goca

package module

v1.0.4 Latest Latest Go to latest Published: Dec 13, 2022 License: MIT Imports: 11 Imported by: 6

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/disaster37/goca

Links

Open Source Insights

README ¶

Go Certificate Authority management package

GocA provides a Certificate Authority (CA) framework managing, a Simple PKI.

GoCA is a framework that uses mainly crypto/x509 to manage Certificate Authorities.

Using GoCA makes it easy to create a CA and issue certificates, signing Certificates Signing Request (CSR), and revoke certificate generating Certificates Request List (CRL).

Content:

GoCA Docker Container
GoCA Package
GoCA HTTP REST API package

GoCA Package

go get http://github.com/kairoaraujo/goca

All files are store in the $CAPATH. The $CAPATH is an environment variable that defines where all files (keys, certificates, etc.) are stored. It is essential to have this folder in a safe place.

$CPATH structure:


$CPATH
├── <CA Common Name>
    ├── ca
    │   ├── <CA Common Name>.crl
    │   ├── <CA Common Name>.crt
    │   ├── key.pem
    │   └── key.pub
    └── certs
        └── <Certificate Common Name>
            ├── <Certificate Common Name>.crt
            ├── <Certificate Common Name>.csr
            ├── key.pem
            └── key.pub

GoCA also make it easier to manipulate files such as Private and Public Keys, Certificate Signing Request, Certificate Request Lists, and Certificates for other Go applications.

This example shows

Creating a Certificate Authority (Root) or Loading if it already exists
Issue a new Certificate
Shows the certificate


// Define the GOCAPTH (Default is current dir)
os.Setenv("CAPATH", "/opt/GoCA/CA")

// RootCAIdentity for creation
rootCAIdentity := goca.Identity{
    Organization:       "GO CA Root Company Inc.",
    OrganizationalUnit: "Certificates Management",
    Country:            "NL",
    Locality:           "Noord-Brabant",
    Province:           "Veldhoven",
    Intermediate:       false,
}

// (1) Create the New Root CA or loads existent from disk ($CAPATH)
RootCA, err := goca.New("mycompany.com", rootCAIdentity)
if err != nil {
    // Loads in case it exists
    fmt.Println("Loading CA")
    RootCA, err = goca.Load("gocaroot.nl")
    if err != nil {
        log.Fatal(err)
    }

    // Check the CA status and shows the CA Certificate
    fmt.Println(RootCA.Status())
    fmt.Println(RootCA.GetCertificate())

} else {
    log.Fatal(err)
}

// (2) Issue certificate for example intranet server
intranetIdentity := goca.Identity{
    Organization:       "Intranet Company Inc.",
    OrganizationalUnit: "Global Intranet",
    Country:            "NL",
    Locality:           "Noord-Brabant",
    Province:           "Veldhoven",
    Intermediate:       false,
    DNSNames:           []string{"w3.intranet.example.com", "www.intranet.example.com"},
}

intranetCert, err := RootCA.IssueCertificate("intranet.example.com", intranetIdentity)
if err != nil {
    log.Fatal(err)
}

// (3) Shows the Certificate (string)
fmt.Println(intranetCert.GetCertificate())

// Shows all CA Certificates
fmt.Println(RootCA.ListCertificates())

GoCA HTTP REST API

GoCA also provides an implementation using HTTP REST API.

This is available in rest-api folder.

GoCA Docker Container

GoCA Docker ready to use HTTP Rest API that uses mainly crypto/x509 to manage Certificate Authorities and Certificates such as a simple PKI Service.

The API Documentation is online available at http://kairoaraujo.github.io/goca/.

Documentation ¶

Overview ¶

Package goca provides Certificate Authority (CA) framework managing

GoCA is an API Framework that uses mainly crypto/x509 to manage Certificate Authorities.

Using GoCA makes easy to create a CA and issue certificates, signing Certificates Signing Request (CSR) and revoke certificate generating Certificates Request List (CRL).

All files are stored in the “$CAPATH“. The “$CAPATH“ is an environment variable the defines were all files (keys, certificates, etc) will be stored. It is importante to have this folder in a safety place.

GoCA also make easier manipulate files such as Private and Public Keys, Certificate Signing Request, Certificate Request Lists and Certificates for other Go applications.

