string) error { method UpdateAdmin (line 364) | func (c *AdminClient) UpdateAdmin(id string, uar *adminAPI.UpdateAdmin... method GetProvisioner (line 400) | func (c *AdminClient) GetProvisioner(opts ...ProvisionerOption) (*link... method GetProvisionersPaginate (line 447) | func (c *AdminClient) GetProvisionersPaginate(opts ...ProvisionerOptio... method GetProvisioners (line 486) | func (c *AdminClient) GetProvisioners(...AdminOption) (provisioner.Lis... method RemoveProvisioner (line 505) | func (c *AdminClient) RemoveProvisioner(opts ...ProvisionerOption) err... method CreateProvisioner (line 552) | func (c *AdminClient) CreateProvisioner(prov *linkedca.Provisioner) (*... method UpdateProvisioner (line 588) | func (c *AdminClient) UpdateProvisioner(name string, prov *linkedca.Pr... method GetExternalAccountKeysPaginate (line 620) | func (c *AdminClient) GetExternalAccountKeysPaginate(provisionerName, ... method CreateExternalAccountKey (line 663) | func (c *AdminClient) CreateExternalAccountKey(provisionerName string,... method RemoveExternalAccountKey (line 699) | func (c *AdminClient) RemoveExternalAccountKey(provisionerName, keyID ... method GetAuthorityPolicy (line 726) | func (c *AdminClient) GetAuthorityPolicy() (*linkedca.Policy, error) { method CreateAuthorityPolicy (line 757) | func (c *AdminClient) CreateAuthorityPolicy(p *linkedca.Policy) (*link... method UpdateAuthorityPolicy (line 792) | func (c *AdminClient) UpdateAuthorityPolicy(p *linkedca.Policy) (*link... method RemoveAuthorityPolicy (line 827) | func (c *AdminClient) RemoveAuthorityPolicy() error { method GetProvisionerPolicy (line 854) | func (c *AdminClient) GetProvisionerPolicy(provisionerName string) (*l... method CreateProvisionerPolicy (line 885) | func (c *AdminClient) CreateProvisionerPolicy(provisionerName string, ... method UpdateProvisionerPolicy (line 920) | func (c *AdminClient) UpdateProvisionerPolicy(provisionerName string, ... method RemoveProvisionerPolicy (line 955) | func (c *AdminClient) RemoveProvisionerPolicy(provisionerName string) ... method GetACMEPolicy (line 982) | func (c *AdminClient) GetACMEPolicy(provisionerName, reference, keyID ... method CreateACMEPolicy (line 1020) | func (c *AdminClient) CreateACMEPolicy(provisionerName, reference, key... method UpdateACMEPolicy (line 1062) | func (c *AdminClient) UpdateACMEPolicy(provisionerName, reference, key... method RemoveACMEPolicy (line 1104) | func (c *AdminClient) RemoveACMEPolicy(provisionerName, reference, key... method CreateProvisionerWebhook (line 1138) | func (c *AdminClient) CreateProvisionerWebhook(provisionerName string,... method UpdateProvisionerWebhook (line 1173) | func (c *AdminClient) UpdateProvisionerWebhook(provisionerName string,... method DeleteProvisionerWebhook (line 1208) | func (c *AdminClient) DeleteProvisionerWebhook(provisionerName, webhoo... type AdminClientError (line 52) | type AdminClientError struct method Error (line 59) | func (e *AdminClientError) Error() string { function defaultClientOptions (line 65) | func defaultClientOptions() clientOptions { function NewAdminClient (line 72) | func NewAdminClient(endpoint string, opts ...ClientOption) (*AdminClient... type AdminOption (line 198) | type AdminOption type adminOptions (line 200) | type adminOptions struct method apply (line 205) | func (o *adminOptions) apply(opts []AdminOption) (err error) { method rawQuery (line 214) | func (o *adminOptions) rawQuery() string { function WithAdminCursor (line 226) | func WithAdminCursor(cursor string) AdminOption { function WithAdminLimit (line 234) | func WithAdminLimit(limit int) AdminOption { function readAdminError (line 1235) | func readAdminError(r io.ReadCloser) error { FILE: ca/bootstrap.go type tokenClaims (line 16) | type tokenClaims struct function Bootstrap (line 23) | func Bootstrap(token string) (*Client, error) { function BootstrapClient (line 63) | func BootstrapClient(ctx context.Context, token string, options ...TLSOp... function BootstrapServer (line 118) | func BootstrapServer(ctx context.Context, token string, base *http.Serve... function BootstrapListener (line 171) | func BootstrapListener(ctx context.Context, token string, inner net.List... type bootstrap (line 194) | type bootstrap struct function createBootstrap (line 201) | func createBootstrap(token string) (*bootstrap, error) { FILE: ca/bootstrap_test.go function newLocalListener (line 28) | func newLocalListener() net.Listener { function setMinCertDuration (line 38) | func setMinCertDuration(time.Duration) func() { function startCABootstrapServer (line 46) | func startCABootstrapServer() *httptest.Server { function startCAServer (line 69) | func startCAServer(configFile string) (*CA, string, error) { function mTLSMiddleware (line 87) | func mTLSMiddleware(next http.Handler, nonAuthenticatedPaths ...string) ... function generateBootstrapToken (line 112) | func generateBootstrapToken(ca, subject, sha string) string { function TestBootstrap (line 150) | func TestBootstrap(t *testing.T) { function TestBootstrapServerWithoutMTLS (line 204) | func TestBootstrapServerWithoutMTLS(t *testing.T) { function TestBootstrapServerWithMTLS (line 262) | func TestBootstrapServerWithMTLS(t *testing.T) { function TestBootstrapClient (line 319) | func TestBootstrapClient(t *testing.T) { function TestBootstrapClientServerRotation (line 381) | func TestBootstrapClientServerRotation(t *testing.T) { function TestBootstrapClientServerFederation (line 513) | func TestBootstrapClientServerFederation(t *testing.T) { function doReload (line 594) | func doReload(ca *CA) error { function TestBootstrapListener (line 618) | func TestBootstrapListener(t *testing.T) { FILE: ca/ca.go type options (line 47) | type options struct method apply (line 60) | func (o *options) apply(opts []Option) { type Option (line 67) | type Option function WithConfigFile (line 71) | func WithConfigFile(name string) Option { function WithX509CAService (line 78) | func WithX509CAService(svc apiv1.CertificateAuthorityService) Option { function WithPassword (line 86) | func WithPassword(password []byte) Option { function WithSSHHostPassword (line 94) | func WithSSHHostPassword(password []byte) Option { function WithSSHUserPassword (line 102) | func WithSSHUserPassword(password []byte) Option { function WithIssuerPassword (line 110) | func WithIssuerPassword(password []byte) Option { function WithDatabase (line 117) | func WithDatabase(d db.AuthDB) Option { function WithTLSConfig (line 125) | func WithTLSConfig(t *tls.Config) Option { function WithLinkedCAToken (line 132) | func WithLinkedCAToken(token string) Option { function WithQuiet (line 139) | func WithQuiet(quiet bool) Option { type CA (line 147) | type CA struct method Init (line 170) | func (ca *CA) Init(cfg *config.Config) (*CA, error) { method shouldServeInsecureServer (line 392) | func (ca *CA) shouldServeInsecureServer() bool { method Run (line 424) | func (ca *CA) Run() error { method Stop (line 500) | func (ca *CA) Stop() error { method Reload (line 536) | func (ca *CA) Reload() error { method getTLSConfig (line 611) | func (ca *CA) getTLSConfig(auth *authority.Authority) (*tls.Config, *t... method shouldServeSCEPEndpoints (line 692) | func (ca *CA) shouldServeSCEPEndpoints() bool { method getConfigFileOutput (line 708) | func (ca *CA) getConfigFileOutput() string { method runCompactJob (line 717) | func (ca *CA) runCompactJob() { function New (line 159) | func New(cfg *config.Config, opts ...Option) (*CA, error) { function buildContext (line 406) | func buildContext(a *authority.Authority, scepAuthority *scep.Authority,... function dumpRoutes (line 697) | func dumpRoutes(mux chi.Routes) { function runCompact (line 745) | func runCompact(c nosql.Compactor) { FILE: ca/ca_test.go type ClosingBuffer (line 36) | type ClosingBuffer struct method Close (line 40) | func (cb *ClosingBuffer) Close() error { function getCSR (line 44) | func getCSR(priv interface{}) (*x509.CertificateRequest, error) { function generateSubjectKeyID (line 56) | func generateSubjectKeyID(pub crypto.PublicKey) ([]byte, error) { function TestMain (line 74) | func TestMain(m *testing.M) { function TestCASign (line 79) | func TestCASign(t *testing.T) { function TestCAProvisioners (line 342) | func TestCAProvisioners(t *testing.T) { function TestCAProvisionerEncryptedKey (line 399) | func TestCAProvisionerEncryptedKey(t *testing.T) { function TestCARoot (line 464) | func TestCARoot(t *testing.T) { function TestCAHealth (line 529) | func TestCAHealth(t *testing.T) { function TestCARenew (line 571) | func TestCARenew(t *testing.T) { FILE: ca/client.go type uaClient (line 53) | type uaClient struct method GetTransport (line 75) | func (c *uaClient) GetTransport() http.RoundTripper { method SetTransport (line 79) | func (c *uaClient) SetTransport(tr http.RoundTripper) { method CloseIdleConnections (line 83) | func (c *uaClient) CloseIdleConnections() { method Get (line 87) | func (c *uaClient) Get(u string) (*http.Response, error) { method GetWithContext (line 91) | func (c *uaClient) GetWithContext(ctx context.Context, u string) (*htt... method Post (line 99) | func (c *uaClient) Post(u, contentType string, body io.Reader) (*http.... method PostWithContext (line 103) | func (c *uaClient) PostWithContext(ctx context.Context, u, contentType... method Do (line 143) | func (c *uaClient) Do(req *http.Request) (*http.Response, error) { function newClient (line 57) | func newClient(transport http.RoundTripper, timeout time.Duration) *uaCl... function newInsecureClient (line 67) | func newInsecureClient() *uaClient { constant requestIDHeader (line 114) | requestIDHeader = "X-Request-Id" function newRequestID (line 118) | func newRequestID() string { function enforceRequestID (line 130) | func enforceRequestID(r *http.Request) { type RetryFunc (line 151) | type RetryFunc type ClientOption (line 154) | type ClientOption type TransportDecorator (line 158) | type TransportDecorator type clientOptions (line 160) | type clientOptions struct method apply (line 177) | func (o *clientOptions) apply(opts []ClientOption) (err error) { method applyDefaultIdentity (line 189) | func (o *clientOptions) applyDefaultIdentity() { method checkTransport (line 212) | func (o *clientOptions) checkTransport() error { method getTransport (line 220) | func (o *clientOptions) getTransport(endpoint string) (tr http.RoundTr... function WithTransport (line 286) | func WithTransport(tr http.RoundTripper) ClientOption { function WithTransportDecorator (line 299) | func WithTransportDecorator(fn TransportDecorator) ClientOption { function WithInsecure (line 307) | func WithInsecure() ClientOption { function WithRootFile (line 323) | func WithRootFile(filename string) ClientOption { function WithRootSHA256 (line 336) | func WithRootSHA256(sum string) ClientOption { function WithCABundle (line 348) | func WithCABundle(bundle []byte) ClientOption { function WithCertificate (line 360) | func WithCertificate(cert tls.Certificate) ClientOption { function WithAdminX5C (line 369) | func WithAdminX5C(certs []*x509.Certificate, key interface{}, passwordFi... function WithRetryFunc (line 407) | func WithRetryFunc(fn RetryFunc) ClientOption { function WithTimeout (line 417) | func WithTimeout(d time.Duration) ClientOption { function getTransportFromFile (line 424) | func getTransportFromFile(filename string) (http.RoundTripper, error) { function getTransportFromSHA256 (line 440) | func getTransportFromSHA256(endpoint, sum string) (http.RoundTripper, er... function getTransportFromCABundle (line 459) | func getTransportFromCABundle(bundle []byte) (http.RoundTripper, error) { function parseEndpoint (line 474) | func parseEndpoint(endpoint string) (*url.URL, error) { type ProvisionerOption (line 510) | type ProvisionerOption type ProvisionerOptions (line 513) | type ProvisionerOptions struct method Apply (line 521) | func (o *ProvisionerOptions) Apply(opts []ProvisionerOption) (err erro... method rawQuery (line 530) | func (o *ProvisionerOptions) rawQuery() string { function WithProvisionerCursor (line 548) | func WithProvisionerCursor(cursor string) ProvisionerOption { function WithProvisionerLimit (line 556) | func WithProvisionerLimit(limit int) ProvisionerOption { function WithProvisionerID (line 564) | func WithProvisionerID(id string) ProvisionerOption { function WithProvisionerName (line 572) | func WithProvisionerName(name string) ProvisionerOption { type Client (line 580) | type Client struct method retryOnError (line 616) | func (c *Client) retryOnError(r *http.Response) bool { method GetCaURL (line 636) | func (c *Client) GetCaURL() string { method GetRootCAs (line 642) | func (c *Client) GetRootCAs() *x509.CertPool { method SetTransport (line 660) | func (c *Client) SetTransport(tr http.RoundTripper) { method CloseIdleConnections (line 667) | func (c *Client) CloseIdleConnections() { method Version (line 673) | func (c *Client) Version() (*api.VersionResponse, error) { method VersionWithContext (line 679) | func (c *Client) VersionWithContext(ctx context.Context) (*api.Version... method Health (line 703) | func (c *Client) Health() (*api.HealthResponse, error) { method HealthWithContext (line 709) | func (c *Client) HealthWithContext(ctx context.Context) (*api.HealthRe... method Root (line 735) | func (c *Client) Root(sha256Sum string) (*api.RootResponse, error) { method RootWithContext (line 743) | func (c *Client) RootWithContext(ctx context.Context, sha256Sum string... method Sign (line 773) | func (c *Client) Sign(req *api.SignRequest) (*api.SignResponse, error) { method SignWithContext (line 779) | func (c *Client) SignWithContext(ctx context.Context, req *api.SignReq... method Renew (line 810) | func (c *Client) Renew(tr http.RoundTripper) (*api.SignResponse, error) { method RenewWithContext (line 816) | func (c *Client) RenewWithContext(ctx context.Context, tr http.RoundTr... method RenewWithToken (line 847) | func (c *Client) RenewWithToken(token string) (*api.SignResponse, erro... method RenewWithTokenAndContext (line 854) | func (c *Client) RenewWithTokenAndContext(ctx context.Context, token s... method Rekey (line 883) | func (c *Client) Rekey(req *api.RekeyRequest, tr http.RoundTripper) (*... method RekeyWithContext (line 889) | func (c *Client) RekeyWithContext(ctx context.Context, req *api.RekeyR... method Revoke (line 923) | func (c *Client) Revoke(req *api.RevokeRequest, tr http.RoundTripper) ... method RevokeWithContext (line 929) | func (c *Client) RevokeWithContext(ctx context.Context, req *api.Revok... method Provisioners (line 967) | func (c *Client) Provisioners(opts ...ProvisionerOption) (*api.Provisi... method ProvisionersWithContext (line 976) | func (c *Client) ProvisionersWithContext(ctx context.Context, opts ...... method ProvisionerKey (line 1008) | func (c *Client) ProvisionerKey(kid string) (*api.ProvisionerKeyRespon... method ProvisionerKeyWithContext (line 1015) | func (c *Client) ProvisionerKeyWithContext(ctx context.Context, kid st... method Roots (line 1039) | func (c *Client) Roots() (*api.RootsResponse, error) { method RootsWithContext (line 1045) | func (c *Client) RootsWithContext(ctx context.Context) (*api.RootsResp... method Federation (line 1069) | func (c *Client) Federation() (*api.FederationResponse, error) { method FederationWithContext (line 1075) | func (c *Client) FederationWithContext(ctx context.Context) (*api.Fede... method SSHSign (line 1099) | func (c *Client) SSHSign(req *api.SSHSignRequest) (*api.SSHSignRespons... method SSHSignWithContext (line 1105) | func (c *Client) SSHSignWithContext(ctx context.Context, req *api.SSHS... method SSHRenew (line 1133) | func (c *Client) SSHRenew(req *api.SSHRenewRequest) (*api.SSHRenewResp... method SSHRenewWithContext (line 1139) | func (c *Client) SSHRenewWithContext(ctx context.Context, req *api.SSH... method SSHRekey (line 1167) | func (c *Client) SSHRekey(req *api.SSHRekeyRequest) (*api.SSHRekeyResp... method SSHRekeyWithContext (line 1173) | func (c *Client) SSHRekeyWithContext(ctx context.Context, req *api.SSH... method SSHRevoke (line 1201) | func (c *Client) SSHRevoke(req *api.SSHRevokeRequest) (*api.SSHRevokeR... method SSHRevokeWithContext (line 1207) | func (c *Client) SSHRevokeWithContext(ctx context.Context, req *api.SS... method SSHRoots (line 1235) | func (c *Client) SSHRoots() (*api.SSHRootsResponse, error) { method SSHRootsWithContext (line 1241) | func (c *Client) SSHRootsWithContext(ctx context.Context) (*api.SSHRoo... method SSHFederation (line 1265) | func (c *Client) SSHFederation() (*api.SSHRootsResponse, error) { method SSHFederationWithContext (line 1271) | func (c *Client) SSHFederationWithContext(ctx context.Context) (*api.S... method SSHConfig (line 1295) | func (c *Client) SSHConfig(req *api.SSHConfigRequest) (*api.SSHConfigR... method SSHConfigWithContext (line 1301) | func (c *Client) SSHConfigWithContext(ctx context.Context, req *api.SS... method SSHCheckHost (line 1329) | func (c *Client) SSHCheckHost(principal, token string) (*api.SSHCheckP... method SSHCheckHostWithContext (line 1335) | func (c *Client) SSHCheckHostWithContext(ctx context.Context, principa... method SSHGetHosts (line 1368) | func (c *Client) SSHGetHosts() (*api.SSHGetHostsResponse, error) { method SSHGetHostsWithContext (line 1373) | func (c *Client) SSHGetHostsWithContext(ctx context.Context) (*api.SSH... method SSHBastion (line 1396) | func (c *Client) SSHBastion(req *api.SSHBastionRequest) (*api.SSHBasti... method SSHBastionWithContext (line 1401) | func (c *Client) SSHBastionWithContext(ctx context.Context, req *api.S... method RootFingerprint (line 1429) | func (c *Client) RootFingerprint() (string, error) { method RootFingerprintWithContext (line 1435) | func (c *Client) RootFingerprintWithContext(ctx context.Context) (stri... function NewClient (line 590) | func NewClient(endpoint string, opts ...ClientOption) (*Client, error) { function CreateSignRequest (line 1454) | func CreateSignRequest(ott string) (*api.SignRequest, crypto.PrivateKey,... function CreateCertificateRequest (line 1504) | func CreateCertificateRequest(commonName string, sans ...string) (*api.C... function CreateIdentityRequest (line 1514) | func CreateIdentityRequest(commonName string, sans ...string) (*api.Cert... function LoadDefaultIdentity (line 1528) | func LoadDefaultIdentity() (*identity.Identity, error) { function WriteDefaultIdentity (line 1533) | func WriteDefaultIdentity(certChain []api.Certificate, key crypto.Privat... function createCertificateRequest (line 1537) | func createCertificateRequest(commonName string, sans []string, key cryp... function getRootCAPath (line 1568) | func getRootCAPath() string { function readJSON (line 1572) | func readJSON(r io.ReadCloser, v interface{}) error { function readProtoJSON (line 1577) | func readProtoJSON(r io.ReadCloser, m proto.Message) error { function readError (line 1586) | func readError(r *http.Response) error { function clientError (line 1596) | func clientError(err error) error { function decorateRoundTripper (line 1605) | func decorateRoundTripper(tr http.RoundTripper, td TransportDecorator) h... FILE: ca/client/requestid.go type contextKey (line 5) | type contextKey struct function NewRequestIDContext (line 9) | func NewRequestIDContext(ctx context.Context, requestID string) context.... function RequestIDFromContext (line 15) | func RequestIDFromContext(ctx context.Context) (string, bool) { FILE: ca/client_test.go constant rootPEM (line 35) | rootPEM = `-----BEGIN CERTIFICATE----- constant certPEM (line 60) | certPEM = `-----BEGIN CERTIFICATE----- constant csrPEM (line 83) | csrPEM = `-----BEGIN CERTIFICATE REQUEST----- function mustKey (line 111) | func mustKey(t *testing.T) *ecdsa.PrivateKey { function parseCertificate (line 118) | func parseCertificate(t *testing.T, data string) *x509.Certificate { function parseCertificateRequest (line 130) | func parseCertificateRequest(t *testing.T, csrPEM string) *x509.Certific... function equalJSON (line 142) | func equalJSON(t *testing.T, a, b interface{}) bool { function TestClient_Version (line 157) | func TestClient_Version(t *testing.T) { function TestClient_Health (line 199) | func TestClient_Health(t *testing.T) { function TestClient_Root (line 240) | func TestClient_Root(t *testing.T) { function TestClient_Sign (line 288) | func TestClient_Sign(t *testing.T) { function TestClient_Revoke (line 360) | func TestClient_Revoke(t *testing.T) { function TestClient_Renew (line 422) | func TestClient_Renew(t *testing.T) { function TestClient_RenewWithToken (line 476) | func TestClient_RenewWithToken(t *testing.T) { function TestClient_Rekey (line 534) | func TestClient_Rekey(t *testing.T) { function TestClient_Provisioners (line 593) | func TestClient_Provisioners(t *testing.T) { function TestClient_ProvisionerKey (line 644) | func TestClient_ProvisionerKey(t *testing.T) { function TestClient_Roots (line 696) | func TestClient_Roots(t *testing.T) { function TestClient_Federation (line 746) | func TestClient_Federation(t *testing.T) { function TestClient_SSHRoots (line 795) | func TestClient_SSHRoots(t *testing.T) { function Test_parseEndpoint (line 846) | func Test_parseEndpoint(t *testing.T) { function TestClient_RootFingerprint (line 885) | func TestClient_RootFingerprint(t *testing.T) { function TestClient_RootFingerprintWithServer (line 932) | func TestClient_RootFingerprintWithServer(t *testing.T) { function TestClient_SSHBastion (line 944) | func TestClient_SSHBastion(t *testing.T) { function TestClient_GetCaURL (line 998) | func TestClient_GetCaURL(t *testing.T) { function TestClient_WithTimeout (line 1020) | func TestClient_WithTimeout(t *testing.T) { type decoratedRoundTripper (line 1048) | type decoratedRoundTripper method RoundTrip (line 1050) | func (rt decoratedRoundTripper) RoundTrip(req *http.Request) (*http.Re... function TestClient_WithTransportDecorator (line 1054) | func TestClient_WithTransportDecorator(t *testing.T) { function Test_enforceRequestID (line 1085) | func Test_enforceRequestID(t *testing.T) { function Test_newRequestID (line 1126) | func Test_newRequestID(t *testing.T) { FILE: ca/identity/client.go type Client (line 17) | type Client struct method ResolveReference (line 23) | func (c *Client) ResolveReference(ref *url.URL) *url.URL { function LoadClient (line 30) | func LoadClient() (*Client, error) { type defaultsConfig (line 88) | type defaultsConfig struct method Validate (line 93) | func (c *defaultsConfig) Validate() error { FILE: ca/identity/client_test.go function returnInput (line 17) | func returnInput(val string) func() string { function TestClient (line 23) | func TestClient(t *testing.T) { function TestClient_ResolveReference (line 86) | func TestClient_ResolveReference(t *testing.T) { function TestLoadClient (line 115) | func TestLoadClient(t *testing.T) { function Test_defaultsConfig_Validate (line 220) | func Test_defaultsConfig_Validate(t *testing.T) { function equalPools (line 248) | func equalPools(a, b *x509.CertPool) bool { FILE: ca/identity/identity.go type Type (line 26) | type Type constant Disabled (line 29) | Disabled Type = "" constant MutualTLS (line 32) | MutualTLS Type = "mTLS" constant TunnelTLS (line 39) | TunnelTLS Type = "tTLS" constant DefaultLeeway (line 42) | DefaultLeeway = 1 * time.Minute type Identity (line 59) | type Identity struct method Kind (line 167) | func (i *Identity) Kind() Type { method Validate (line 181) | func (i *Identity) Validate() error { method TLSCertificate (line 223) | func (i *Identity) TLSCertificate() (tls.Certificate, error) { method GetClientCertificateFunc (line 254) | func (i *Identity) GetClientCertificateFunc() func(*tls.CertificateReq... method GetCertPool (line 265) | func (i *Identity) GetCertPool() (*x509.CertPool, error) { method Renew (line 289) | func (i *Identity) Renew(client Renewer) error { function LoadIdentity (line 72) | func LoadIdentity(filename string) (*Identity, error) { function LoadDefaultIdentity (line 85) | func LoadDefaultIdentity() (*Identity, error) { function WriteDefaultIdentity (line 91) | func WriteDefaultIdentity(certChain []api.Certificate, key crypto.Privat... function WriteIdentityCertificate (line 141) | func WriteIdentityCertificate(certChain []api.Certificate) error { function writeCertificate (line 147) | func writeCertificate(filename string, certChain []api.Certificate) error { type Renewer (line 282) | type Renewer interface function fileExists (line 338) | func fileExists(filename string) error { FILE: ca/identity/identity_test.go function TestLoadDefaultIdentity (line 18) | func TestLoadDefaultIdentity(t *testing.T) { function TestIdentity_Kind (line 54) | func TestIdentity_Kind(t *testing.T) { function TestIdentity_Validate (line 80) | func TestIdentity_Validate(t *testing.T) { function TestIdentity_TLSCertificate (line 123) | func TestIdentity_TLSCertificate(t *testing.T) { function Test_fileExists (line 167) | func Test_fileExists(t *testing.T) { function TestWriteDefaultIdentity (line 189) | func TestWriteDefaultIdentity(t *testing.T) { function TestIdentity_GetClientCertificateFunc (line 266) | func TestIdentity_GetClientCertificateFunc(t *testing.T) { function TestIdentity_GetCertPool (line 311) | func TestIdentity_GetCertPool(t *testing.T) { type renewer (line 357) | type renewer struct method GetRootCAs (line 363) | func (r *renewer) GetRootCAs() *x509.CertPool { method Renew (line 367) | func (r *renewer) Renew(http.RoundTripper) (*api.SignResponse, error) { function TestIdentity_Renew (line 371) | func TestIdentity_Renew(t *testing.T) { FILE: ca/mutable_tls_config.go type mutableTLSConfig (line 12) | type mutableTLSConfig struct method Init (line 33) | func (c *mutableTLSConfig) Init(base *tls.Config) { method TLSConfig (line 41) | func (c *mutableTLSConfig) TLSConfig() (config *tls.Config) { method Reload (line 49) | func (c *mutableTLSConfig) Reload() { method AddImmutableClientCACert (line 80) | func (c *mutableTLSConfig) AddImmutableClientCACert(cert *x509.Certifi... method AddImmutableRootCACert (line 87) | func (c *mutableTLSConfig) AddImmutableRootCACert(cert *x509.Certifica... method AddClientCAs (line 94) | func (c *mutableTLSConfig) AddClientCAs(certs []api.Certificate) { method AddRootCAs (line 103) | func (c *mutableTLSConfig) AddRootCAs(certs []api.Certificate) { function newMutableTLSConfig (line 23) | func newMutableTLSConfig() *mutableTLSConfig { FILE: ca/provisioner.go constant tokenLifetime (line 18) | tokenLifetime = 5 * time.Minute type Provisioner (line 22) | type Provisioner struct method Name (line 74) | func (p *Provisioner) Name() string { method Kid (line 79) | func (p *Provisioner) Kid() string { method Fingerprint (line 84) | func (p *Provisioner) Fingerprint() string { method Audience (line 89) | func (p *Provisioner) Audience() string { method SSHAudience (line 94) | func (p *Provisioner) SSHAudience() string { method SetFingerprint (line 99) | func (p *Provisioner) SetFingerprint(sum string) { method SetAudience (line 104) | func (p *Provisioner) SetAudience(s string) { method SetSSHAudience (line 109) | func (p *Provisioner) SetSSHAudience(s string) { method Token (line 114) | func (p *Provisioner) Token(subject string, sans ...string) (string, e... method SSHToken (line 149) | func (p *Provisioner) SSHToken(certType, keyID string, principals []st... function NewProvisioner (line 37) | func NewProvisioner(name, kid, caURL string, password []byte, opts ...Cl... function decryptProvisionerJWK (line 182) | func decryptProvisionerJWK(encryptedKey string, password []byte) (*jose.... function loadProvisionerJWKByKid (line 200) | func loadProvisionerJWKByKid(client *Client, kid string, password []byte... function loadProvisionerJWKByName (line 212) | func loadProvisionerJWKByName(client *Client, name string, password []by... function getProvisioners (line 231) | func getProvisioners(client *Client) (provisioner.List, error) { function getProvisionerKey (line 248) | func getProvisionerKey(client *Client, kid string) (string, error) { FILE: ca/provisioner_test.go function getTestProvisioner (line 18) | func getTestProvisioner(t *testing.T, caURL string) *Provisioner { function mustParseSigned (line 46) | func mustParseSigned(t *testing.T, tok string, key, dest any) { function TestNewProvisioner (line 54) | func TestNewProvisioner(t *testing.T) { function TestProvisioner_Getters (line 106) | func TestProvisioner_Getters(t *testing.T) { function TestProvisioner_Setters (line 125) | func TestProvisioner_Setters(t *testing.T) { function TestProvisioner_Token (line 149) | func TestProvisioner_Token(t *testing.T) { function TestProvisioner_IPv6Token (line 245) | func TestProvisioner_IPv6Token(t *testing.T) { function TestProvisioner_SSHToken (line 341) | func TestProvisioner_SSHToken(t *testing.T) { FILE: ca/renew.go type RenewFunc (line 15) | type RenewFunc type TLSRenewer (line 20) | type TLSRenewer struct method Run (line 84) | func (r *TLSRenewer) Run() { method RunContext (line 93) | func (r *TLSRenewer) RunContext(ctx context.Context) { method Stop (line 102) | func (r *TLSRenewer) Stop() bool { method GetCertificate (line 112) | func (r *TLSRenewer) GetCertificate(*tls.ClientHelloInfo) (*tls.Certif... method GetCertificateForCA (line 121) | func (r *TLSRenewer) GetCertificateForCA(*tls.ClientHelloInfo) (*tls.C... method GetClientCertificate (line 128) | func (r *TLSRenewer) GetClientCertificate(*tls.CertificateRequestInfo)... method getCertificate (line 138) | func (r *TLSRenewer) getCertificate() *tls.Certificate { method getCertificateForCA (line 147) | func (r *TLSRenewer) getCertificateForCA() *tls.Certificate { method setCertificate (line 164) | func (r *TLSRenewer) setCertificate(cert *tls.Certificate) { method renewCertificate (line 171) | func (r *TLSRenewer) renewCertificate() { method nextRenewDuration (line 186) | func (r *TLSRenewer) nextRenewDuration(notAfter time.Time) time.Durati... type tlsRenewerOptions (line 30) | type tlsRenewerOptions function WithRenewBefore (line 33) | func WithRenewBefore(b time.Duration) func(r *TLSRenewer) error { function WithRenewJitter (line 41) | func WithRenewJitter(j time.Duration) func(r *TLSRenewer) error { function NewTLSRenewer (line 50) | func NewTLSRenewer(cert *tls.Certificate, fn RenewFunc, opts ...tlsRenew... function mathRandInt63n (line 197) | func mathRandInt63n(n int64) int64 { FILE: ca/signal.go type Stopper (line 12) | type Stopper interface type StopReloader (line 18) | type StopReloader interface function StopHandler (line 26) | func StopHandler(servers ...Stopper) { function StopReloaderHandler (line 49) | func StopReloaderHandler(servers ...StopReloader) { FILE: ca/tls.go function init (line 31) | func init() { method GetClientTLSConfig (line 105) | func (c *Client) GetClientTLSConfig(ctx context.Context, sign *api.SignR... method getClientTLSConfig (line 113) | func (c *Client) getClientTLSConfig(ctx context.Context, sign *api.SignR... method GetServerTLSConfig (line 154) | func (c *Client) GetServerTLSConfig(ctx context.Context, sign *api.SignR... method Transport (line 202) | func (c *Client) Transport(ctx context.Context, sign *api.SignResponse, ... method buildGetConfigForClient (line 216) | func (c *Client) buildGetConfigForClient(ctx *TLSOptionCtx) func(*tls.Cl... method buildDialTLSContext (line 223) | func (c *Client) buildDialTLSContext(tlsCtx *TLSOptionCtx) func(ctx cont... function Certificate (line 236) | func Certificate(sign *api.SignResponse) (*x509.Certificate, error) { function IntermediateCertificate (line 245) | func IntermediateCertificate(sign *api.SignResponse) (*x509.Certificate,... function RootCertificate (line 253) | func RootCertificate(sign *api.SignResponse) (*x509.Certificate, error) { function TLSCertificate (line 266) | func TLSCertificate(sign *api.SignResponse, pk crypto.PrivateKey) (*tls.... function getDefaultTLSConfig (line 294) | func getDefaultTLSConfig(sign *api.SignResponse) *tls.Config { function createDefaultDialer (line 304) | func createDefaultDialer() *net.Dialer { function getDefaultTransport (line 315) | func getDefaultTransport(tlsConfig *tls.Config) *http.Transport { function getPEM (line 345) | func getPEM(i interface{}) ([]byte, error) { function getRenewFunc (line 377) | func getRenewFunc(ctx *TLSOptionCtx, client *Client, tr http.RoundTrippe... FILE: ca/tls_options.go type TLSOption (line 11) | type TLSOption type TLSOptionCtx (line 14) | type TLSOptionCtx struct method apply (line 34) | func (ctx *TLSOptionCtx) apply(options []TLSOption) error { method applyRenew (line 81) | func (ctx *TLSOptionCtx) applyRenew() error { function newTLSOptionCtx (line 25) | func newTLSOptionCtx(c *Client, config *tls.Config, sign *api.SignRespon... function RequireAndVerifyClientCert (line 94) | func RequireAndVerifyClientCert() TLSOption { function VerifyClientCertIfGiven (line 103) | func VerifyClientCertIfGiven() TLSOption { function AddRootCA (line 113) | func AddRootCA(cert *x509.Certificate) TLSOption { function AddClientCA (line 128) | func AddClientCA(cert *x509.Certificate) TLSOption { function AddRootsToRootCAs (line 145) | func AddRootsToRootCAs() TLSOption { function AddRootsToClientCAs (line 168) | func AddRootsToClientCAs() TLSOption { function AddFederationToRootCAs (line 188) | func AddFederationToRootCAs() TLSOption { function AddFederationToClientCAs (line 207) | func AddFederationToClientCAs() TLSOption { function AddRootsToCAs (line 225) | func AddRootsToCAs() TLSOption { function AddFederationToCAs (line 246) | func AddFederationToCAs() TLSOption { FILE: ca/tls_options_test.go function Test_newTLSOptionCtx (line 19) | func Test_newTLSOptionCtx(t *testing.T) { function TestTLSOptionCtx_apply (line 47) | func TestTLSOptionCtx_apply(t *testing.T) { function TestRequireAndVerifyClientCert (line 84) | func TestRequireAndVerifyClientCert(t *testing.T) { function TestVerifyClientCertIfGiven (line 109) | func TestVerifyClientCertIfGiven(t *testing.T) { function TestAddRootCA (line 134) | func TestAddRootCA(t *testing.T) { function TestAddClientCA (line 167) | func TestAddClientCA(t *testing.T) { function TestAddRootsToRootCAs (line 200) | func TestAddRootsToRootCAs(t *testing.T) { function TestAddRootsToClientCAs (line 249) | func TestAddRootsToClientCAs(t *testing.T) { function TestAddFederationToRootCAs (line 298) | func TestAddFederationToRootCAs(t *testing.T) { function TestAddFederationToClientCAs (line 355) | func TestAddFederationToClientCAs(t *testing.T) { function TestAddRootsToCAs (line 412) | func TestAddRootsToCAs(t *testing.T) { function TestAddFederationToCAs (line 461) | func TestAddFederationToCAs(t *testing.T) { function equalPools (line 518) | func equalPools(a, b *x509.CertPool) bool { FILE: ca/tls_test.go function generateOTT (line 29) | func generateOTT(t *testing.T, subject string) string { function startTestServer (line 62) | func startTestServer(baseContext context.Context, tlsConfig *tls.Config,... function startCATestServer (line 75) | func startCATestServer(t *testing.T) *httptest.Server { function sign (line 86) | func sign(t *testing.T, domain string) (*Client, *api.SignResponse, cryp... function signDuration (line 93) | func signDuration(t *testing.T, srv *httptest.Server, domain string, dur... function serverHandler (line 112) | func serverHandler(t *testing.T, clientDomain string) http.Handler { function TestClient_GetServerTLSConfig_http (line 140) | func TestClient_GetServerTLSConfig_http(t *testing.T) { function TestClient_GetServerTLSConfig_renew (line 238) | func TestClient_GetServerTLSConfig_renew(t *testing.T) { function TestCertificate (line 394) | func TestCertificate(t *testing.T) { function TestIntermediateCertificate (line 427) | func TestIntermediateCertificate(t *testing.T) { function TestRootCertificateCertificate (line 460) | func TestRootCertificateCertificate(t *testing.T) { FILE: cas/apiv1/extension.go type CertificateAuthorityExtension (line 18) | type CertificateAuthorityExtension struct function CreateCertificateAuthorityExtension (line 26) | func CreateCertificateAuthorityExtension(typ Type, certificateID string,... function FindCertificateAuthorityExtension (line 44) | func FindCertificateAuthorityExtension(cert *x509.Certificate) (pkix.Ext... function RemoveCertificateAuthorityExtension (line 55) | func RemoveCertificateAuthorityExtension(cert *x509.Certificate) { FILE: cas/apiv1/extension_test.go function TestCreateCertificateAuthorityExtension (line 10) | func TestCreateCertificateAuthorityExtension(t *testing.T) { function TestFindCertificateAuthorityExtension (line 57) | func TestFindCertificateAuthorityExtension(t *testing.T) { function TestRemoveCertificateAuthorityExtension (line 101) | func TestRemoveCertificateAuthorityExtension(t *testing.T) { FILE: cas/apiv1/options.go type Options (line 15) | type Options struct method Validate (line 95) | func (o *Options) Validate() error { method Is (line 110) | func (o *Options) Is(t Type) bool { type CertificateIssuer (line 86) | type CertificateIssuer struct FILE: cas/apiv1/options_test.go type testCAS (line 11) | type testCAS struct method CreateCertificate (line 15) | func (t *testCAS) CreateCertificate(*CreateCertificateRequest) (*Creat... method RenewCertificate (line 19) | func (t *testCAS) RenewCertificate(*RenewCertificateRequest) (*RenewCe... method RevokeCertificate (line 23) | func (t *testCAS) RevokeCertificate(*RevokeCertificateRequest) (*Revok... function mockRegister (line 28) | func mockRegister(t *testing.T) { function TestOptions_Validate (line 41) | func TestOptions_Validate(t *testing.T) { function TestOptions_Is (line 84) | func TestOptions_Is(t *testing.T) { FILE: cas/apiv1/registry.go type CertificateAuthorityServiceNewFunc (line 14) | type CertificateAuthorityServiceNewFunc function Register (line 17) | func Register(t Type, fn CertificateAuthorityServiceNewFunc) { function LoadCertificateAuthorityServiceNewFunc (line 22) | func LoadCertificateAuthorityServiceNewFunc(t Type) (CertificateAuthorit... FILE: cas/apiv1/registry_test.go function TestRegister (line 11) | func TestRegister(t *testing.T) { function TestLoadCertificateAuthorityServiceNewFunc (line 53) | func TestLoadCertificateAuthorityServiceNewFunc(t *testing.T) { FILE: cas/apiv1/requests.go type CertificateAuthorityType (line 13) | type CertificateAuthorityType constant RootCA (line 18) | RootCA CertificateAuthorityType = iota + 1 constant IntermediateCA (line 22) | IntermediateCA type SignatureAlgorithm (line 26) | type SignatureAlgorithm constant UnspecifiedSignAlgorithm (line 30) | UnspecifiedSignAlgorithm SignatureAlgorithm = iota constant SHA256WithRSA (line 32) | SHA256WithRSA constant SHA384WithRSA (line 34) | SHA384WithRSA constant SHA512WithRSA (line 36) | SHA512WithRSA constant SHA256WithRSAPSS (line 38) | SHA256WithRSAPSS constant SHA384WithRSAPSS (line 40) | SHA384WithRSAPSS constant SHA512WithRSAPSS (line 42) | SHA512WithRSAPSS constant ECDSAWithSHA256 (line 44) | ECDSAWithSHA256 constant ECDSAWithSHA384 (line 46) | ECDSAWithSHA384 constant ECDSAWithSHA512 (line 48) | ECDSAWithSHA512 constant PureEd25519 (line 50) | PureEd25519 type CreateCertificateRequest (line 54) | type CreateCertificateRequest struct type ProvisionerInfo (line 66) | type ProvisionerInfo struct type CreateCertificateResponse (line 73) | type CreateCertificateResponse struct type RenewCertificateRequest (line 79) | type RenewCertificateRequest struct type RenewCertificateResponse (line 89) | type RenewCertificateResponse struct type RevokeCertificateRequest (line 95) | type RevokeCertificateRequest struct type RevokeCertificateResponse (line 105) | type RevokeCertificateResponse struct type GetCertificateAuthorityRequest (line 112) | type GetCertificateAuthorityRequest struct type GetCertificateAuthorityResponse (line 118) | type GetCertificateAuthorityResponse struct type CreateCertificateAuthorityRequest (line 128) | type CreateCertificateAuthorityRequest struct type CreateCertificateAuthorityResponse (line 150) | type CreateCertificateAuthorityResponse struct type CreateCRLRequest (line 161) | type CreateCRLRequest struct type CreateCRLResponse (line 166) | type CreateCRLResponse struct FILE: cas/apiv1/services.go type CertificateAuthorityService (line 12) | type CertificateAuthorityService interface type CertificateAuthorityCRLGenerator (line 20) | type CertificateAuthorityCRLGenerator interface type CertificateAuthorityGetter (line 26) | type CertificateAuthorityGetter interface type CertificateAuthorityCreator (line 33) | type CertificateAuthorityCreator interface type CertificateAuthoritySigner (line 40) | type CertificateAuthoritySigner interface type SignatureAlgorithmGetter (line 46) | type SignatureAlgorithmGetter interface type Type (line 51) | type Type method String (line 71) | func (t Type) String() string { constant DefaultCAS (line 55) | DefaultCAS = "" constant SoftCAS (line 57) | SoftCAS = "softcas" constant CloudCAS (line 59) | CloudCAS = "cloudcas" constant StepCAS (line 61) | StepCAS = "stepcas" constant VaultCAS (line 63) | VaultCAS = "vaultcas" constant ExternalCAS (line 65) | ExternalCAS = "externalcas" function TypeOf (line 79) | func TypeOf(c CertificateAuthorityService) Type { type NotImplementedError (line 87) | type NotImplementedError struct method Error (line 92) | func (e NotImplementedError) Error() string { method StatusCode (line 101) | func (e NotImplementedError) StatusCode() int { type ValidationError (line 107) | type ValidationError struct method Error (line 112) | func (e ValidationError) Error() string { method StatusCode (line 121) | func (e ValidationError) StatusCode() int { FILE: cas/apiv1/services_test.go type simpleCAS (line 7) | type simpleCAS struct method CreateCertificate (line 9) | func (*simpleCAS) CreateCertificate(req *CreateCertificateRequest) (*C... method RenewCertificate (line 12) | func (*simpleCAS) RenewCertificate(req *RenewCertificateRequest) (*Ren... method RevokeCertificate (line 15) | func (*simpleCAS) RevokeCertificate(req *RevokeCertificateRequest) (*R... type fakeCAS (line 19) | type fakeCAS struct method Type (line 23) | func (*fakeCAS) Type() Type { return SoftCAS } function TestType_String (line 25) | func TestType_String(t *testing.T) { function TestTypeOf (line 46) | func TestTypeOf(t *testing.T) { function TestNotImplementedError_Error (line 67) | func TestNotImplementedError_Error(t *testing.T) { function TestNotImplementedError_StatusCode (line 91) | func TestNotImplementedError_StatusCode(t *testing.T) { function TestValidationError_Error (line 115) | func TestValidationError_Error(t *testing.T) { function TestValidationError_StatusCode (line 139) | func TestValidationError_StatusCode(t *testing.T) { FILE: cas/cas.go function New (line 21) | func New(ctx context.Context, opts apiv1.Options) (CertificateAuthorityS... function NewCreator (line 39) | func NewCreator(ctx context.Context, opts apiv1.Options) (CertificateAut... FILE: cas/cas_test.go type mockCAS (line 19) | type mockCAS struct method CreateCertificate (line 21) | func (m *mockCAS) CreateCertificate(*apiv1.CreateCertificateRequest) (... method RenewCertificate (line 25) | func (m *mockCAS) RenewCertificate(*apiv1.RenewCertificateRequest) (*a... method RevokeCertificate (line 29) | func (m *mockCAS) RevokeCertificate(*apiv1.RevokeCertificateRequest) (... function TestNew (line 33) | func TestNew(t *testing.T) { function TestNewCreator (line 85) | func TestNewCreator(t *testing.T) { FILE: cas/cloudcas/certificate.go constant nameTypeEmail (line 57) | nameTypeEmail = 1 constant nameTypeDNS (line 58) | nameTypeDNS = 2 constant nameTypeURI (line 59) | nameTypeURI = 6 constant nameTypeIP (line 60) | nameTypeIP = 7 function createCertificateConfig (line 63) | func createCertificateConfig(tpl *x509.Certificate) (*pb.Certificate_Con... function createPublicKey (line 82) | func createPublicKey(key crypto.PublicKey) (*pb.PublicKey, error) { function createSubject (line 109) | func createSubject(cert *x509.Certificate) *pb.Subject { function createSubjectAlternativeNames (line 138) | func createSubjectAlternativeNames(cert *x509.Certificate) *pb.SubjectAl... function createX509Parameters (line 202) | func createX509Parameters(cert *x509.Certificate) *pb.X509Parameters { function isExtraExtension (line 298) | func isExtraExtension(oid asn1.ObjectIdentifier) bool { function createObjectID (line 307) | func createObjectID(oid asn1.ObjectIdentifier) *pb.ObjectId { function findExtraExtension (line 317) | func findExtraExtension(cert *x509.Certificate, oid asn1.ObjectIdentifie... function createKeyVersionSpec (line 326) | func createKeyVersionSpec(alg kmsapi.SignatureAlgorithm, bits int) (*pb.... function getRSAPKCS1Algorithm (line 365) | func getRSAPKCS1Algorithm(bits int) (pb.CertificateAuthority_SignHashAlg... function getRSAPSSAlgorithm (line 378) | func getRSAPSSAlgorithm(bits int) (pb.CertificateAuthority_SignHashAlgor... FILE: cas/cloudcas/certificate_test.go function Test_createCertificateConfig (line 55) | func Test_createCertificateConfig(t *testing.T) { function Test_createPublicKey (line 109) | func Test_createPublicKey(t *testing.T) { function Test_createSubject (line 160) | func Test_createSubject(t *testing.T) { function Test_createSubjectAlternativeNames (line 202) | func Test_createSubjectAlternativeNames(t *testing.T) { function Test_createX509Parameters (line 295) | func Test_createX509Parameters(t *testing.T) { function Test_isExtraExtension (line 520) | func Test_isExtraExtension(t *testing.T) { function Test_createKeyVersionSpec (line 549) | func Test_createKeyVersionSpec(t *testing.T) { FILE: cas/cloudcas/cloudcas.go function init (line 28) | func init() { type CertificateAuthorityClient (line 45) | type CertificateAuthorityClient interface type CloudCAS (line 80) | type CloudCAS struct method Type (line 160) | func (c *CloudCAS) Type() apiv1.Type { method GetCertificateAuthority (line 167) | func (c *CloudCAS) GetCertificateAuthority(req *apiv1.GetCertificateAu... method CreateCertificate (line 209) | func (c *CloudCAS) CreateCertificate(req *apiv1.CreateCertificateReque... method RenewCertificate (line 231) | func (c *CloudCAS) RenewCertificate(req *apiv1.RenewCertificateRequest... method RevokeCertificate (line 251) | func (c *CloudCAS) RevokeCertificate(req *apiv1.RevokeCertificateReque... method CreateCertificateAuthority (line 295) | func (c *CloudCAS) CreateCertificateAuthority(req *apiv1.CreateCertifi... method createCaPoolIfNecessary (line 440) | func (c *CloudCAS) createCaPoolIfNecessary() (string, error) { method enableCertificateAuthority (line 491) | func (c *CloudCAS) enableCertificateAuthority(ca *pb.CertificateAuthor... method createCertificate (line 517) | func (c *CloudCAS) createCertificate(tpl *x509.Certificate, lifetime t... method signIntermediateCA (line 560) | func (c *CloudCAS) signIntermediateCA(parent, name string, req *apiv1.... function New (line 106) | func New(ctx context.Context, opts apiv1.Options) (*CloudCAS, error) { function defaultContext (line 665) | func defaultContext() (context.Context, context.CancelFunc) { function defaultInitiatorContext (line 669) | func defaultInitiatorContext() (context.Context, context.CancelFunc) { function createCertificateID (line 673) | func createCertificateID() (string, error) { function parseCertificate (line 681) | func parseCertificate(pemCert string) (*x509.Certificate, error) { function parseCertificateRequest (line 693) | func parseCertificateRequest(pemCsr string) (*x509.CertificateRequest, e... function encodeCertificate (line 705) | func encodeCertificate(cert *x509.Certificate) string { function getCertificateAndChain (line 712) | func getCertificateAndChain(certpb *pb.Certificate) (*x509.Certificate, ... function getResourceName (line 731) | func getResourceName(name string) string { function normalizeCertificateAuthorityName (line 737) | func normalizeCertificateAuthorityName(name string) string { FILE: cas/cloudcas/cloudcas_test.go type testClient (line 120) | type testClient struct method CreateCertificate (line 245) | func (c *testClient) CreateCertificate(context.Context, *pb.CreateCert... method RevokeCertificate (line 249) | func (c *testClient) RevokeCertificate(context.Context, *pb.RevokeCert... method GetCertificateAuthority (line 253) | func (c *testClient) GetCertificateAuthority(context.Context, *pb.GetC... method CreateCertificateAuthority (line 257) | func (c *testClient) CreateCertificateAuthority(context.Context, *pb.C... method FetchCertificateAuthorityCsr (line 261) | func (c *testClient) FetchCertificateAuthorityCsr(context.Context, *pb... method ActivateCertificateAuthority (line 265) | func (c *testClient) ActivateCertificateAuthority(context.Context, *pb... method EnableCertificateAuthority (line 269) | func (c *testClient) EnableCertificateAuthority(context.Context, *pb.E... method GetCaPool (line 273) | func (c *testClient) GetCaPool(context.Context, *pb.GetCaPoolRequest, ... method CreateCaPool (line 277) | func (c *testClient) CreateCaPool(context.Context, *pb.CreateCaPoolReq... function newTestClient (line 127) | func newTestClient(credentialsFile string) (CertificateAuthorityClient, ... function okTestClient (line 136) | func okTestClient() *testClient { function okTestClientRootOnly (line 150) | func okTestClientRootOnly() *testClient { function okTestClientWithMultipleIntermediates (line 164) | func okTestClientWithMultipleIntermediates() *testClient { function failTestClient (line 178) | func failTestClient() *testClient { function badRootTestClient (line 185) | func badRootTestClient() *testClient { function badIntermediateTestClient (line 199) | func badIntermediateTestClient() *testClient { function setTeeReader (line 213) | func setTeeReader(t *testing.T, w *bytes.Buffer) { type badSigner (line 222) | type badSigner struct method Public (line 237) | func (b *badSigner) Public() crypto.PublicKey { method Sign (line 241) | func (b *badSigner) Sign(io.Reader, []byte, crypto.SignerOpts) ([]byte... function createBadSigner (line 226) | func createBadSigner(t *testing.T) *badSigner { function mustParseCertificate (line 281) | func mustParseCertificate(t *testing.T, pemCert string) *x509.Certificate { function mustParseECKey (line 290) | func mustParseECKey(t *testing.T, pemKey string) *ecdsa.PrivateKey { function TestNew (line 304) | func TestNew(t *testing.T) { function TestNew_register (line 411) | func TestNew_register(t *testing.T) { function TestNew_real (line 446) | func TestNew_real(t *testing.T) { function TestCloudCAS_Type (line 491) | func TestCloudCAS_Type(t *testing.T) { function TestCloudCAS_GetCertificateAuthority (line 508) | func TestCloudCAS_GetCertificateAuthority(t *testing.T) { function TestCloudCAS_CreateCertificate (line 566) | func TestCloudCAS_CreateCertificate(t *testing.T) { function TestCloudCAS_createCertificate (line 621) | func TestCloudCAS_createCertificate(t *testing.T) { function TestCloudCAS_RenewCertificate (line 682) | func TestCloudCAS_RenewCertificate(t *testing.T) { function TestCloudCAS_RevokeCertificate (line 737) | func TestCloudCAS_RevokeCertificate(t *testing.T) { function Test_createCertificateID (line 816) | func Test_createCertificateID(t *testing.T) { function Test_parseCertificate (line 847) | func Test_parseCertificate(t *testing.T) { function Test_getCertificateAndChain (line 876) | func Test_getCertificateAndChain(t *testing.T) { function TestCloudCAS_CreateCertificateAuthority (line 920) | func TestCloudCAS_CreateCertificateAuthority(t *testing.T) { function Test_normalizeCertificateAuthorityName (line 1571) | func Test_normalizeCertificateAuthorityName(t *testing.T) { FILE: cas/cloudcas/mock_client_test.go type MockCertificateAuthorityClient (line 23) | type MockCertificateAuthorityClient struct method EXPECT (line 42) | func (m *MockCertificateAuthorityClient) EXPECT() *MockCertificateAuth... method ActivateCertificateAuthority (line 47) | func (m *MockCertificateAuthorityClient) ActivateCertificateAuthority(... method CreateCaPool (line 67) | func (m *MockCertificateAuthorityClient) CreateCaPool(ctx context.Cont... method CreateCertificate (line 87) | func (m *MockCertificateAuthorityClient) CreateCertificate(ctx context... method CreateCertificateAuthority (line 107) | func (m *MockCertificateAuthorityClient) CreateCertificateAuthority(ct... method EnableCertificateAuthority (line 127) | func (m *MockCertificateAuthorityClient) EnableCertificateAuthority(ct... method FetchCertificateAuthorityCsr (line 147) | func (m *MockCertificateAuthorityClient) FetchCertificateAuthorityCsr(... method GetCaPool (line 167) | func (m *MockCertificateAuthorityClient) GetCaPool(ctx context.Context... method GetCertificateAuthority (line 187) | func (m *MockCertificateAuthorityClient) GetCertificateAuthority(ctx c... method RevokeCertificate (line 207) | func (m *MockCertificateAuthorityClient) RevokeCertificate(ctx context... type MockCertificateAuthorityClientMockRecorder (line 30) | type MockCertificateAuthorityClientMockRecorder struct method ActivateCertificateAuthority (line 60) | func (mr *MockCertificateAuthorityClientMockRecorder) ActivateCertific... method CreateCaPool (line 80) | func (mr *MockCertificateAuthorityClientMockRecorder) CreateCaPool(ctx... method CreateCertificate (line 100) | func (mr *MockCertificateAuthorityClientMockRecorder) CreateCertificat... method CreateCertificateAuthority (line 120) | func (mr *MockCertificateAuthorityClientMockRecorder) CreateCertificat... method EnableCertificateAuthority (line 140) | func (mr *MockCertificateAuthorityClientMockRecorder) EnableCertificat... method FetchCertificateAuthorityCsr (line 160) | func (mr *MockCertificateAuthorityClientMockRecorder) FetchCertificate... method GetCaPool (line 180) | func (mr *MockCertificateAuthorityClientMockRecorder) GetCaPool(ctx, r... method GetCertificateAuthority (line 200) | func (mr *MockCertificateAuthorityClientMockRecorder) GetCertificateAu... method RevokeCertificate (line 220) | func (mr *MockCertificateAuthorityClientMockRecorder) RevokeCertificat... function NewMockCertificateAuthorityClient (line 35) | func NewMockCertificateAuthorityClient(ctrl *gomock.Controller) *MockCer... FILE: cas/cloudcas/mock_operation_server_test.go type MockOperationsServer (line 22) | type MockOperationsServer struct method EXPECT (line 41) | func (m *MockOperationsServer) EXPECT() *MockOperationsServerMockRecor... method CancelOperation (line 46) | func (m *MockOperationsServer) CancelOperation(arg0 context.Context, a... method DeleteOperation (line 61) | func (m *MockOperationsServer) DeleteOperation(arg0 context.Context, a... method GetOperation (line 76) | func (m *MockOperationsServer) GetOperation(arg0 context.Context, arg1... method ListOperations (line 91) | func (m *MockOperationsServer) ListOperations(arg0 context.Context, ar... method WaitOperation (line 106) | func (m *MockOperationsServer) WaitOperation(arg0 context.Context, arg... type MockOperationsServerMockRecorder (line 29) | type MockOperationsServerMockRecorder struct method CancelOperation (line 55) | func (mr *MockOperationsServerMockRecorder) CancelOperation(arg0, arg1... method DeleteOperation (line 70) | func (mr *MockOperationsServerMockRecorder) DeleteOperation(arg0, arg1... method GetOperation (line 85) | func (mr *MockOperationsServerMockRecorder) GetOperation(arg0, arg1 an... method ListOperations (line 100) | func (mr *MockOperationsServerMockRecorder) ListOperations(arg0, arg1 ... method WaitOperation (line 115) | func (mr *MockOperationsServerMockRecorder) WaitOperation(arg0, arg1 a... function NewMockOperationsServer (line 34) | func NewMockOperationsServer(ctrl *gomock.Controller) *MockOperationsSer... FILE: cas/softcas/softcas.go function init (line 20) | func init() { type SoftCAS (line 30) | type SoftCAS struct method Type (line 57) | func (c *SoftCAS) Type() apiv1.Type { method GetSigner (line 63) | func (c *SoftCAS) GetSigner() (crypto.Signer, error) { method CreateCertificate (line 69) | func (c *SoftCAS) CreateCertificate(req *apiv1.CreateCertificateReques... method RenewCertificate (line 105) | func (c *SoftCAS) RenewCertificate(req *apiv1.RenewCertificateRequest)... method RevokeCertificate (line 137) | func (c *SoftCAS) RevokeCertificate(req *apiv1.RevokeCertificateReques... method CreateCRL (line 149) | func (c *SoftCAS) CreateCRL(req *apiv1.CreateCRLRequest) (*apiv1.Creat... method CreateCertificateAuthority (line 163) | func (c *SoftCAS) CreateCertificateAuthority(req *apiv1.CreateCertific... method initializeKeyManager (line 230) | func (c *SoftCAS) initializeKeyManager() (err error) { method getCertSigner (line 240) | func (c *SoftCAS) getCertSigner() ([]*x509.Certificate, crypto.Signer,... method createKey (line 248) | func (c *SoftCAS) createKey(req *kmsapi.CreateKeyRequest) (*kmsapi.Cre... method createSigner (line 261) | func (c *SoftCAS) createSigner(req *kmsapi.CreateSignerRequest) (crypt... function New (line 39) | func New(_ context.Context, opts apiv1.Options) (*SoftCAS, error) { function createCertificate (line 270) | func createCertificate(template, parent *x509.Certificate, pub crypto.Pu... function isRSA (line 287) | func isRSA(sa x509.SignatureAlgorithm) bool { FILE: cas/softcas/softcas_test.go type signatureAlgorithmSigner (line 90) | type signatureAlgorithmSigner struct method SignatureAlgorithm (line 95) | func (s *signatureAlgorithmSigner) SignatureAlgorithm() x509.Signature... type mockKeyManager (line 99) | type mockKeyManager struct method GetPublicKey (line 107) | func (m *mockKeyManager) GetPublicKey(*kmsapi.GetPublicKeyRequest) (cr... method CreateKey (line 115) | func (m *mockKeyManager) CreateKey(req *kmsapi.CreateKeyRequest) (*kms... method CreateSigner (line 127) | func (m *mockKeyManager) CreateSigner(*kmsapi.CreateSignerRequest) (cr... method CreateDecrypter (line 135) | func (m *mockKeyManager) CreateDecrypter(*kmsapi.CreateDecrypterReques... method Close (line 139) | func (m *mockKeyManager) Close() error { type badSigner (line 143) | type badSigner struct method Public (line 145) | func (b *badSigner) Public() crypto.PublicKey { method Sign (line 149) | func (b *badSigner) Sign(_ io.Reader, _ []byte, _ crypto.SignerOpts) (... function mockNow (line 154) | func mockNow(t *testing.T) { function mustIssuer (line 164) | func mustIssuer() *x509.Certificate { function mustSigner (line 172) | func mustSigner() crypto.Signer { function mustSign (line 180) | func mustSign(template, parent *x509.Certificate, notBefore, notAfter ti... function setTeeReader (line 192) | func setTeeReader(t *testing.T, w *bytes.Buffer) { function TestNew (line 201) | func TestNew(t *testing.T) { function TestNew_register (line 235) | func TestNew_register(t *testing.T) { function TestSoftCAS_Type (line 258) | func TestSoftCAS_Type(t *testing.T) { function TestSoftCAS_GetSigner (line 275) | func TestSoftCAS_GetSigner(t *testing.T) { function TestSoftCAS_CreateCertificate (line 314) | func TestSoftCAS_CreateCertificate(t *testing.T) { function TestSoftCAS_CreateCertificate_pss (line 413) | func TestSoftCAS_CreateCertificate_pss(t *testing.T) { function TestSoftCAS_CreateCertificate_ec_rsa (line 474) | func TestSoftCAS_CreateCertificate_ec_rsa(t *testing.T) { function TestSoftCAS_RenewCertificate (line 563) | func TestSoftCAS_RenewCertificate(t *testing.T) { function TestSoftCAS_RevokeCertificate (line 641) | func TestSoftCAS_RevokeCertificate(t *testing.T) { function Test_now (line 709) | func Test_now(t *testing.T) { function TestSoftCAS_CreateCertificateAuthority (line 717) | func TestSoftCAS_CreateCertificateAuthority(t *testing.T) { function TestSoftCAS_defaultKeyManager (line 871) | func TestSoftCAS_defaultKeyManager(t *testing.T) { function Test_isRSA (line 924) | func Test_isRSA(t *testing.T) { FILE: cas/stepcas/issuer.go function newServerEndpointID (line 22) | func newServerEndpointID(data string) uuid.UUID { type raInfo (line 26) | type raInfo struct type stepIssuer (line 34) | type stepIssuer interface function newStepIssuer (line 41) | func newStepIssuer(ctx context.Context, caURL *url.URL, client *ca.Clien... function validateCertificateIssuer (line 58) | func validateCertificateIssuer(iss *apiv1.CertificateIssuer) error { function validateX5CIssuer (line 77) | func validateX5CIssuer(iss *apiv1.CertificateIssuer) error { function validateJWKIssuer (line 93) | func validateJWKIssuer(iss *apiv1.CertificateIssuer) error { FILE: cas/stepcas/issuer_test.go type mockErrIssuer (line 16) | type mockErrIssuer struct method SignToken (line 18) | func (m mockErrIssuer) SignToken(string, []string, *raInfo) (string, e... method RevokeToken (line 22) | func (m mockErrIssuer) RevokeToken(string) (string, error) { method Lifetime (line 26) | func (m mockErrIssuer) Lifetime(d time.Duration) time.Duration { type mockErrSigner (line 30) | type mockErrSigner struct method Sign (line 32) | func (s *mockErrSigner) Sign([]byte) (*jose.JSONWebSignature, error) { method Options (line 36) | func (s *mockErrSigner) Options() jose.SignerOptions { function Test_newServerEndpointID (line 40) | func Test_newServerEndpointID(t *testing.T) { function Test_newStepIssuer (line 76) | func Test_newStepIssuer(t *testing.T) { FILE: cas/stepcas/jwk_issuer.go type jwkIssuer (line 21) | type jwkIssuer struct method SignToken (line 59) | func (i *jwkIssuer) SignToken(subject string, sans []string, info *raI... method RevokeToken (line 66) | func (i *jwkIssuer) RevokeToken(subject string) (string, error) { method Lifetime (line 73) | func (i *jwkIssuer) Lifetime(d time.Duration) time.Duration { method createToken (line 77) | func (i *jwkIssuer) createToken(aud, sub string, sans []string, info *... function newJWKIssuer (line 27) | func newJWKIssuer(ctx context.Context, caURL *url.URL, client *ca.Client... function newJWKSigner (line 106) | func newJWKSigner(keyFile, password string) (jose.Signer, error) { function newJWKSignerFromEncryptedKey (line 121) | func newJWKSignerFromEncryptedKey(kid, key, password string) (jose.Signe... function findProvisioner (line 150) | func findProvisioner(ctx context.Context, client *ca.Client, typ provisi... FILE: cas/stepcas/jwk_issuer_test.go function Test_jwkIssuer_SignToken (line 12) | func Test_jwkIssuer_SignToken(t *testing.T) { function Test_jwkIssuer_RevokeToken (line 94) | func Test_jwkIssuer_RevokeToken(t *testing.T) { function Test_jwkIssuer_Lifetime (line 159) | func Test_jwkIssuer_Lifetime(t *testing.T) { function Test_newJWKSignerFromEncryptedKey (line 199) | func Test_newJWKSignerFromEncryptedKey(t *testing.T) { FILE: cas/stepcas/stepcas.go function init (line 15) | func init() { type StepCAS (line 23) | type StepCAS struct method Type (line 69) | func (s *StepCAS) Type() apiv1.Type { method CreateCertificate (line 75) | func (s *StepCAS) CreateCertificate(req *apiv1.CreateCertificateReques... method RenewCertificate (line 110) | func (s *StepCAS) RenewCertificate(req *apiv1.RenewCertificateRequest)... method RevokeCertificate (line 133) | func (s *StepCAS) RevokeCertificate(req *apiv1.RevokeCertificateReques... method GetCertificateAuthority (line 167) | func (s *StepCAS) GetCertificateAuthority(*apiv1.GetCertificateAuthori... method createCertificate (line 177) | func (s *StepCAS) createCertificate(cr *x509.CertificateRequest, templ... method lifetime (line 216) | func (s *StepCAS) lifetime(d time.Duration) api.TimeDuration { function New (line 32) | func New(ctx context.Context, opts apiv1.Options) (*StepCAS, error) { FILE: cas/stepcas/stepcas_test.go function mustSignCertificate (line 55) | func mustSignCertificate(subject string, sans []string, template string,... function mustSerializeCrt (line 84) | func mustSerializeCrt(filename string, certs ...*x509.Certificate) { function mustSerializeKey (line 99) | func mustSerializeKey(filename string, key crypto.Signer) { function mustEncryptKey (line 113) | func mustEncryptKey(filename string, key crypto.Signer) { function testCAHelper (line 123) | func testCAHelper(t *testing.T) (*url.URL, *ca.Client) { function testX5CIssuer (line 217) | func testX5CIssuer(t *testing.T, caURL *url.URL, password string) *x5cIs... function testJWKIssuer (line 238) | func testJWKIssuer(t *testing.T, caURL *url.URL, password string) *jwkIs... function TestMain (line 262) | func TestMain(m *testing.M) { function Test_init (line 334) | func Test_init(t *testing.T) { function TestNew (line 354) | func TestNew(t *testing.T) { function TestStepCAS_Type (line 627) | func TestStepCAS_Type(t *testing.T) { function TestStepCAS_CreateCertificate (line 644) | func TestStepCAS_CreateCertificate(t *testing.T) { function TestStepCAS_RenewCertificate (line 783) | func TestStepCAS_RenewCertificate(t *testing.T) { function TestStepCAS_RevokeCertificate (line 851) | func TestStepCAS_RevokeCertificate(t *testing.T) { function TestStepCAS_GetCertificateAuthority (line 948) | func TestStepCAS_GetCertificateAuthority(t *testing.T) { FILE: cas/stepcas/x5c_issuer.go constant defaultValidity (line 18) | defaultValidity = 5 * time.Minute type x5cIssuer (line 24) | type x5cIssuer struct method SignToken (line 49) | func (i *x5cIssuer) SignToken(subject string, sans []string, info *raI... method RevokeToken (line 58) | func (i *x5cIssuer) RevokeToken(subject string) (string, error) { method Lifetime (line 67) | func (i *x5cIssuer) Lifetime(d time.Duration) time.Duration { method createToken (line 79) | func (i *x5cIssuer) createToken(aud, sub string, sans []string, info *... function newX5CIssuer (line 34) | func newX5CIssuer(caURL *url.URL, cfg *apiv1.CertificateIssuer) (*x5cIss... function defaultClaims (line 113) | func defaultClaims(iss, sub, aud, id string) jose.Claims { function readKey (line 126) | func readKey(keyFile, password string) (crypto.Signer, error) { function newX5CSigner (line 142) | func newX5CSigner(certFile, keyFile, password string) (jose.Signer, erro... function newJoseSigner (line 167) | func newJoseSigner(key crypto.Signer, so *jose.SignerOptions) (jose.Sign... FILE: cas/stepcas/x5c_issuer_test.go type noneSigner (line 19) | type noneSigner method Public (line 21) | func (b noneSigner) Public() crypto.PublicKey { method Sign (line 25) | func (b noneSigner) Sign(_ io.Reader, digest []byte, _ crypto.SignerOp... function fakeTime (line 30) | func fakeTime(t *testing.T) { function Test_x5cIssuer_SignToken (line 41) | func Test_x5cIssuer_SignToken(t *testing.T) { function Test_x5cIssuer_RevokeToken (line 120) | func Test_x5cIssuer_RevokeToken(t *testing.T) { function Test_x5cIssuer_Lifetime (line 184) | func Test_x5cIssuer_Lifetime(t *testing.T) { function Test_newJoseSigner (line 231) | func Test_newJoseSigner(t *testing.T) { FILE: cas/vaultcas/auth/approle/approle.go type AuthOptions (line 13) | type AuthOptions struct function NewApproleAuthMethod (line 21) | func NewApproleAuthMethod(mountPath string, options json.RawMessage) (*a... FILE: cas/vaultcas/auth/approle/approle_test.go function testCAHelper (line 15) | func testCAHelper(t *testing.T) (*url.URL, *vault.Client) { function TestApprole_LoginMountPaths (line 60) | func TestApprole_LoginMountPaths(t *testing.T) { function TestApprole_NewApproleAuthMethod (line 112) | func TestApprole_NewApproleAuthMethod(t *testing.T) { FILE: cas/vaultcas/auth/aws/aws.go type AuthOptions (line 14) | type AuthOptions struct function NewAwsAuthMethod (line 27) | func NewAwsAuthMethod(mountPath string, options json.RawMessage) (*aws.A... FILE: cas/vaultcas/auth/aws/aws_test.go function testCAHelper (line 15) | func testCAHelper(t *testing.T) (*url.URL, *vault.Client) { function TestAws_LoginMountPaths (line 60) | func TestAws_LoginMountPaths(t *testing.T) { function TestAws_NewAwsAuthMethod (line 112) | func TestAws_NewAwsAuthMethod(t *testing.T) { FILE: cas/vaultcas/auth/kubernetes/kubernetes.go type AuthOptions (line 13) | type AuthOptions struct function NewKubernetesAuthMethod (line 18) | func NewKubernetesAuthMethod(mountPath string, options json.RawMessage) ... FILE: cas/vaultcas/auth/kubernetes/kubernetes_test.go function testCAHelper (line 18) | func testCAHelper(t *testing.T) (*url.URL, *vault.Client) { function TestApprole_LoginMountPaths (line 63) | func TestApprole_LoginMountPaths(t *testing.T) { function TestApprole_NewApproleAuthMethod (line 117) | func TestApprole_NewApproleAuthMethod(t *testing.T) { FILE: cas/vaultcas/vaultcas.go function init (line 25) | func init() { type VaultOptions (line 33) | type VaultOptions struct type VaultCAS (line 46) | type VaultCAS struct method Type (line 117) | func (v *VaultCAS) Type() apiv1.Type { method CreateCertificate (line 122) | func (v *VaultCAS) CreateCertificate(req *apiv1.CreateCertificateReque... method GetCertificateAuthority (line 143) | func (v *VaultCAS) GetCertificateAuthority(*apiv1.GetCertificateAuthor... method RenewCertificate (line 178) | func (v *VaultCAS) RenewCertificate(*apiv1.RenewCertificateRequest) (*... method RevokeCertificate (line 183) | func (v *VaultCAS) RevokeCertificate(req *apiv1.RevokeCertificateReque... method createCertificate (line 212) | func (v *VaultCAS) createCertificate(cr *x509.CertificateRequest, life... type certBundle (line 52) | type certBundle struct function New (line 60) | func New(ctx context.Context, opts apiv1.Options) (*VaultCAS, error) { function loadOptions (line 257) | func loadOptions(config json.RawMessage) (*VaultOptions, error) { function parseCertificates (line 282) | func parseCertificates(pemCert string) []*x509.Certificate { function getCertificateBundle (line 300) | func getCertificateBundle(chain string) (*certBundle, error) { function isRoot (line 325) | func isRoot(cert *x509.Certificate) bool { function formatSerialNumber (line 334) | func formatSerialNumber(sn *big.Int) string { FILE: cas/vaultcas/vaultcas_test.go function mustParseCertificate (line 77) | func mustParseCertificate(t *testing.T, pemCert string) *x509.Certificate { function mustParseCertificateRequest (line 83) | func mustParseCertificateRequest(t *testing.T, pemData string) *x509.Cer... function testCAHelper (line 92) | func testCAHelper(t *testing.T) (*url.URL, *vault.Client) { function TestNew_register (line 173) | func TestNew_register(t *testing.T) { function TestVaultCAS_Type (line 196) | func TestVaultCAS_Type(t *testing.T) { function TestVaultCAS_CreateCertificate (line 213) | func TestVaultCAS_CreateCertificate(t *testing.T) { function TestVaultCAS_GetCertificateAuthority (line 289) | func TestVaultCAS_GetCertificateAuthority(t *testing.T) { function TestVaultCAS_RevokeCertificate (line 343) | func TestVaultCAS_RevokeCertificate(t *testing.T) { function TestVaultCAS_RenewCertificate (line 411) | func TestVaultCAS_RenewCertificate(t *testing.T) { function TestVaultCAS_loadOptions (line 461) | func TestVaultCAS_loadOptions(t *testing.T) { FILE: cmd/step-ca/main.go function init (line 53) | func init() { function exit (line 62) | func exit(code int) { function main (line 104) | func main() { function flagValue (line 218) | func flagValue(f cli.Flag) reflect.Value { function stringifyFlag (line 228) | func stringifyFlag(f cli.Flag) string { FILE: commands/app.go function appAction (line 106) | func appAction(ctx *cli.Context) error { function createContext (line 283) | func createContext(name string) error { function fatal (line 304) | func fatal(err error) { FILE: commands/export.go function init (line 21) | func init() { function exportAction (line 58) | func exportAction(ctx *cli.Context) error { FILE: commands/onboard.go constant defaultOnboardingURL (line 30) | defaultOnboardingURL = "https://api.smallstep.com/onboarding/" type onboardingConfiguration (line 32) | type onboardingConfiguration struct type onboardingPayload (line 39) | type onboardingPayload struct type onboardingError (line 43) | type onboardingError struct method Error (line 48) | func (e onboardingError) Error() string { function init (line 52) | func init() { function onboardAction (line 73) | func onboardAction(ctx *cli.Context) error { function onboardPKI (line 171) | func onboardPKI(cfg onboardingConfiguration) (*config.Config, string, er... function readJSON (line 227) | func readJSON(r io.ReadCloser, v interface{}) error { FILE: db/db.go type Config (line 43) | type Config struct type AuthDB (line 56) | type AuthDB interface type dbKey (line 68) | type dbKey struct function NewContext (line 71) | func NewContext(ctx context.Context, db AuthDB) context.Context { function FromContext (line 76) | func FromContext(ctx context.Context) (db AuthDB, ok bool) { function MustFromContext (line 83) | func MustFromContext(ctx context.Context) AuthDB { type CertificateStorer (line 96) | type CertificateStorer interface type CertificateRevocationListDB (line 102) | type CertificateRevocationListDB interface type DB (line 109) | type DB struct method IsRevoked (line 173) | func (db *DB) IsRevoked(sn string) (bool, error) { method IsSSHRevoked (line 196) | func (db *DB) IsSSHRevoked(sn string) (bool, error) { method Revoke (line 216) | func (db *DB) Revoke(rci *RevokedCertificateInfo) error { method RevokeSSH (line 234) | func (db *DB) RevokeSSH(rci *RevokedCertificateInfo) error { method GetRevokedCertificates (line 252) | func (db *DB) GetRevokedCertificates() (*[]RevokedCertificateInfo, err... method StoreCRL (line 269) | func (db *DB) StoreCRL(crlInfo *CertificateRevocationListInfo) error { method GetCRL (line 282) | func (db *DB) GetCRL() (*CertificateRevocationListInfo, error) { method GetCertificate (line 297) | func (db *DB) GetCertificate(serialNumber string) (*x509.Certificate, ... method GetCertificateData (line 310) | func (db *DB) GetCertificateData(serialNumber string) (*CertificateDat... method StoreCertificate (line 323) | func (db *DB) StoreCertificate(crt *x509.Certificate) error { method StoreCertificateChain (line 351) | func (db *DB) StoreCertificateChain(p provisioner.Interface, chain ...... method StoreRenewedCertificate (line 381) | func (db *DB) StoreRenewedCertificate(oldCert *x509.Certificate, chain... method UseToken (line 406) | func (db *DB) UseToken(id, tok string) (bool, error) { method IsSSHHost (line 416) | func (db *DB) IsSSHHost(principal string) (bool, error) { method StoreSSHCertificate (line 432) | func (db *DB) StoreSSHCertificate(crt *ssh.Certificate) error { method GetSSHHostPrincipals (line 460) | func (db *DB) GetSSHHostPrincipals() ([]string, error) { method Shutdown (line 479) | func (db *DB) Shutdown() error { function New (line 115) | func New(c *Config) (AuthDB, error) { type RevokedCertificateInfo (line 148) | type RevokedCertificateInfo struct type CertificateRevocationListInfo (line 162) | type CertificateRevocationListInfo struct type CertificateData (line 332) | type CertificateData struct type ProvisionerData (line 339) | type ProvisionerData struct type raProvisioner (line 345) | type raProvisioner interface type sshHostPrincipalData (line 426) | type sshHostPrincipalData struct type MockAuthDB (line 490) | type MockAuthDB struct method GetRevokedCertificates (line 510) | func (m *MockAuthDB) GetRevokedCertificates() (*[]RevokedCertificateIn... method GetCRL (line 517) | func (m *MockAuthDB) GetCRL() (*CertificateRevocationListInfo, error) { method StoreCRL (line 524) | func (m *MockAuthDB) StoreCRL(info *CertificateRevocationListInfo) err... method IsRevoked (line 532) | func (m *MockAuthDB) IsRevoked(sn string) (bool, error) { method IsSSHRevoked (line 540) | func (m *MockAuthDB) IsSSHRevoked(sn string) (bool, error) { method UseToken (line 548) | func (m *MockAuthDB) UseToken(id, tok string) (bool, error) { method Revoke (line 559) | func (m *MockAuthDB) Revoke(rci *RevokedCertificateInfo) error { method RevokeSSH (line 567) | func (m *MockAuthDB) RevokeSSH(rci *RevokedCertificateInfo) error { method GetCertificate (line 575) | func (m *MockAuthDB) GetCertificate(serialNumber string) (*x509.Certif... method GetCertificateData (line 583) | func (m *MockAuthDB) GetCertificateData(serialNumber string) (*Certifi... method StoreCertificate (line 594) | func (m *MockAuthDB) StoreCertificate(crt *x509.Certificate) error { method IsSSHHost (line 602) | func (m *MockAuthDB) IsSSHHost(principal string) (bool, error) { method StoreSSHCertificate (line 610) | func (m *MockAuthDB) StoreSSHCertificate(crt *ssh.Certificate) error { method GetSSHHostPrincipals (line 618) | func (m *MockAuthDB) GetSSHHostPrincipals() ([]string, error) { method Shutdown (line 626) | func (m *MockAuthDB) Shutdown() error { type MockNoSQLDB (line 634) | type MockNoSQLDB struct method CmpAndSwap (line 650) | func (m *MockNoSQLDB) CmpAndSwap(bucket, key, old, newval []byte) ([]b... method Get (line 661) | func (m *MockNoSQLDB) Get(bucket, key []byte) ([]byte, error) { method Set (line 672) | func (m *MockNoSQLDB) Set(bucket, key, value []byte) error { method Open (line 680) | func (m *MockNoSQLDB) Open(dataSourceName string, opt ...database.Opti... method Close (line 688) | func (m *MockNoSQLDB) Close() error { method CreateTable (line 696) | func (m *MockNoSQLDB) CreateTable(bucket []byte) error { method DeleteTable (line 704) | func (m *MockNoSQLDB) DeleteTable(bucket []byte) error { method Del (line 712) | func (m *MockNoSQLDB) Del(bucket, key []byte) error { method List (line 720) | func (m *MockNoSQLDB) List(bucket []byte) ([]*database.Entry, error) { method Update (line 728) | func (m *MockNoSQLDB) Update(tx *database.Tx) error { FILE: db/db_test.go function TestIsRevoked (line 17) | func TestIsRevoked(t *testing.T) { function TestRevoke (line 57) | func TestRevoke(t *testing.T) { function TestUseToken (line 103) | func TestUseToken(t *testing.T) { type wrappedProvisioner (line 169) | type wrappedProvisioner struct method RAInfo (line 174) | func (p *wrappedProvisioner) RAInfo() *provisioner.RAInfo { function TestDB_StoreCertificateChain (line 178) | func TestDB_StoreCertificateChain(t *testing.T) { function TestDB_GetCertificateData (line 271) | func TestDB_GetCertificateData(t *testing.T) { function TestDB_StoreRenewedCertificate (line 331) | func TestDB_StoreRenewedCertificate(t *testing.T) { FILE: db/simple.go type SimpleDB (line 19) | type SimpleDB struct method IsRevoked (line 30) | func (s *SimpleDB) IsRevoked(string) (bool, error) { method IsSSHRevoked (line 35) | func (s *SimpleDB) IsSSHRevoked(string) (bool, error) { method Revoke (line 40) | func (s *SimpleDB) Revoke(*RevokedCertificateInfo) error { method GetRevokedCertificates (line 45) | func (s *SimpleDB) GetRevokedCertificates() (*[]RevokedCertificateInfo... method GetCRL (line 50) | func (s *SimpleDB) GetCRL() (*CertificateRevocationListInfo, error) { method StoreCRL (line 55) | func (s *SimpleDB) StoreCRL(*CertificateRevocationListInfo) error { method RevokeSSH (line 60) | func (s *SimpleDB) RevokeSSH(*RevokedCertificateInfo) error { method GetCertificate (line 65) | func (s *SimpleDB) GetCertificate(string) (*x509.Certificate, error) { method StoreCertificate (line 70) | func (s *SimpleDB) StoreCertificate(*x509.Certificate) error { method UseToken (line 80) | func (s *SimpleDB) UseToken(id, tok string) (bool, error) { method IsSSHHost (line 93) | func (s *SimpleDB) IsSSHHost(string) (bool, error) { method StoreSSHCertificate (line 98) | func (s *SimpleDB) StoreSSHCertificate(*ssh.Certificate) error { method GetSSHHostPrincipals (line 103) | func (s *SimpleDB) GetSSHHostPrincipals() ([]string, error) { method Shutdown (line 108) | func (s *SimpleDB) Shutdown() error { method Open (line 115) | func (s *SimpleDB) Open(string, ...database.Option) error { method Close (line 120) | func (s *SimpleDB) Close() error { method Get (line 125) | func (s *SimpleDB) Get([]byte, []byte) ([]byte, error) { method Set (line 130) | func (s *SimpleDB) Set([]byte, []byte, []byte) error { method CmpAndSwap (line 137) | func (s *SimpleDB) CmpAndSwap([]byte, []byte, []byte, []byte) ([]byte,... method Del (line 142) | func (s *SimpleDB) Del([]byte, []byte) error { method List (line 147) | func (s *SimpleDB) List([]byte) ([]*database.Entry, error) { method Update (line 152) | func (s *SimpleDB) Update(*database.Tx) error { method CreateTable (line 157) | func (s *SimpleDB) CreateTable([]byte) error { method DeleteTable (line 162) | func (s *SimpleDB) DeleteTable([]byte) error { function newSimpleDB (line 23) | func newSimpleDB(*Config) (*SimpleDB, error) { type usedToken (line 74) | type usedToken struct FILE: db/simple_test.go function TestSimpleDB (line 9) | func TestSimpleDB(t *testing.T) { FILE: errs/error.go type Option (line 15) | type Option function withDefaultMessage (line 21) | func withDefaultMessage(message string) Option { function withFormattedMessage (line 33) | func withFormattedMessage(format string, args ...interface{}) Option { function WithMessage (line 45) | func WithMessage(format string, args ...interface{}) Option { function WithErrorMessage (line 54) | func WithErrorMessage() Option { function WithKeyVal (line 63) | func WithKeyVal(key string, val interface{}) Option { type Error (line 74) | type Error struct method Unwrap (line 89) | func (e *Error) Unwrap() error { method Cause (line 94) | func (e *Error) Cause() error { method Error (line 99) | func (e *Error) Error() string { method StatusCode (line 105) | func (e *Error) StatusCode() int { method Message (line 110) | func (e *Error) Message() string { method MarshalJSON (line 152) | func (e *Error) MarshalJSON() ([]byte, error) { method UnmarshalJSON (line 163) | func (e *Error) UnmarshalJSON(data []byte) error { method Format (line 174) | func (e *Error) Format(f fmt.State, c rune) { type ErrorResponse (line 83) | type ErrorResponse struct function Wrap (line 119) | func Wrap(status int, e error, m string, args ...interface{}) error { function Wrapf (line 136) | func Wrapf(status int, e error, format string, args ...interface{}) error { type Messenger (line 184) | type Messenger interface function StatusCodeError (line 189) | func StatusCodeError(code int, e error, opts ...Option) error { constant seeLogs (line 209) | seeLogs = "Please see the certificate authority logs for more info." constant defaultMsg (line 210) | defaultMsg = "The requested could not be completed. " + seeLogs constant BadRequestDefaultMsg (line 212) | BadRequestDefaultMsg = "The request could not be completed; malformed or... constant UnauthorizedDefaultMsg (line 214) | UnauthorizedDefaultMsg = "The request lacked necessary authorization to ... constant ForbiddenDefaultMsg (line 216) | ForbiddenDefaultMsg = "The request was forbidden by the certificate auth... constant NotFoundDefaultMsg (line 218) | NotFoundDefaultMsg = "The requested resource could not be found. " + see... constant InternalServerErrorDefaultMsg (line 220) | InternalServerErrorDefaultMsg = "The certificate authority encountered a... constant NotImplementedDefaultMsg (line 222) | NotImplementedDefaultMsg = "The requested method is not implemented by t... function defaultMessage (line 225) | func defaultMessage(status int) string { constant BadRequestPrefix (line 247) | BadRequestPrefix = "The request could not be completed: " constant ForbiddenPrefix (line 251) | ForbiddenPrefix = "The request was forbidden by the certificate authorit... function formatMessage (line 254) | func formatMessage(status int, msg string) string { function splitOptionArgs (line 267) | func splitOptionArgs(args []interface{}) ([]interface{}, []Option) { function New (line 290) | func New(status int, format string, args ...interface{}) error { function NewError (line 300) | func NewError(status int, err error, format string, args ...interface{})... function NewErr (line 319) | func NewErr(status int, err error, opts ...Option) error { function Errorf (line 336) | func Errorf(code int, format string, args ...interface{}) error { function ApplyOptions (line 348) | func ApplyOptions(err error, opts ...interface{}) error { function InternalServer (line 360) | func InternalServer(format string, args ...interface{}) error { function InternalServerErr (line 366) | func InternalServerErr(err error, opts ...Option) error { function NotImplemented (line 372) | func NotImplemented(format string, args ...interface{}) error { function NotImplementedErr (line 378) | func NotImplementedErr(err error, opts ...Option) error { function BadRequest (line 384) | func BadRequest(format string, args ...interface{}) error { function BadRequestErr (line 389) | func BadRequestErr(err error, format string, args ...interface{}) error { function Unauthorized (line 394) | func Unauthorized(format string, args ...interface{}) error { function UnauthorizedErr (line 400) | func UnauthorizedErr(err error, opts ...Option) error { function Forbidden (line 406) | func Forbidden(format string, args ...interface{}) error { function ForbiddenErr (line 411) | func ForbiddenErr(err error, format string, args ...interface{}) error { function NotFound (line 416) | func NotFound(format string, args ...interface{}) error { function NotFoundErr (line 422) | func NotFoundErr(err error, opts ...Option) error { function UnexpectedErr (line 429) | func UnexpectedErr(code int, err error, opts ...Option) error { FILE: errs/errors_test.go function TestError_MarshalJSON (line 12) | func TestError_MarshalJSON(t *testing.T) { function TestError_UnmarshalJSON (line 45) | func TestError_UnmarshalJSON(t *testing.T) { function TestError_Unwrap (line 73) | func TestError_Unwrap(t *testing.T) { type customError (line 96) | type customError struct method Error (line 100) | func (e *customError) Error() string { function TestError_Unwrap_As (line 104) | func TestError_Unwrap_As(t *testing.T) { function TestErrorf (line 131) | func TestErrorf(t *testing.T) { FILE: examples/basic-client/client.go function printResponse (line 16) | func printResponse(name string, v interface{}) { function main (line 24) | func main() { FILE: examples/basic-federation/client/main.go function main (line 13) | func main() { FILE: examples/basic-federation/server/main.go function main (line 13) | func main() { function ListTrustedRoots (line 49) | func ListTrustedRoots() ca.TLSOption { FILE: examples/bootstrap-client/client.go function main (line 13) | func main() { FILE: examples/bootstrap-mtls-server/server.go function main (line 13) | func main() { FILE: examples/bootstrap-tls-server/server.go function main (line 13) | func main() { FILE: internal/cast/cast.go type signed (line 7) | type signed interface type unsigned (line 11) | type unsigned interface type number (line 15) | type number interface function SafeUint (line 19) | func SafeUint(x int) (uint, error) { function Uint (line 23) | func Uint(x int) uint { function SafeInt64 (line 32) | func SafeInt64[T number](x T) (int64, error) { function Int64 (line 36) | func Int64[T number](x T) int64 { function SafeUint64 (line 45) | func SafeUint64[T signed](x T) (uint64, error) { function Uint64 (line 49) | func Uint64[T signed](x T) uint64 { function SafeInt32 (line 58) | func SafeInt32[T signed](x T) (int32, error) { function Int32 (line 62) | func Int32[T signed](x T) int32 { function SafeUint32 (line 71) | func SafeUint32[T signed](x T) (uint32, error) { function Uint32 (line 75) | func Uint32[T signed](x T) uint32 { function SafeUint16 (line 84) | func SafeUint16(x int) (uint16, error) { function Uint16 (line 88) | func Uint16(x int) uint16 { function SafeUint8 (line 97) | func SafeUint8[T number](x T) (uint8, error) { function Uint8 (line 101) | func Uint8[T number](x T) uint8 { FILE: internal/cast/cast_test.go function TestUintConvertsValues (line 10) | func TestUintConvertsValues(t *testing.T) { function TestUintPanicsOnNegativeValue (line 16) | func TestUintPanicsOnNegativeValue(t *testing.T) { function TestInt64ConvertsValues (line 20) | func TestInt64ConvertsValues(t *testing.T) { function TestInt64PanicsOnLargeValue (line 26) | func TestInt64PanicsOnLargeValue(t *testing.T) { function TestUint64ConvertsValues (line 30) | func TestUint64ConvertsValues(t *testing.T) { function TestUint64PanicsOnNegativeValue (line 36) | func TestUint64PanicsOnNegativeValue(t *testing.T) { function TestInt32ConvertsValues (line 40) | func TestInt32ConvertsValues(t *testing.T) { function TestInt32PanicsOnTooSmallValue (line 46) | func TestInt32PanicsOnTooSmallValue(t *testing.T) { function TestInt32PanicsOnLargeValue (line 50) | func TestInt32PanicsOnLargeValue(t *testing.T) { function TestUint32ConvertsValues (line 54) | func TestUint32ConvertsValues(t *testing.T) { function TestUint32PanicsOnNegativeValue (line 60) | func TestUint32PanicsOnNegativeValue(t *testing.T) { function TestUint32PanicsOnLargeValue (line 64) | func TestUint32PanicsOnLargeValue(t *testing.T) { function TestUint16ConvertsValues (line 68) | func TestUint16ConvertsValues(t *testing.T) { function TestUint16PanicsOnNegativeValue (line 74) | func TestUint16PanicsOnNegativeValue(t *testing.T) { function TestUint16PanicsOnLargeValue (line 78) | func TestUint16PanicsOnLargeValue(t *testing.T) { function TestUint8ConvertsValues (line 82) | func TestUint8ConvertsValues(t *testing.T) { function TestUint8PanicsOnNegativeValue (line 88) | func TestUint8PanicsOnNegativeValue(t *testing.T) { function TestUint8PanicsOnLargeValue (line 92) | func TestUint8PanicsOnLargeValue(t *testing.T) { FILE: internal/httptransport/httptransport.go type Wrapper (line 12) | type Wrapper function NoopWrapper (line 16) | func NoopWrapper() Wrapper { function New (line 24) | func New() *http.Transport { FILE: internal/metrix/meter.go function New (line 18) | func New() (m *Meter) { type Meter (line 74) | type Meter struct method SSHRekeyed (line 84) | func (m *Meter) SSHRekeyed(cert *ssh.Certificate, p provisioner.Interf... method SSHRenewed (line 89) | func (m *Meter) SSHRenewed(cert *ssh.Certificate, p provisioner.Interf... method SSHSigned (line 94) | func (m *Meter) SSHSigned(cert *ssh.Certificate, p provisioner.Interfa... method SSHWebhookAuthorized (line 99) | func (m *Meter) SSHWebhookAuthorized(p provisioner.Interface, err erro... method SSHWebhookEnriched (line 104) | func (m *Meter) SSHWebhookEnriched(p provisioner.Interface, err error) { method X509Rekeyed (line 109) | func (m *Meter) X509Rekeyed(_ []*x509.Certificate, p provisioner.Inter... method X509Renewed (line 114) | func (m *Meter) X509Renewed(_ []*x509.Certificate, p provisioner.Inter... method X509Signed (line 119) | func (m *Meter) X509Signed(_ []*x509.Certificate, p provisioner.Interf... method X509WebhookAuthorized (line 124) | func (m *Meter) X509WebhookAuthorized(p provisioner.Interface, err err... method X509WebhookEnriched (line 129) | func (m *Meter) X509WebhookEnriched(p provisioner.Interface, err error) { method KMSSigned (line 157) | func (m *Meter) KMSSigned(err error) { function sshCertValues (line 133) | func sshCertValues(cert *ssh.Certificate) []string { function incrProvisionerCounter (line 144) | func incrProvisionerCounter(cv *prometheus.CounterVec, p provisioner.Int... type provisionerInstruments (line 166) | type provisionerInstruments struct function newProvisionerInstruments (line 175) | func newProvisionerInstruments(subsystem string, signLabels, webhookLabe... type kms (line 185) | type kms struct function newCounterVec (line 190) | func newCounterVec(subsystem, name, help string, labels ...string) *prom... function opts (line 196) | func opts(subsystem, name, help string) prometheus.Opts { FILE: internal/userid/userid.go type contextKey (line 5) | type contextKey struct function NewContext (line 11) | func NewContext(ctx context.Context, userID string) context.Context { function FromContext (line 17) | func FromContext(ctx context.Context) (string, bool) { FILE: logging/clf.go type CommonLogFormat (line 18) | type CommonLogFormat struct method Format (line 26) | func (f *CommonLogFormat) Format(entry *logrus.Entry) ([]byte, error) { FILE: logging/handler.go type LoggerHandler (line 26) | type LoggerHandler struct method ServeHTTP (line 64) | func (l *LoggerHandler) ServeHTTP(w http.ResponseWriter, r *http.Reque... method writeEntry (line 73) | func (l *LoggerHandler) writeEntry(w ResponseLogger, r *http.Request, ... type options (line 34) | type options struct function NewLoggerHandler (line 46) | func NewLoggerHandler(name string, logger *Logger, next http.Handler) ht... function sanitizeLogEntry (line 142) | func sanitizeLogEntry(s string) string { function realIP (line 151) | func realIP(r *http.Request) string { FILE: logging/handler_test.go function TestHealthOKHandling (line 19) | func TestHealthOKHandling(t *testing.T) { function TestHandlingRegardlessOfOptions (line 76) | func TestHandlingRegardlessOfOptions(t *testing.T) { function TestLogRealIP (line 150) | func TestLogRealIP(t *testing.T) { FILE: logging/logger.go constant defaultTraceIDHeader (line 14) | defaultTraceIDHeader = "X-Smallstep-Id" type Logger (line 20) | type Logger struct method GetImpl (line 69) | func (l *Logger) GetImpl() *logrus.Logger { method GetTraceHeader (line 74) | func (l *Logger) GetTraceHeader() string { method Middleware (line 83) | func (l *Logger) Middleware(next http.Handler) http.Handler { type loggerConfig (line 27) | type loggerConfig struct function New (line 33) | func New(name string, raw json.RawMessage) (*Logger, error) { FILE: logging/responselogger.go type ResponseLogger (line 12) | type ResponseLogger interface function NewResponseLogger (line 24) | func NewResponseLogger(w http.ResponseWriter) ResponseLogger { function wrapLogger (line 31) | func wrapLogger(w http.ResponseWriter) (rw ResponseLogger) { type rwDefault (line 45) | type rwDefault struct method Header (line 52) | func (r *rwDefault) Header() http.Header { method Write (line 56) | func (r *rwDefault) Write(p []byte) (n int, err error) { method WriteHeader (line 62) | func (r *rwDefault) WriteHeader(code int) { method Size (line 67) | func (r *rwDefault) Size() int { method StatusCode (line 71) | func (r *rwDefault) StatusCode() int { method Fields (line 75) | func (r *rwDefault) Fields() map[string]interface{} { method WithFields (line 79) | func (r *rwDefault) WithFields(fields map[string]interface{}) { type rwFlusher (line 88) | type rwFlusher struct method Flush (line 93) | func (r *rwFlusher) Flush() { type rwHijacker (line 97) | type rwHijacker struct method Hijack (line 102) | func (r *rwHijacker) Hijack() (net.Conn, *bufio.ReadWriter, error) { type rwPusher (line 106) | type rwPusher struct method Push (line 111) | func (rw *rwPusher) Push(target string, opts *http.PushOptions) error { FILE: middleware/requestid/requestid.go constant requestIDHeader (line 17) | requestIDHeader = "X-Request-Id" constant defaultTraceHeader (line 22) | defaultTraceHeader = "X-Smallstep-Id" type Handler (line 25) | type Handler struct method Middleware (line 45) | func (h *Handler) Middleware(next http.Handler) http.Handler { function New (line 32) | func New(legacyTraceHeader string) *Handler { function newRequestID (line 70) | func newRequestID() string { type contextKey (line 79) | type contextKey struct function NewContext (line 83) | func NewContext(ctx context.Context, requestID string) context.Context { function FromContext (line 89) | func FromContext(ctx context.Context) (string, bool) { FILE: middleware/requestid/requestid_test.go function newRequest (line 12) | func newRequest(t *testing.T) *http.Request { function Test_Middleware (line 19) | func Test_Middleware(t *testing.T) { FILE: monitoring/monitoring.go type Middleware (line 19) | type Middleware type Monitoring (line 23) | type Monitoring struct method Middleware (line 62) | func (m *Monitoring) Middleware(next http.Handler) http.Handler { type monitoringConfig (line 29) | type monitoringConfig struct function New (line 37) | func New(raw json.RawMessage) (*Monitoring, error) { function newRelicMiddleware (line 66) | func newRelicMiddleware(app *newrelic.Application) Middleware { function transactionName (line 110) | func transactionName(r *http.Request) string { FILE: pki/helm.go type helmVariables (line 16) | type helmVariables struct method WriteHelmTemplate (line 28) | func (p *PKI) WriteHelmTemplate(w io.Writer) error { constant helmTemplate (line 109) | helmTemplate = `# Helm template FILE: pki/helm_test.go function TestPKI_WriteHelmTemplate (line 23) | func TestPKI_WriteHelmTemplate(t *testing.T) { function setKeyPair (line 165) | func setKeyPair(t *testing.T, p *PKI) { function setCertificates (line 213) | func setCertificates(_ *testing.T, p *PKI) { function setSSHSigningKeys (line 230) | func setSSHSigningKeys(_ *testing.T, p *PKI) { FILE: pki/pki.go type DeploymentType (line 45) | type DeploymentType method String (line 61) | func (d DeploymentType) String() string { constant StandaloneDeployment (line 50) | StandaloneDeployment DeploymentType = iota constant LinkedDeployment (line 54) | LinkedDeployment constant HostedDeployment (line 57) | HostedDeployment constant configPath (line 77) | configPath = "config" constant publicPath (line 80) | publicPath = "certs" constant privatePath (line 83) | privatePath = "secrets" constant dbPath (line 86) | dbPath = "db" constant templatesPath (line 88) | templatesPath = "templates" function GetDBPath (line 93) | func GetDBPath() string { function GetConfigPath (line 99) | func GetConfigPath() string { function GetProfileConfigPath (line 105) | func GetProfileConfigPath() string { function GetPublicPath (line 111) | func GetPublicPath() string { function GetSecretsPath (line 117) | func GetSecretsPath() string { function GetRootCAPath (line 123) | func GetRootCAPath() string { function GetOTTKeyPath (line 129) | func GetOTTKeyPath() string { function GetTemplatesPath (line 134) | func GetTemplatesPath() string { function GetProvisioners (line 139) | func GetProvisioners(caURL, rootFile string) (provisioner.List, error) { function GetProvisionerKey (line 164) | func GetProvisionerKey(caURL, rootFile, kid string) (string, error) { type options (line 179) | type options struct type Option (line 196) | type Option function WithAddress (line 199) | func WithAddress(s string) Option { function WithCaURL (line 206) | func WithCaURL(s string) Option { function WithDNSNames (line 213) | func WithDNSNames(s []string) Option { function WithProvisioner (line 220) | func WithProvisioner(s string) Option { function WithSuperAdminSubject (line 229) | func WithSuperAdminSubject(s string) Option { function WithPKIOnly (line 236) | func WithPKIOnly() Option { function WithACME (line 243) | func WithACME() Option { function WithSSH (line 250) | func WithSSH() Option { function WithAdmin (line 257) | func WithAdmin() Option { function WithNoDB (line 264) | func WithNoDB() Option { function WithHelm (line 271) | func WithHelm() Option { function WithDeploymentType (line 278) | func WithDeploymentType(dt DeploymentType) Option { function WithKMS (line 285) | func WithKMS(name string) Option { function WithKeyURIs (line 295) | func WithKeyURIs(rootKey, intermediateKey, hostKey, userKey string) Opti... type PKI (line 305) | type PKI struct method GetCAConfigPath (line 460) | func (p *PKI) GetCAConfigPath() string { method GetRootFingerprint (line 465) | func (p *PKI) GetRootFingerprint() string { method GenerateKeyPairs (line 470) | func (p *PKI) GenerateKeyPairs(pass []byte) error { method GenerateRootCertificate (line 515) | func (p *PKI) GenerateRootCertificate(name, org, resource string, pass... method WriteRootCertificate (line 560) | func (p *PKI) WriteRootCertificate(rootCrt *x509.Certificate, rootKey ... method GenerateIntermediateCertificate (line 576) | func (p *PKI) GenerateIntermediateCertificate(name, org, resource stri... method CreateCertificateAuthorityResponse (line 627) | func (p *PKI) CreateCertificateAuthorityResponse(cert *x509.Certificat... method GetCertificateAuthority (line 638) | func (p *PKI) GetCertificateAuthority() error { method GenerateSSHSigningKeys (line 664) | func (p *PKI) GenerateSSHSigningKeys(password []byte) error { method WriteFiles (line 730) | func (p *PKI) WriteFiles() error { method askFeedback (line 739) | func (p *PKI) askFeedback() { method tellPKI (line 759) | func (p *PKI) tellPKI() { method GenerateConfig (line 793) | func (p *PKI) GenerateConfig(opt ...ConfigOption) (*authconfig.Config,... method Save (line 973) | func (p *PKI) Save(opt ...ConfigOption) error { function New (line 321) | func New(o apiv1.Options, opts ...Option) (*PKI, error) { type caDefaults (line 782) | type caDefaults struct type ConfigOption (line 790) | type ConfigOption function encodeCertificate (line 1068) | func encodeCertificate(c *x509.Certificate) []byte { function encodePrivateKey (line 1075) | func encodePrivateKey(key crypto.PrivateKey, pass []byte) ([]byte, error) { FILE: pki/pki_test.go function withDBDataSource (line 22) | func withDBDataSource(t *testing.T, dataSource string) func(c *authconfi... function TestPKI_GenerateConfig (line 32) | func TestPKI_GenerateConfig(t *testing.T) { FILE: pki/templates.go method getTemplates (line 17) | func (p *PKI) getTemplates() *templates.Templates { function generateTemplates (line 28) | func generateTemplates(t *templates.Templates) error { FILE: policy/engine.go type NamePolicyReason (line 