Documentation
¶
Overview ¶
Package tinyca implements a Certificate Authority that issues certificates for client authentication.
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func CACertTemplate ¶ added in v1.16.9
func ParseValidity ¶ added in v1.16.9
ParseValidity parses the notBefore and notAfter strings into time.Time values. The notBefore and notAfter strings can be in RFC3339 format, or a duration from the current time. Durations are prefixed with either '+' or '-'. If notBefore is empty, it defaults to the current time. If notAfter is empty, it defaults to one hour from the current time. If notBefore is "now", it is set to the current time. The minimum validity period is one minute.
func TLSClientCertTemplate ¶ added in v1.16.9
func TLSClientCertTemplate(nb, na time.Time) *x509.Certificate
Types ¶
type CA ¶
type CA struct {
// contains filtered or unexported fields
}
CA is a simple Certificate Authority. The only supported operation is to issue client certificates. Client certificates are signed by the configured root certificate and private key.
func New ¶
func New(cert *bifrost.Certificate, key *bifrost.PrivateKey) (*CA, error)
New returns a new CA. The CA issues certificates for the given namespace.
func (CA) IssueCertificate ¶
IssueCertificate issues a client certificate for a certificate request. The certificate is issued with the Subject Common Name set to the UUID of the client public key and the Subject Organization set to the identity namespace UUID.
func (CA) ServeHTTP ¶
func (ca CA) ServeHTTP(w http.ResponseWriter, r *http.Request)
ServeHTTP issues a certificate if a valid certificate request is read from the request.
Requests carrying a content-type of "text/plain" should have a PEM encoded certificate request. Requests carrying a content-type of "application/octet-stream" should submit the ASN.1 DER encoded form instead.
Source Files