README
¶
Talisman
Go library for managing TLS certificates. Currently, only a self-signed certificate implementation exists.
Example
An example of using the certificate generator and manager is shown in the following example.
Instantiate the generator and manager:
// self-signed certificate generator
certGen := security.SelfSignedCertificateGenerator{
CertificateBasePath: "./certs",
CertificateValidity: 5 * 365 * 25 * time.Hour,
}
// certificate manager
certMan := security.DefaultCertificateManager{
CertificateBasePath: "./certs",
}
These are then used together to generate new and inspect existing certificates.
...
keyPath := ""
certPath := ""
generateResponse, err := certGen.Generate(security.GenerateRequest{
CommonName: host,
AdminEmail: "admin@" + host,
})
if err != nil {
switch err.(type) {
case security.CertificateExistsErr:
inspectResponse, err := certMan.Inspect(security.InspectRequest{CommonName: host})
if err != nil {
log.Error("could not load certificates:", err)
os.Exit(1)
}
// check expiry and decide if renewal is necessary
if inspectResponse.Expiry.Before(time.Now()) || inspectResponse.Expiry.Equal(time.Now()) {
log.Debug("certificate for", host, "has expired")
} else if inspectResponse.Expiry.After(time.Now().Add(-7*24*time.Hour)) &&
inspectResponse.Expiry.Before(time.Now()) {
log.Debug("certificate for", host, "is expiring soon")
}
keyPath = inspectResponse.KeyPath
certPath = inspectResponse.CertPath
default:
log.Error("could not generate certs:", err)
os.Exit(1)
}
} else {
keyPath = generateResponse.KeyPath
certPath = generateResponse.CertPath
}
// load the PEM encoded public and private key into a X.509 encoded certificate
cert, err := tls.LoadX509KeyPair(certPath, keyPath)
if err != nil {
log.Debug(err)
os.Exit(1)
}
// this can then be used in a TLS configuration for a TCP or HTTP server, for example.
tlsConfig.Certificates = append(tlsConfig.Certificates, cert)
...
Documentation
¶
Index ¶
- Variables
- func DebugVerbose(msg interface{})
- func QuickGenerateCerts(conf *QuickGenerateConfig) (*tls.Certificate, error)
- type AlgorithmType
- type CertificateDoesNotExistErr
- type CertificateExistsErr
- type CertificateGenerator
- type CertificateManager
- type DefaultCertificateManager
- type GenerateRequest
- type GenerateResponse
- type InspectRequest
- type InspectResponse
- type InvalidKeySizeError
- type KeyDoesNotExistErr
- type KeyExistsErr
- type KeyTypeNotSupportedErr
- type QuickGenerateConfig
- type RenewRequest
- type RenewResponse
- type RevokeRequest
- type RevokeResponse
- type SelfSignedCertificateGenerator
Constants ¶
This section is empty.
Variables ¶
View Source
var Verbose bool
Functions ¶
func DebugVerbose ¶ added in v0.3.0
func DebugVerbose(msg interface{})
func QuickGenerateCerts ¶
func QuickGenerateCerts(conf *QuickGenerateConfig) (*tls.Certificate, error)
QuickGenerateCerts utilises the self-signed certificate generator and certificate manager to generate TLS certificates and check whether they already exist, or whether they expired. This method uses a default certs directory and an expiry of 180 days.
Types ¶
type AlgorithmType ¶ added in v0.2.0
type AlgorithmType string
const ECDSA AlgorithmType = "ECDSA"
const RSA AlgorithmType = "RSA"
type CertificateDoesNotExistErr ¶
type CertificateDoesNotExistErr struct {
CommonName string
}
func (CertificateDoesNotExistErr) Error ¶
func (e CertificateDoesNotExistErr) Error() string
type CertificateExistsErr ¶
type CertificateExistsErr struct {
CommonName string
}
func (CertificateExistsErr) Error ¶
func (e CertificateExistsErr) Error() string
type CertificateGenerator ¶
type CertificateGenerator interface {
Generate(GenerateRequest) (*GenerateResponse, error)
Revoke(RevokeRequest) (*RevokeResponse, error)
Renew(RenewRequest) (*RenewResponse, error)
}
type CertificateManager ¶
type CertificateManager interface {
Inspect(InspectRequest) (*InspectResponse, error)
}
type DefaultCertificateManager ¶
type DefaultCertificateManager struct {
CertificateBasePath string
}
func (DefaultCertificateManager) Inspect ¶
func (c DefaultCertificateManager) Inspect(request InspectRequest) (*InspectResponse, error)
type GenerateRequest ¶
type GenerateRequest struct {
CommonName string
AdminEmail string
Algorithm AlgorithmType
KeySize int
}
type GenerateResponse ¶
type InspectRequest ¶
type InspectRequest struct {
CommonName string
}
type InspectResponse ¶
type InvalidKeySizeError ¶ added in v0.3.0
type InvalidKeySizeError struct {
}
func (InvalidKeySizeError) Error ¶ added in v0.3.0
func (e InvalidKeySizeError) Error() string
type KeyDoesNotExistErr ¶
type KeyDoesNotExistErr struct {
CommonName string
}
func (KeyDoesNotExistErr) Error ¶
func (e KeyDoesNotExistErr) Error() string
type KeyExistsErr ¶
type KeyExistsErr struct {
CommonName string
}
func (KeyExistsErr) Error ¶
func (e KeyExistsErr) Error() string
type KeyTypeNotSupportedErr ¶
type KeyTypeNotSupportedErr struct {
Type string
}
func (KeyTypeNotSupportedErr) Error ¶
func (e KeyTypeNotSupportedErr) Error() string
type QuickGenerateConfig ¶
type RenewRequest ¶
type RenewRequest struct {
CommonName string
}
type RenewResponse ¶
type RenewResponse struct {
}
type RevokeRequest ¶
type RevokeRequest struct {
CommonName string
}
type RevokeResponse ¶
type RevokeResponse struct {
}
type SelfSignedCertificateGenerator ¶
type SelfSignedCertificateGenerator struct {
CertificateBasePath string
CertificateValidity time.Duration
}
func (SelfSignedCertificateGenerator) Generate ¶
func (c SelfSignedCertificateGenerator) Generate(request GenerateRequest) (*GenerateResponse, error)
func (SelfSignedCertificateGenerator) Renew ¶
func (c SelfSignedCertificateGenerator) Renew(RenewRequest) (*RenewResponse, error)
func (SelfSignedCertificateGenerator) Revoke ¶
func (c SelfSignedCertificateGenerator) Revoke(RevokeRequest) (*RevokeResponse, error)
Source Files
Click to show internal directories.
Click to hide internal directories.