16) | type NamePolicyReason constant NotAllowed (line 22) | NotAllowed NamePolicyReason = iota + 1 constant CannotParseDomain (line 25) | CannotParseDomain constant CannotParseRFC822Name (line 28) | CannotParseRFC822Name constant CannotMatchNameToConstraint (line 31) | CannotMatchNameToConstraint type NameType (line 34) | type NameType constant CNNameType (line 37) | CNNameType NameType = "cn" constant DNSNameType (line 38) | DNSNameType NameType = "dns" constant IPNameType (line 39) | IPNameType NameType = "ip" constant EmailNameType (line 40) | EmailNameType NameType = "email" constant URINameType (line 41) | URINameType NameType = "uri" constant PrincipalNameType (line 42) | PrincipalNameType NameType = "principal" type NamePolicyError (line 45) | type NamePolicyError struct method Error (line 52) | func (e *NamePolicyError) Error() string { method As (line 69) | func (e *NamePolicyError) As(v any) bool { method Detail (line 83) | func (e *NamePolicyError) Detail() string { type NamePolicyEngine (line 93) | type NamePolicyEngine struct method IsX509CertificateAllowed (line 222) | func (e *NamePolicyEngine) IsX509CertificateAllowed(cert *x509.Certifi... method IsX509CertificateRequestAllowed (line 235) | func (e *NamePolicyEngine) IsX509CertificateRequestAllowed(csr *x509.C... method AreSANsAllowed (line 249) | func (e *NamePolicyEngine) AreSANsAllowed(sans []string) error { method IsDNSAllowed (line 255) | func (e *NamePolicyEngine) IsDNSAllowed(dns string) error { method IsIPAllowed (line 260) | func (e *NamePolicyEngine) IsIPAllowed(ip net.IP) error { method IsSSHCertificateAllowed (line 265) | func (e *NamePolicyEngine) IsSSHCertificateAllowed(cert *ssh.Certifica... function New (line 126) | func New(opts ...NamePolicyOption) (*NamePolicyEngine, error) { function removeDuplicates (line 171) | func removeDuplicates(items []string) (ret []string) { function removeDuplicateIPNets (line 196) | func removeDuplicateIPNets(items []*net.IPNet) (ret []*net.IPNet) { function splitSSHPrincipals (line 274) | func splitSSHPrincipals(cert *ssh.Certificate) (dnsNames []string, ips [... FILE: policy/engine_test.go function TestNamePolicyEngine_matchDomainConstraint (line 20) | func TestNamePolicyEngine_matchDomainConstraint(t *testing.T) { function Test_matchIPConstraint (line 202) | func Test_matchIPConstraint(t *testing.T) { function TestNamePolicyEngine_matchEmailConstraint (line 278) | func TestNamePolicyEngine_matchEmailConstraint(t *testing.T) { function TestNamePolicyEngine_matchURIConstraint (line 479) | func TestNamePolicyEngine_matchURIConstraint(t *testing.T) { function TestNamePolicyEngine_X509_AllAllowed (line 635) | func TestNamePolicyEngine_X509_AllAllowed(t *testing.T) { function TestNamePolicyEngine_SSH_ArePrincipalsAllowed (line 2542) | func TestNamePolicyEngine_SSH_ArePrincipalsAllowed(t *testing.T) { type result (line 3051) | type result struct function emptyResult (line 3058) | func emptyResult() result { function Test_splitSSHPrincipals (line 3067) | func Test_splitSSHPrincipals(t *testing.T) { function Test_removeDuplicates (line 3215) | func Test_removeDuplicates(t *testing.T) { function Test_removeDuplicateIPNets (line 3246) | func Test_removeDuplicateIPNets(t *testing.T) { function TestNamePolicyError_Error (line 3329) | func TestNamePolicyError_Error(t *testing.T) { FILE: policy/options.go type NamePolicyOption (line 11) | type NamePolicyOption function WithSubjectCommonNameVerification (line 15) | func WithSubjectCommonNameVerification() NamePolicyOption { function WithAllowLiteralWildcardNames (line 22) | func WithAllowLiteralWildcardNames() NamePolicyOption { function WithPermittedCommonNames (line 29) | func WithPermittedCommonNames(commonNames ...string) NamePolicyOption { function WithExcludedCommonNames (line 44) | func WithExcludedCommonNames(commonNames ...string) NamePolicyOption { function WithPermittedDNSDomains (line 59) | func WithPermittedDNSDomains(domains ...string) NamePolicyOption { function WithExcludedDNSDomains (line 74) | func WithExcludedDNSDomains(domains ...string) NamePolicyOption { function WithPermittedIPRanges (line 89) | func WithPermittedIPRanges(ipRanges ...*net.IPNet) NamePolicyOption { function WithPermittedCIDRs (line 96) | func WithPermittedCIDRs(cidrs ...string) NamePolicyOption { function WithExcludedCIDRs (line 111) | func WithExcludedCIDRs(cidrs ...string) NamePolicyOption { function WithPermittedIPsOrCIDRs (line 126) | func WithPermittedIPsOrCIDRs(ipsOrCIDRs ...string) NamePolicyOption { function WithExcludedIPsOrCIDRs (line 144) | func WithExcludedIPsOrCIDRs(ipsOrCIDRs ...string) NamePolicyOption { function WithExcludedIPRanges (line 162) | func WithExcludedIPRanges(ipRanges ...*net.IPNet) NamePolicyOption { function WithPermittedEmailAddresses (line 169) | func WithPermittedEmailAddresses(emailAddresses ...string) NamePolicyOpt... function WithExcludedEmailAddresses (line 184) | func WithExcludedEmailAddresses(emailAddresses ...string) NamePolicyOpti... function WithPermittedURIDomains (line 199) | func WithPermittedURIDomains(uriDomains ...string) NamePolicyOption { function WithExcludedURIDomains (line 214) | func WithExcludedURIDomains(domains ...string) NamePolicyOption { function WithPermittedPrincipals (line 229) | func WithPermittedPrincipals(principals ...string) NamePolicyOption { function WithExcludedPrincipals (line 236) | func WithExcludedPrincipals(principals ...string) NamePolicyOption { function networkFor (line 243) | func networkFor(ip net.IP) *net.IPNet { function isIPv4 (line 257) | func isIPv4(ip net.IP) bool { function normalizeAndValidateCommonName (line 261) | func normalizeAndValidateCommonName(constraint string) (string, error) { function normalizeAndValidateDNSDomainConstraint (line 272) | func normalizeAndValidateDNSDomainConstraint(constraint string) (string,... function normalizeAndValidateEmailConstraint (line 302) | func normalizeAndValidateEmailConstraint(constraint string) (string, err... function normalizeAndValidateURIDomainConstraint (line 345) | func normalizeAndValidateURIDomainConstraint(constraint string) (string,... FILE: policy/options_test.go function Test_normalizeAndValidateCommonName (line 11) | func Test_normalizeAndValidateCommonName(t *testing.T) { function Test_normalizeAndValidateDNSDomainConstraint (line 51) | func Test_normalizeAndValidateDNSDomainConstraint(t *testing.T) { function Test_normalizeAndValidateEmailConstraint (line 138) | func Test_normalizeAndValidateEmailConstraint(t *testing.T) { function TestNew (line 232) | func TestNew(t *testing.T) { function Test_normalizeAndValidateURIDomainConstraint (line 662) | func Test_normalizeAndValidateURIDomainConstraint(t *testing.T) { FILE: policy/ssh.go type SSHNamePolicyEngine (line 7) | type SSHNamePolicyEngine interface FILE: policy/validate.go method validateNames (line 24) | func (e *NamePolicyEngine) validateNames(dnsNames []string, ips []net.IP... method validateCommonName (line 184) | func (e *NamePolicyEngine) validateCommonName(commonName string) error { function checkNameConstraints (line 226) | func checkNameConstraints( function domainToReverseLabels (line 290) | func domainToReverseLabels(domain string) (reverseLabels []string, ok bo... type rfc2821Mailbox (line 326) | type rfc2821Mailbox struct function parseRFC2821Mailbox (line 334) | func parseRFC2821Mailbox(in string) (mailbox rfc2821Mailbox, ok bool) { method matchDomainConstraint (line 471) | func (e *NamePolicyEngine) matchDomainConstraint(domain, constraint stri... function matchIPConstraint (line 553) | func matchIPConstraint(ip net.IP, constraint *net.IPNet) (bool, error) { method matchEmailConstraint (line 577) | func (e *NamePolicyEngine) matchEmailConstraint(mailbox rfc2821Mailbox, ... method matchURIConstraint (line 592) | func (e *NamePolicyEngine) matchURIConstraint(uri *url.URL, constraint s... function matchPrincipalConstraint (line 630) | func matchPrincipalConstraint(principal, constraint string) (bool, error) { function matchCommonNameConstraint (line 639) | func matchCommonNameConstraint(commonName, constraint string) (bool, err... FILE: policy/x509.go type X509NamePolicyEngine (line 8) | type X509NamePolicyEngine interface FILE: scep/api/api.go constant opnGetCACert (line 27) | opnGetCACert = "GetCACert" constant opnGetCACaps (line 28) | opnGetCACaps = "GetCACaps" constant opnPKIOperation (line 29) | opnPKIOperation = "PKIOperation" constant maxPayloadSize (line 34) | maxPayloadSize = 2 << 20 type request (line 37) | type request struct type Response (line 43) | type Response struct type handler (line 52) | type handler struct method Route (line 59) | func (h *handler) Route(r api.Router) { function New (line 71) | func New(auth *scep.Authority) api.RouterHandler { function Route (line 76) | func Route(r api.Router) { function route (line 80) | func route(r api.Router, middleware func(next http.HandlerFunc) http.Han... function Get (line 97) | func Get(w http.ResponseWriter, r *http.Request) { function Post (line 127) | func Post(w http.ResponseWriter, r *http.Request) { function decodeRequest (line 150) | func decodeRequest(r *http.Request) (request, error) { function decodeMessage (line 199) | func decodeMessage(message string, r *http.Request) ([]byte, error) { function parseRawQuery (line 246) | func parseRawQuery(query string) (url.Values, error) { function parseRawQueryWithoutUnescaping (line 254) | func parseRawQueryWithoutUnescaping(m url.Values, query string) (err err... function lookupProvisioner (line 272) | func lookupProvisioner(next http.HandlerFunc) http.HandlerFunc { function GetCACert (line 301) | func GetCACert(ctx context.Context) (Response, error) { function GetCACaps (line 334) | func GetCACaps(ctx context.Context) (Response, error) { function PKIOperation (line 347) | func PKIOperation(ctx context.Context, req request) (Response, error) { function formatCapabilities (line 434) | func formatCapabilities(caps []string) []byte { function writeResponse (line 439) | func writeResponse(w http.ResponseWriter, r *http.Request, res Response) { function fail (line 452) | func fail(w http.ResponseWriter, r *http.Request, err error) { function createFailureResponse (line 458) | func createFailureResponse(ctx context.Context, csr *x509.CertificateReq... function contentHeader (line 471) | func contentHeader(r Response) string { FILE: scep/api/api_test.go function Test_decodeRequest (line 20) | func Test_decodeRequest(t *testing.T) { FILE: scep/authority.go type Authority (line 21) | type Authority struct method Validate (line 88) | func (a *Authority) Validate() error { method UpdateProvisioners (line 120) | func (a *Authority) UpdateProvisioners(scepProvisionerNames []string) { method LoadProvisionerByName (line 146) | func (a *Authority) LoadProvisionerByName(name string) (provisioner.In... method GetCACertificates (line 161) | func (a *Authority) GetCACertificates(ctx context.Context) (certs []*x... method DecryptPKIEnvelope (line 190) | func (a *Authority) DecryptPKIEnvelope(ctx context.Context, msg *PKIMe... method SignCSR (line 243) | func (a *Authority) SignCSR(ctx context.Context, csr *x509.Certificate... method encrypt (line 403) | func (a *Authority) encrypt(content []byte, recipients []*x509.Certifi... method CreateFailureResponse (line 426) | func (a *Authority) CreateFailureResponse(ctx context.Context, _ *x509... method GetCACaps (line 498) | func (a *Authority) GetCACaps(ctx context.Context) []string { method ValidateChallenge (line 515) | func (a *Authority) ValidateChallenge(ctx context.Context, csr *x509.C... method NotifySuccess (line 520) | func (a *Authority) NotifySuccess(ctx context.Context, csr *x509.Certi... method NotifyFailure (line 525) | func (a *Authority) NotifyFailure(ctx context.Context, csr *x509.Certi... method selectDecrypter (line 530) | func (a *Authority) selectDecrypter(ctx context.Context) (cert *x509.C... method selectSigner (line 553) | func (a *Authority) selectSigner(ctx context.Context) (cert *x509.Cert... type authorityKey (line 35) | type authorityKey struct function NewContext (line 38) | func NewContext(ctx context.Context, a *Authority) context.Context { function FromContext (line 43) | func FromContext(ctx context.Context) (a *Authority, ok bool) { function MustFromContext (line 50) | func MustFromContext(ctx context.Context) *Authority { type SignAuthority (line 62) | type SignAuthority interface function New (line 68) | func New(signAuth SignAuthority, opts Options) (*Authority, error) { FILE: scep/authority_test.go function generateContent (line 27) | func generateContent(t *testing.T, size int) []byte { function generateRecipients (line 34) | func generateRecipients(t *testing.T) []*x509.Certificate { function TestAuthority_encrypt (line 48) | func TestAuthority_encrypt(t *testing.T) { type signAuthority (line 86) | type signAuthority struct method SignWithContext (line 92) | func (s *signAuthority) SignWithContext(ctx context.Context, cr *x509.... method LoadProvisionerByName (line 110) | func (s *signAuthority) LoadProvisionerByName(string) (provisioner.Int... function TestAuthority_SignCSR (line 138) | func TestAuthority_SignCSR(t *testing.T) { FILE: scep/options.go type Options (line 10) | type Options struct method Validate (line 36) | func (o *Options) Validate() error { type comparablePublicKey (line 31) | type comparablePublicKey interface FILE: scep/provisioner.go type Provisioner (line 14) | type Provisioner interface type provisionerKey (line 30) | type provisionerKey struct function provisionerFromContext (line 34) | func provisionerFromContext(ctx context.Context) Provisioner { function NewProvisionerContext (line 42) | func NewProvisionerContext(ctx context.Context, p Provisioner) context.C... FILE: scep/scep.go function init (line 12) | func init() { type FailInfoName (line 22) | type FailInfoName type FailInfo (line 28) | type FailInfo struct type PKIMessage (line 46) | type PKIMessage struct type CertRepMessage (line 68) | type CertRepMessage struct FILE: scripts/badger-migration/main.go type DB (line 54) | type DB interface type dryRunDB (line 59) | type dryRunDB struct method CreateTable (line 61) | func (*dryRunDB) CreateTable([]byte) error { return nil } method Set (line 63) | func (*dryRunDB) Set(bucket, key, value []byte) error { return nil } function usage (line 65) | func usage(fs *flag.FlagSet) { function main (line 79) | func main() { function fatal (line 198) | func fatal(format string, args ...any) { function badgerV1Open (line 204) | func badgerV1Open(dir, valueDir string) (*badgerv1.DB, error) { function badgerV2Open (line 212) | func badgerV2Open(dir, valueDir string) (*badgerv2.DB, error) { type Iterator (line 220) | type Iterator interface type Item (line 226) | type Item interface function badgerV1Iterate (line 231) | func badgerV1Iterate(db *badgerv1.DB, prefix []byte, fn func(bucket, key... function badgerV2Iterate (line 241) | func badgerV2Iterate(db *badgerv2.DB, prefix []byte, fn func(bucket, key... function badgerIterate (line 251) | func badgerIterate(it Iterator, prefix []byte, fn func(bucket, key, valu... function badgerEncode (line 288) | func badgerEncode(val []byte) ([]byte, error) { function parseBadgerEncode (line 305) | func parseBadgerEncode(bk []byte) (value, rest []byte) { function isBadgerTable (line 333) | func isBadgerTable(bk []byte) bool { function fromBadgerKey (line 342) | func fromBadgerKey(bk []byte) ([]byte, []byte, error) { FILE: server/server.go constant ServerShutdownTimeout (line 17) | ServerShutdownTimeout = 60 * time.Second type Server (line 21) | type Server struct method ListenAndServe (line 55) | func (srv *Server) ListenAndServe() error { method Serve (line 66) | func (srv *Server) Serve(ln net.Listener) error { method Shutdown (line 98) | func (srv *Server) Shutdown() error { method reloadShutdown (line 105) | func (srv *Server) reloadShutdown() error { method Reload (line 113) | func (srv *Server) Reload(ns *Server) error { method Forbidden (line 152) | func (srv *Server) Forbidden(w http.ResponseWriter) { function New (line 30) | func New(addr string, handler http.Handler, tlsConfig *tls.Config) *Serv... function newHTTPServer (line 40) | func newHTTPServer(addr string, handler http.Handler, tlsConfig *tls.Con... FILE: templates/templates.go type TemplateType (line 19) | type TemplateType constant Snippet (line 23) | Snippet TemplateType = "snippet" constant PrependLine (line 26) | PrependLine TemplateType = "prepend-line" constant File (line 28) | File TemplateType = "file" constant Directory (line 30) | Directory TemplateType = "directory" function StepFuncMap (line 40) | func StepFuncMap() template.FuncMap { type Templates (line 50) | type Templates struct method Validate (line 56) | func (t *Templates) Validate() (err error) { function LoadAll (line 80) | func LoadAll(t *Templates) (err