ca

package

v0.0.0-...-48496ca Latest Latest Go to latest Published: Aug 16, 2018 License: MIT Imports: 21 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/ericyan/lorica

Links

Open Source Insights

Documentation ¶

Index ¶

Variables
type CertificationAuthority
- func Init(cfg *Config, caFile string, kp KeyProvider) (*CertificationAuthority, error)
- func Open(caFile string, kp KeyProvider) (*CertificationAuthority, error)
type Config
- func LoadConfig(data []byte) (*Config, error)
- func (cfg *Config) CertificateRequest() *csr.CertificateRequest
- func (cfg *Config) Signing() (*config.Signing, error)
type KeyProvider
type StorageProvider

Constants ¶

This section is empty.

Variables ¶

View Source

var DefaultConfig = &Config{
	KeyRequest:   &csr.BasicKeyRequest{"rsa", 4096},
	Usage:        []string{"cert sign", "crl sign"},
	ExpiryString: "43800h",
}

DefaultConfig defines the default configuration for a CA.

Functions ¶

This section is empty.

Types ¶

type CertificationAuthority ¶

type CertificationAuthority struct {
	// contains filtered or unexported fields
}

CertificationAuthority represents a certification authority.

func Init ¶

func Init(cfg *Config, caFile string, kp KeyProvider) (*CertificationAuthority, error)

Init creates a CA with given config.

func Open ¶

func Open(caFile string, kp KeyProvider) (*CertificationAuthority, error)

Open opens an existing CA.

func (*CertificationAuthority) CRL ¶

func (ca *CertificationAuthority) CRL(ttl time.Duration) ([]byte, error)

CRL returns a DER-encoded Certificate Revocation List, signed by the CA.

func (*CertificationAuthority) Certificate ¶

func (ca *CertificationAuthority) Certificate() (*x509.Certificate, error)

Certificate returns the certificate of the CA.

func (*CertificationAuthority) CertificatePEM ¶

func (ca *CertificationAuthority) CertificatePEM() ([]byte, error)

Certificate returns the certificate of the CA in PEM encoding.

func (*CertificationAuthority) CertificateRequest ¶

func (ca *CertificationAuthority) CertificateRequest() (*x509.CertificateRequest, error)

CertificateRequest returns the certificate signing request of the CA.

func (*CertificationAuthority) CertificateRequestPEM ¶

func (ca *CertificationAuthority) CertificateRequestPEM() ([]byte, error)

CertificateRequestPEM returns the certificate signing request of the CA in PEM encoding.

func (*CertificationAuthority) ImportCertificate ¶

func (ca *CertificationAuthority) ImportCertificate(certPEM []byte) error

ImportCertificate imports the given certificate if the CA does not have one.

func (*CertificationAuthority) Issue ¶

func (ca *CertificationAuthority) Issue(csrPEM []byte, exts ...signer.Extension) ([]byte, error)

Issue signs a PEM-encoded CSR and returns the certificate in PEM.

func (*CertificationAuthority) KeyID ¶

func (ca *CertificationAuthority) KeyID() ([]byte, error)

KeyID returns the identifier of the signing key, which will also be the Authority Key Identifier (AKI) for issued certificates.

func (*CertificationAuthority) Policy ¶

func (ca *CertificationAuthority) Policy() (*config.Signing, error)

Policy returns the signing policy of the CA.

func (*CertificationAuthority) PublicKey ¶

func (ca *CertificationAuthority) PublicKey() (crypto.PublicKey, error)

PublicKey returns the public key from the CA certificate or CSR.

func (*CertificationAuthority) Revoke ¶

func (ca *CertificationAuthority) Revoke(serial string, reasonCode int) error

Revoke marks the certificate identified by its serial number revoked. The reasonCode is defined in RFC 5280 5.3.1.

func (*CertificationAuthority) SetPolicy ¶

func (ca *CertificationAuthority) SetPolicy(policy *config.Signing) error

SetPolicy sets the signing policy of the CA.

type Config ¶

type Config struct {
	CN         string
	Name       csr.Name             `json:"name"`
	KeyRequest *csr.BasicKeyRequest `json:"key"`

	Usage             []string            `json:"usages"`
	CRL               string              `json:"crl_url"`
	ExpiryString      string              `json:"expiry"`
	CAConstraint      config.CAConstraint `json:"ca_constraint"`
	AllowedExtensions []config.OID        `json:"allowed_extensions"`

	SelfSign bool `json:"self_sign"`
}

Config stores configuration information for the CA.

func LoadConfig ¶

func LoadConfig(data []byte) (*Config, error)

LoadConfig attempts to load the configuration from a byte slice. On error, it returns nil.

func (*Config) CertificateRequest ¶

func (cfg *Config) CertificateRequest() *csr.CertificateRequest

CertificateRequest returns a CFSSL certificate request for the CA.

func (*Config) Signing ¶

func (cfg *Config) Signing() (*config.Signing, error)

Signing returns a CFSSL signing policy derived from the Config.

type KeyProvider ¶

type KeyProvider interface {
	GenerateKeyPair(label string, algo string, size int) (crypto.Signer, error)
	FindKeyPair(key crypto.PublicKey) (crypto.Signer, error)
}

type StorageProvider ¶

type StorageProvider interface {
	GetMetadata(key []byte) ([]byte, error)
	SetMetadata(key, value []byte) error
	Accessor() certdb.Accessor
}

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL