Documentation ¶
Overview ¶
Package config contains the configuration logic for CF-SSL.
Index ¶
Constants ¶
This section is empty.
Variables ¶
var ExtKeyUsage = map[string]x509.ExtKeyUsage{ "any": x509.ExtKeyUsageAny, "server auth": x509.ExtKeyUsageServerAuth, "client auth": x509.ExtKeyUsageClientAuth, "code signing": x509.ExtKeyUsageCodeSigning, "email protection": x509.ExtKeyUsageEmailProtection, "s/mime": x509.ExtKeyUsageEmailProtection, "ipsec end system": x509.ExtKeyUsageIPSECEndSystem, "ipsec tunnel": x509.ExtKeyUsageIPSECTunnel, "ipsec user": x509.ExtKeyUsageIPSECUser, "timestamping": x509.ExtKeyUsageTimeStamping, "ocsp signing": x509.ExtKeyUsageOCSPSigning, "microsoft sgc": x509.ExtKeyUsageMicrosoftServerGatedCrypto, "netscape sgc": x509.ExtKeyUsageNetscapeServerGatedCrypto, }
ExtKeyUsage contains a mapping of string names to extended key usages.
var KeyUsage = map[string]x509.KeyUsage{ "signing": x509.KeyUsageDigitalSignature, "digital signature": x509.KeyUsageDigitalSignature, "content committment": x509.KeyUsageContentCommitment, "key encipherment": x509.KeyUsageKeyEncipherment, "data encipherment": x509.KeyUsageDataEncipherment, "cert sign": x509.KeyUsageCertSign, "crl sign": x509.KeyUsageCRLSign, "encipher only": x509.KeyUsageEncipherOnly, "decipher only": x509.KeyUsageDecipherOnly, }
KeyUsage contains a mapping of string names to key usages.
Functions ¶
This section is empty.
Types ¶
type AuthKey ¶
type AuthKey struct { // Type contains information needed to select the appropriate // constructor. For example, "standard" for HMAC-SHA-256, // "standard-ip" for HMAC-SHA-256 incorporating the client's // IP. Type string `json:"type"` // Key contains the key information, such as a hex-encoded // HMAC key. Key string `json:"key"` }
An AuthKey contains an entry for a key used for authentication.
type Config ¶
type Config struct { Signing *Signing `json:"signing"` AuthKeys map[string]AuthKey `json:"auth_keys,omitempty"` Remotes map[string]string `json:"remotes,omitempty"` }
Config stores configuration information for the CA.
func LoadConfig ¶
LoadConfig attempts to load the configuration from a byte slice. On error, it returns nil.
type Signing ¶
type Signing struct { Profiles map[string]*SigningProfile `json:"profiles"` Default *SigningProfile `json:"default"` }
Signing codifies the signature configuration policy for a CA.
func (*Signing) NeedsLocalSigner ¶
NeedsLocalSigner returns true if one of the profiles doe not have a remote set
func (*Signing) NeedsRemoteSigner ¶
NeedsRemoteSigner returns true if one of the profiles has a remote set
func (*Signing) OverrideRemotes ¶
OverrideRemotes takes a signing configuration and updates the remote server object to the hostname:port combination sent by remote
type SigningProfile ¶
type SigningProfile struct { Usage []string `json:"usages"` IssuerURL []string `json:"issuer_urls"` OCSP string `json:"ocsp_url"` CRL string `json:"crl_url"` CA bool `json:"is_ca"` ExpiryString string `json:"expiry"` AuthKeyName string `json:"auth_key"` RemoteName string `json:"remote"` Expiry time.Duration Provider auth.Provider }
A SigningProfile stores information that the CA needs to store signature policy.
func DefaultConfig ¶
func DefaultConfig() *SigningProfile
DefaultConfig returns a default configuration specifying basic key usage and a 1 year expiration time. The key usages chosen are signing, key encipherment, client auth and server auth.
func (*SigningProfile) Usages ¶
func (p *SigningProfile) Usages() (ku x509.KeyUsage, eku []x509.ExtKeyUsage, unk []string)
Usages parses the list of key uses in the profile, translating them to a list of X.509 key usages and extended key usages. The unknown uses are collected into a slice that is also returned.