TrueCloudLab/certificates
17
0
Fork 2
Code Issues 1 Pull requests 1 Releases Activity Actions

Add missing comments.

Browse source
This commit is contained in:
Mariano Cano 2022-01-05 10:54:09 -08:00
parent 6600f1253e
commit f49a4b326f
1 changed files with 10 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
authority/provisioner/nebula.go
View file

@ -23,6 +23,15 @@ const (
NebulaCertHeader jose.HeaderKey = "nbc" NebulaCertHeader jose.HeaderKey = "nbc"
) )
// Nebula is a provisioner that verifies tokens signed using nebula private
// keys. The tokens embed a header parameter with the certificate that can be
// used to verify the signature. Those certificates are verified using the
// Nebula CAs encoded in Roots. The process is similar to X5C or SSHPOP tokens.
//
// Because of Nebula "leaf" certificates use X25519 keys, the tokens are signed
// using XEd25519 defined at
// https://signal.org/docs/specifications/xeddsa/#xeddsa and implemented by
// go.step.sm/crypto/x25519.
type Nebula struct { type Nebula struct {
ID string `json:"-"` ID string `json:"-"`
Type string `json:"type"` Type string `json:"type"`
@ -35,6 +44,7 @@ type Nebula struct {
audiences Audiences audiences Audiences
} }
// Init verifies and initializes the nebula provisioner.
func (p *Nebula) Init(config Config) error { func (p *Nebula) Init(config Config) error {
switch { switch {
case p.Type == "": case p.Type == "":