error) { type SSHTemplates (line 99) | type SSHTemplates struct method Validate (line 105) | func (t *SSHTemplates) Validate() (err error) { type Template (line 123) | type Template struct method Validate (line 135) | func (t *Template) Validate() error { method ValidateRequiredData (line 174) | func (t *Template) ValidateRequiredData(data map[string]string) error { method Load (line 185) | func (t *Template) Load() error { method LoadBytes (line 204) | func (t *Template) LoadBytes(b []byte) error { method Render (line 216) | func (t *Template) Render(data interface{}) ([]byte, error) { method Output (line 233) | func (t *Template) Output(data interface{}) (Output, error) { method backfill (line 249) | func (t *Template) backfill(b []byte) { type Output (line 260) | type Output struct method Write (line 269) | func (o *Output) Write() error { function mkdir (line 296) | func mkdir(path string, perm os.FileMode) error { FILE: templates/templates_test.go function TestTemplates_Validate (line 18) | func TestTemplates_Validate(t *testing.T) { function TestSSHTemplates_Validate (line 57) | func TestSSHTemplates_Validate(t *testing.T) { function TestTemplate_Validate (line 103) | func TestTemplate_Validate(t *testing.T) { function TestLoadAll (line 150) | func TestLoadAll(t *testing.T) { function TestTemplate_Load (line 185) | func TestTemplate_Load(t *testing.T) { function TestTemplate_Render (line 219) | func TestTemplate_Render(t *testing.T) { function TestTemplate_Output (line 290) | func TestTemplate_Output(t *testing.T) { function TestOutput_Write (line 370) | func TestOutput_Write(t *testing.T) { function TestTemplate_ValidateRequiredData (line 430) | func TestTemplate_ValidateRequiredData(t *testing.T) { FILE: templates/values.go type Step (line 12) | type Step struct type StepSSH (line 17) | type StepSSH struct function DefaultTemplates (line 140) | func DefaultTemplates() *Templates { FILE: templates/values_test.go function TestDefaultTemplates (line 8) | func TestDefaultTemplates(t *testing.T) { FILE: test/integration/requestid_test.go function reservePort (line 37) | func reservePort(t *testing.T) (host, port string) { function Test_reflectRequestID (line 52) | func Test_reflectRequestID(t *testing.T) { function decryptPrivateKey (line 210) | func decryptPrivateKey(t *testing.T, jwe *jose.JSONWebEncryption, pass [... function generateOTT (line 222) | func generateOTT(t *testing.T, jwk *jose.JSONWebKey, subject string) str... function newAuthorizingServer (line 256) | func newAuthorizingServer(t *testing.T, mca *minica.CA) *httptest.Server { function requireCAServerToBeAvailable (line 299) | func requireCAServerToBeAvailable(t *testing.T, address string, timeout ... function canConnect (line 314) | func canConnect(ctx context.Context, address string) bool { FILE: test/integration/scep/common_test.go function newCAClient (line 44) | func newCAClient(t *testing.T, caURL, rootFilepath string) *ca.Client { function requireHealthyCA (line 54) | func requireHealthyCA(t *testing.T, caClient *ca.Client) { function reservePort (line 70) | func reservePort(t *testing.T) (host, port string) { type testCA (line 85) | type testCA struct method run (line 92) | func (t *testCA) run() error { method stop (line 96) | func (t *testCA) stop() error { function newTestCA (line 100) | func newTestCA(t *testing.T, name string) *testCA { type client (line 167) | type client struct method getCACert (line 190) | func (c *client) getCACert(t *testing.T) error { method requestCertificate (line 283) | func (c *client) requestCertificate(t *testing.T, opts ...option) (*x5... function createSCEPClient (line 173) | func createSCEPClient(t *testing.T, caURL string, root *x509.Certificate... type option (line 241) | type option type options (line 243) | type options struct function withChallenge (line 253) | func withChallenge(challenge string) option { function withTemplate (line 259) | func withTemplate(tmpl *x509.Certificate) option { function withSigner (line 265) | func withSigner(signer crypto.Signer) option { function withMessageType (line 271) | func withMessageType(messageType scep.MessageType) option { function withCertificateParser (line 277) | func withCertificateParser(certificateParser certificateParserFunc) opti... type authorityKeyID (line 426) | type authorityKeyID struct type pkcs1PublicKey (line 430) | type pkcs1PublicKey struct function createWindowsTemplate (line 435) | func createWindowsTemplate(t *testing.T, signer *rsa.PrivateKey) *x509.C... type testCAS (line 479) | type testCAS struct method CreateCertificate (line 483) | func (c *testCAS) CreateCertificate(req *apiv1.CreateCertificateReques... method RenewCertificate (line 495) | func (c *testCAS) RenewCertificate(req *apiv1.RenewCertificateRequest)... method RevokeCertificate (line 499) | func (c *testCAS) RevokeCertificate(req *apiv1.RevokeCertificateReques... method GetCertificateAuthority (line 503) | func (c *testCAS) GetCertificateAuthority(req *apiv1.GetCertificateAut... FILE: test/integration/scep/decrypter_cas_test.go function TestIssuesCertificateUsingSCEPWithDecrypterAndUpstreamCAS (line 32) | func TestIssuesCertificateUsingSCEPWithDecrypterAndUpstreamCAS(t *testin... FILE: test/integration/scep/decrypter_test.go function TestIssuesCertificateUsingSCEPWithDecrypter (line 30) | func TestIssuesCertificateUsingSCEPWithDecrypter(t *testing.T) { FILE: test/integration/scep/internal/x509/debug.go type legacyGodebugSetting (line 8) | type legacyGodebugSetting method Value (line 10) | func (s legacyGodebugSetting) Value() string { method IncNonDefault (line 14) | func (s legacyGodebugSetting) IncNonDefault() {} FILE: test/integration/scep/internal/x509/oid.go type OID (line 24) | type OID struct method AppendText (line 117) | func (o OID) AppendText(b []byte) ([]byte, error) { method MarshalText (line 122) | func (o OID) MarshalText() ([]byte, error) { method UnmarshalText (line 127) | func (o *OID) UnmarshalText(text []byte) error { method unmarshalOIDText (line 142) | func (o *OID) unmarshalOIDText(oid string) error { method AppendBinary (line 201) | func (o OID) AppendBinary(b []byte) ([]byte, error) { method MarshalBinary (line 206) | func (o OID) MarshalBinary() ([]byte, error) { method UnmarshalBinary (line 221) | func (o *OID) UnmarshalBinary(b []byte) error { method Equal (line 231) | func (oid OID) Equal(other OID) bool { method EqualASN1OID (line 273) | func (oid OID) EqualASN1OID(other asn1.ObjectIdentifier) bool { method String (line 312) | func (oid OID) String() string { function ParseOID (line 29) | func ParseOID(oid string) (OID, error) { function newOIDFromDER (line 34) | func newOIDFromDER(der []byte) (OID, bool) { function OIDFromInts (line 56) | func OIDFromInts(oid []uint64) (OID, error) { function base128IntLength (line 74) | func base128IntLength(n uint64) int { function appendBase128Int (line 81) | func appendBase128Int(dst []byte, n uint64) []byte { function base128BigIntLength (line 93) | func base128BigIntLength(n *big.Int) int { function appendBase128BigInt (line 100) | func appendBase128BigInt(dst []byte, n *big.Int) []byte { function cutString (line 135) | func cutString(s, sep string) (before, after string, found bool) { function cloneBytes (line 213) | func cloneBytes(b []byte) []byte { function parseBase128Int (line 237) | func parseBase128Int(bytes []byte, initOffset int) (ret, offset int, fai... FILE: test/integration/scep/internal/x509/parser.go function ParseCertificates (line 36) | func ParseCertificates(der []byte) ([]*stdx509.Certificate, error) { function isPrintable (line 51) | func isPrintable(b byte) bool { function parseASN1String (line 76) | func parseASN1String(tag cryptobyte_asn1.Tag, value []byte) (string, err... function parseName (line 128) | func parseName(raw cryptobyte.String) (*pkix.RDNSequence, error) { function parseAI (line 168) | func parseAI(der cryptobyte.String) (pkix.AlgorithmIdentifier, error) { function parseTime (line 186) | func parseTime(der *cryptobyte.String) (time.Time, error) { function parseValidity (line 203) | func parseValidity(der cryptobyte.String) (time.Time, time.Time, error) { function parseExtension (line 216) | func parseExtension(der cryptobyte.String) (pkix.Extension, error) { function parsePublicKey (line 234) | func parsePublicKey(keyData *publicKeyInfo) (interface{}, error) { function parseKeyUsageExtension (line 336) | func parseKeyUsageExtension(der cryptobyte.String) (stdx509.KeyUsage, er... function parseBasicConstraintsExtension (line 351) | func parseBasicConstraintsExtension(der cryptobyte.String) (bool, int, e... function forEachSAN (line 372) | func forEachSAN(der cryptobyte.String, callback func(tag int, data []byt... function parseSANExtension (line 390) | func parseSANExtension(der cryptobyte.String) (dnsNames, emailAddresses ... function parseAuthorityKeyIdentifier (line 435) | func parseAuthorityKeyIdentifier(e pkix.Extension) ([]byte, error) { function parseExtKeyUsageExtension (line 455) | func parseExtKeyUsageExtension(der cryptobyte.String) ([]stdx509.ExtKeyU... function isValidIPMask (line 496) | func isValidIPMask(mask []byte) bool { function parseNameConstraintsExtension (line 520) | func parseNameConstraintsExtension(out *stdx509.Certificate, e pkix.Exte... function processExtensions (line 680) | func processExtensions(out *stdx509.Certificate) error { function parseCertificate (line 845) | func parseCertificate(der []byte) (*stdx509.Certificate, error) { FILE: test/integration/scep/internal/x509/pkcs1.go type pkcs1PublicKey (line 12) | type pkcs1PublicKey struct FILE: test/integration/scep/internal/x509/verify.go type rfc2821Mailbox (line 16) | type rfc2821Mailbox struct function parseRFC2821Mailbox (line 24) | func parseRFC2821Mailbox(in string) (mailbox rfc2821Mailbox, ok bool) { function domainToReverseLabels (line 162) | func domainToReverseLabels(domain string) (reverseLabels []string, ok bo... FILE: test/integration/scep/internal/x509/x509.go type publicKeyInfo (line 43) | type publicKeyInfo struct type SignatureAlgorithm (line 49) | type SignatureAlgorithm method String (line 72) | func (algo SignatureAlgorithm) String() string { constant UnknownSignatureAlgorithm (line 52) | UnknownSignatureAlgorithm SignatureAlgorithm = iota constant MD2WithRSA (line 54) | MD2WithRSA constant MD5WithRSA (line 55) | MD5WithRSA constant SHA1WithRSA (line 56) | SHA1WithRSA constant SHA256WithRSA (line 57) | SHA256WithRSA constant SHA384WithRSA (line 58) | SHA384WithRSA constant SHA512WithRSA (line 59) | SHA512WithRSA constant DSAWithSHA1 (line 60) | DSAWithSHA1 constant DSAWithSHA256 (line 61) | DSAWithSHA256 constant ECDSAWithSHA1 (line 62) | ECDSAWithSHA1 constant ECDSAWithSHA256 (line 63) | ECDSAWithSHA256 constant ECDSAWithSHA384 (line 64) | ECDSAWithSHA384 constant ECDSAWithSHA512 (line 65) | ECDSAWithSHA512 constant SHA256WithRSAPSS (line 66) | SHA256WithRSAPSS constant SHA384WithRSAPSS (line 67) | SHA384WithRSAPSS constant SHA512WithRSAPSS (line 68) | SHA512WithRSAPSS constant PureEd25519 (line 69) | PureEd25519 type PublicKeyAlgorithm (line 81) | type PublicKeyAlgorithm method String (line 98) | func (algo PublicKeyAlgorithm) String() string { constant UnknownPublicKeyAlgorithm (line 84) | UnknownPublicKeyAlgorithm PublicKeyAlgorithm = iota constant RSA (line 85) | RSA constant DSA (line 86) | DSA constant ECDSA (line 87) | ECDSA constant Ed25519 (line 88) | Ed25519 type pssParameters (line 224) | type pssParameters struct function getSignatureAlgorithmFromAI (line 234) | func getSignatureAlgorithmFromAI(ai pkix.AlgorithmIdentifier) stdx509.Si... function getPublicKeyAlgorithmFromOID (line 318) | func getPublicKeyAlgorithmFromOID(oid asn1.ObjectIdentifier) stdx509.Pub... function namedCurveFromOID (line 355) | func namedCurveFromOID(oid asn1.ObjectIdentifier) elliptic.Curve { type KeyUsage (line 371) | type KeyUsage constant KeyUsageDigitalSignature (line 374) | KeyUsageDigitalSignature KeyUsage = 1 << iota constant KeyUsageContentCommitment (line 375) | KeyUsageContentCommitment constant KeyUsageKeyEncipherment (line 376) | KeyUsageKeyEncipherment constant KeyUsageDataEncipherment (line 377) | KeyUsageDataEncipherment constant KeyUsageKeyAgreement (line 378) | KeyUsageKeyAgreement constant KeyUsageCertSign (line 379) | KeyUsageCertSign constant KeyUsageCRLSign (line 380) | KeyUsageCRLSign constant KeyUsageEncipherOnly (line 381) | KeyUsageEncipherOnly constant KeyUsageDecipherOnly (line 382) | KeyUsageDecipherOnly type ExtKeyUsage (line 416) | type ExtKeyUsage constant ExtKeyUsageAny (line 419) | ExtKeyUsageAny ExtKeyUsage = iota constant ExtKeyUsageServerAuth (line 420) | ExtKeyUsageServerAuth constant ExtKeyUsageClientAuth (line 421) | ExtKeyUsageClientAuth constant ExtKeyUsageCodeSigning (line 422) | ExtKeyUsageCodeSigning constant ExtKeyUsageEmailProtection (line 423) | ExtKeyUsageEmailProtection constant ExtKeyUsageIPSECEndSystem (line 424) | ExtKeyUsageIPSECEndSystem constant ExtKeyUsageIPSECTunnel (line 425) | ExtKeyUsageIPSECTunnel constant ExtKeyUsageIPSECUser (line 426) | ExtKeyUsageIPSECUser constant ExtKeyUsageTimeStamping (line 427) | ExtKeyUsageTimeStamping constant ExtKeyUsageOCSPSigning (line 428) | ExtKeyUsageOCSPSigning constant ExtKeyUsageMicrosoftServerGatedCrypto (line 429) | ExtKeyUsageMicrosoftServerGatedCrypto constant ExtKeyUsageNetscapeServerGatedCrypto (line 430) | ExtKeyUsageNetscapeServerGatedCrypto constant ExtKeyUsageMicrosoftCommercialCodeSigning (line 431) | ExtKeyUsageMicrosoftCommercialCodeSigning constant ExtKeyUsageMicrosoftKernelCodeSigning (line 432) | ExtKeyUsageMicrosoftKernelCodeSigning function extKeyUsageFromOID (line 456) | func extKeyUsageFromOID(oid asn1.ObjectIdentifier) (eku ExtKeyUsage, ok ... constant nameTypeEmail (line 466) | nameTypeEmail = 1 constant nameTypeDNS (line 467) | nameTypeDNS = 2 constant nameTypeURI (line 468) | nameTypeURI = 6 constant nameTypeIP (line 469) | nameTypeIP = 7 function isIA5String (line 481) | func isIA5String(s string) error { FILE: test/integration/scep/regular_cas_test.go function TestFailsIssuingCertificateUsingRegularSCEPWithUpstreamCAS (line 27) | func TestFailsIssuingCertificateUsingRegularSCEPWithUpstreamCAS(t *testi... FILE: test/integration/scep/regular_test.go function TestIssuesCertificateUsingRegularSCEPConfiguration (line 14) | func TestIssuesCertificateUsingRegularSCEPConfiguration(t *testing.T) { function TestBlocksCertificateRequestUsingInvalidChallenge (line 45) | func TestBlocksCertificateRequestUsingInvalidChallenge(t *testing.T) { function TestBlocksUnsupportedMessageType (line 73) | func TestBlocksUnsupportedMessageType(t *testing.T) { FILE: test/integration/scep/windows_go1.23_test.go function legacyCertificateParser (line 20) | func legacyCertificateParser(der []byte) (*x509.Certificate, error) { function TestIssuesCertificateToEmulatedWindowsClientGo123 (line 29) | func TestIssuesCertificateToEmulatedWindowsClientGo123(t *testing.T) { FILE: test/integration/scep/windows_test.go function TestIssuesCertificateToEmulatedWindowsClient (line 16) | func TestIssuesCertificateToEmulatedWindowsClient(t *testing.T) { FILE: webhook/options.go type RequestBodyOption (line 11) | type RequestBodyOption function NewRequestBody (line 13) | func NewRequestBody(options ...RequestBodyOption) (*RequestBody, error) { function WithX509CertificateRequest (line 25) | func WithX509CertificateRequest(cr *x509.CertificateRequest) RequestBody... function WithX509Certificate (line 44) | func WithX509Certificate(cert *x509util.Certificate, leaf *x509.Certific... function WithAttestationData (line 64) | func WithAttestationData(data *AttestationData) RequestBodyOption { function WithAuthorizationPrincipal (line 71) | func WithAuthorizationPrincipal(p string) RequestBodyOption { function WithSSHCertificateRequest (line 78) | func WithSSHCertificateRequest(cr sshutil.CertificateRequest) RequestBod... function WithSSHCertificate (line 92) | func WithSSHCertificate(cert *sshutil.Certificate, certTpl *ssh.Certific... function WithX5CCertificate (line 106) | func WithX5CCertificate(leaf *x509.Certificate) RequestBodyOption { FILE: webhook/options_test.go function TestNewRequestBody (line 16) | func TestNewRequestBody(t *testing.T) { FILE: webhook/types.go type ResponseBody (line 12) | type ResponseBody struct type Error (line 19) | type Error struct method Error (line 24) | func (e *Error) Error() string { type X509CertificateRequest (line 30) | type X509CertificateRequest struct type X509Certificate (line 39) | type X509Certificate struct type SSHCertificateRequest (line 50) | type SSHCertificateRequest struct type SSHCertificate (line 59) | type SSHCertificate struct type AttestationData (line 68) | type AttestationData struct type X5CCertificate (line 75) | type X5CCertificate struct type RequestBody (line 84) | type RequestBody struct