Index ¶

Variables
func GeneratePkcs12(certificate *Certificate, passphrase string, otherCaCerts ...*x509.Certificate) (pfxData []byte, err error)
type CA
- func New(commonName string, identity Identity) (ca *CA, err error)
- func NewCA(commonName string, parentCertificate *x509.Certificate, ...) (ca *CA, err error)
type CAData
type Certificate
type Identity

Constants ¶

This section is empty.

Variables ¶

View Source

var ErrCAMissingInfo = errors.New("all CA details ('Organization', 'Organizational Unit', 'Country', 'Locality', 'Province') are required")

ErrCAMissingInfo means that all information goca.Information{} is required

View Source

var ErrCertRevoked = errors.New("the requested Certificate is already revoked")

ErrCertRevoked means that certificate was not found in $CAPATH to be loaded.

View Source

var ErrParentCommonNameNotSpecified = errors.New("parent common name is empty when creating an intermediate CA certificate")

Functions ¶

func GeneratePkcs12 ¶ added in v1.0.3

func GeneratePkcs12(certificate *Certificate, passphrase string, otherCaCerts ...*x509.Certificate) (pfxData []byte, err error)

Types ¶

type CA ¶

type CA struct {
	CommonName string // Certificate Authority Common Name
	Data       CAData // Certificate Authority Data (CAData{})
}

CA represents the basic CA data

func New ¶

func New(commonName string, identity Identity) (ca *CA, err error)

New creat new Certificate Authority

func NewCA ¶

func NewCA(commonName string, parentCertificate *x509.Certificate, parentPrivateKey *rsa.PrivateKey, identity Identity) (ca *CA, err error)

New create a new Certificate Authority

func (*CA) GetCRL ¶

func (c *CA) GetCRL() string

GetCRL returns Certificate Revocation List as x509 CRL string

func (*CA) GetCertificate ¶

func (c *CA) GetCertificate() string

GetCertificate returns Certificate Authority Certificate as string

func (*CA) GetPrivateKey ¶

func (c *CA) GetPrivateKey() string

GetPrivateKey returns the Private Key as string

func (*CA) GetPublicKey ¶

func (c *CA) GetPublicKey() string

GetPublicKey returns the PublicKey as string

func (*CA) GoCRL ¶

func (c *CA) GoCRL() *pkix.CertificateList

GoCRL returns Certificate Revocation List as Go bytes *pkix.CertificateList

func (*CA) GoCertificate ¶

func (c *CA) GoCertificate() *x509.Certificate

GoCertificate returns Certificate Authority Certificate as Go bytes *x509.Certificate

func (*CA) GoPrivateKey ¶

func (c *CA) GoPrivateKey() *rsa.PrivateKey

GoPrivateKey returns the Private Key as Go bytes rsa.PrivateKey

func (*CA) GoPublicKey ¶

func (c *CA) GoPublicKey() *rsa.PublicKey

GoPublicKey returns the Public Key as Go bytes rsa.PublicKey

func (*CA) IsIntermediate ¶

func (c *CA) IsIntermediate() bool

IsIntermediate returns if the CA is Intermediate CA (true)

func (*CA) IssueCertificate ¶

func (c *CA) IssueCertificate(commonName string, id Identity) (certificate *Certificate, err error)

IssueCertificate creates a new certificate

It is import create an Identity{} with Certificate Client/Server information.

func (*CA) LoadCA ¶

func (c *CA) LoadCA(privateKeyPem []byte, publicKeyPem []byte, certPem []byte, crlPem []byte) error

loadCA permti to load existing CA

func (*CA) RevokeCertificate ¶

func (c *CA) RevokeCertificate(certificate *x509.Certificate) error

RevokeCertificate revokes a certificate managed by the Certificate Authority

func (*CA) SignCSR ¶

func (c *CA) SignCSR(csr *x509.CertificateRequest, valid int) (certificate *Certificate, err error)

SignCSR perform a creation of certificate from a CSR (x509.CertificateRequest) and returns *x509.Certificate

func (*CA) Status ¶

func (c *CA) Status() string

Status get details about Certificate Authority status.

type CAData ¶

type CAData struct {
	CRL         string `json:"crl" example:"-----BEGIN X509 CRL-----...-----END X509 CRL-----\n"`               // Revocation List string
	Certificate string `json:"certificate" example:"-----BEGIN CERTIFICATE-----...-----END CERTIFICATE-----\n"` // Certificate string
	//CSR            string `json:"csr" example:"-----BEGIN CERTIFICATE REQUEST-----...-----END CERTIFICATE REQUEST-----\n"` // Certificate Signing Request string
	PrivateKey string `json:"private_key" example:"-----BEGIN PRIVATE KEY-----...-----END PRIVATE KEY-----\n"` // Private Key string
	PublicKey  string `json:"public_key" example:"-----BEGIN PUBLIC KEY-----...-----END PUBLIC KEY-----\n"`    // Public Key string

	IsIntermediate bool
	// contains filtered or unexported fields
}

A CAData represents all the Certificate Authority Data as RSA Keys, CRS, CRL, Certificates etc

type Certificate ¶

type Certificate struct {
	Certificate   string `json:"certificate" example:"-----BEGIN CERTIFICATE-----...-----END CERTIFICATE-----\n"`             // Certificate certificate string
	CSR           string `json:"csr" example:"-----BEGIN CERTIFICATE REQUEST-----...-----END CERTIFICATE REQUEST-----\n"`     // Certificate Signing Request string
	RsaPrivateKey string `json:"rsa_private_key" example:"-----BEGIN RSA PRIVATE KEY-----...-----END RSA PRIVATE KEY-----\n"` // Certificate Private Key string
	PrivateKey    string `json:"private_key" example:"-----BEGIN PRIVATE KEY-----...-----END PRIVATE KEY-----\n"`             // Certificate Private Key string
	PublicKey     string `json:"public_key" example:"-----BEGIN PUBLIC KEY-----...-----END PUBLIC KEY-----\n"`                // Certificate Public Key string
	CACertificate string `json:"ca_certificate" example:"-----BEGIN CERTIFICATE-----...-----END CERTIFICATE-----\n"`          // CA Certificate as string
	// contains filtered or unexported fields
}

Certificate represents a Certificate data

func (*Certificate) GetCACertificate ¶

func (c *Certificate) GetCACertificate() string

GetCACertificate returns the certificate as string.

func (*Certificate) GetCSR ¶

func (c *Certificate) GetCSR() string

GetCSR returns the certificate as string.

func (*Certificate) GetCertificate ¶

func (c *Certificate) GetCertificate() string

GetCertificate returns the certificate as string.

func (*Certificate) GoCACertificate ¶

func (c *Certificate) GoCACertificate() *x509.Certificate

GoCACertificate returns the certificate *x509.Certificate.

func (*Certificate) GoCSR ¶

func (c *Certificate) GoCSR() *x509.CertificateRequest

GoCSR returns the certificate as Go x509.Certificate.

func (*Certificate) GoCert ¶

func (c *Certificate) GoCert() *x509.Certificate

GoCert returns the certificate as Go x509.Certificate.

type Identity ¶

type Identity struct {
	Organization       string   `json:"organization" example:"Company"`                         // Organization name
	OrganizationalUnit string   `json:"organization_unit" example:"Security Management"`        // Organizational Unit name
	Country            string   `json:"country" example:"NL"`                                   // Country (two letters)
	Locality           string   `json:"locality" example:"Noord-Brabant"`                       // Locality name
	Province           string   `json:"province" example:"Veldhoven"`                           // Province name
	EmailAddresses     string   `json:"email" example:"sec@company.com"`                        // Email Address
	DNSNames           []string `json:"dns_names" example:"ca.example.com,root-ca.example.com"` // DNS Names list
	IPAddresses        []net.IP `json:"ip_addresses" example:"10.0.0.1,10.0.0.1"`               // IP addresses list
	Intermediate       bool     `json:"intermediate" example:"false"`                           // Intermendiate Certificate Authority (default is false)
	KeyBitSize         int      `json:"key_size" example:"2048"`                                // Key Bit Size (defaul: 2048)
	Valid              int      `json:"valid" example:"365"`                                    // Minimum 1 day, maximum 825 days -- Default: 397
}

A Identity represents the Certificate Authority Identity Information

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
cert Package cert provides RSA Key API management for crypto/x509 certificates.	Package cert provides RSA Key API management for crypto/x509 certificates.
key Package key provides RSA Key API management for crypto/x509/rsa.	Package key provides RSA Key API management for crypto/x509/rsa.

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL