pki

package
v0.0.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Aug 12, 2021 License: MIT Imports: 20 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var (
	// EllipticCurve is the default curve used for key generation
	EllipticCurve = elliptic.P256()
)

Functions

func MarshalCertificate 

func MarshalCertificate(crt *x509.Certificate) (string, error)

MarshalCertificate returns PEM encoding of certificate

func MarshalCertificateRequest 

func MarshalCertificateRequest(csr *x509.CertificateRequest) (string, error)

MarshalCertificateRequest returns PEM encoding of certificate request

func MarshalCertificateSerial 

func MarshalCertificateSerial(serial *big.Int) string

MarshalCertificateSerial converts certificate serial to string

func MarshalPrivateKey 

func MarshalPrivateKey(key crypto.PrivateKey) (string, error)

MarshalPrivateKey returns PEM encoding of key

func MarshalPublicKey 

func MarshalPublicKey(key crypto.PublicKey) (string, error)

MarshalPublicKey returns PEM encoding of key

func MarshalPublicKeySSH 

func MarshalPublicKeySSH(key crypto.PublicKey) (string, error)

MarshalPublicKeySSH returns OpenSSH encoding of key

func MarshalYubiKeySerial 

func MarshalYubiKeySerial(serial uint32) string

MarshalYubiKeySerial converts YubiKey serial to string

func NewCertificate 

func NewCertificate(template *x509.Certificate, pub crypto.PublicKey) (*dto.Certificate, error)

NewCertificate issues a new certificate using the given template

func NewCertificateRequest 

func NewCertificateRequest(tpl *x509.CertificateRequest, priv interface{}) (*x509.CertificateRequest, error)

NewCertificateRequest creates new signed certificate request using the given key

func NewPrivateKey 

func NewPrivateKey() (*ecdsa.PrivateKey, error)

NewPrivateKey generates new private key using `EllipticCurve`

func NewRevocationList 

func NewRevocationList(revoke ...pkix.RevokedCertificate) error

NewRevocationList issues a new certificate revocation list

func NewTemplate 

func NewTemplate(opts ...CertificateOption) (*x509.Certificate, error)

NewTemplate generates new x509 certificate with the given options

func ReadCertificate 

func ReadCertificate(filename string) (*x509.Certificate, error)

ReadCertificate loads certificate from file

func ReadPrivateKey 

func ReadPrivateKey(filename string) (crypto.PrivateKey, error)

ReadPrivateKey loads private key from file

func ReadRevocationList 

func ReadRevocationList(filename string) (*x509.RevocationList, error)

ReadRevocationList loads certificate revocation list from file

func Revoke 

func Revoke(crt *dto.Certificate, reason CRLReason, when time.Time) error

Revoke given certificate

func Setup 

func Setup(cfg *Config) (err error)

Setup initializes CA

func UnmarshalCertificate 

func UnmarshalCertificate(raw string) (*x509.Certificate, error)

UnmarshalCertificate parses certificate from PEM-encoded string

func UnmarshalCertificateRequest 

func UnmarshalCertificateRequest(raw string) (*x509.CertificateRequest, error)

UnmarshalCertificateRequest parses certificate request from PEM-encoded string

func UnmarshalCertificateSerial 

func UnmarshalCertificateSerial(serial string) *big.Int

MarshalCertificateSerial converts string to certificate serial

func UnmarshalPrivateKey 

func UnmarshalPrivateKey(raw string) (crypto.PrivateKey, error)

UnmarshalPrivateKey parses private key from PEM-encoded string

func UnmarshalRevocationList 

func UnmarshalRevocationList(raw string) (*x509.RevocationList, error)

UnmarshalRevocationList parses certificate revocation list from PEM-encoded string

func WriteCertificate 

func WriteCertificate(filename string, crt *x509.Certificate) error

WriteCertificate saves certificate to file

func WriteCertificateRequest 

func WriteCertificateRequest(filename string, csr *x509.CertificateRequest) error

WriteCertificateRequest saves certificate request to file

func WritePrivateKey 

func WritePrivateKey(filename string, key crypto.PrivateKey) error

WritePrivateKey saves private key to file

func WritePublicKey 

func WritePublicKey(filename string, key crypto.PublicKey) error

WritePublicKey saves public key to file

func WritePublicKeySSH 

func WritePublicKeySSH(filename string, key crypto.PublicKey) error

WritePublicKeySSH saves public key to file in OpenSSH format

Types

type CRLReason 

type CRLReason string

CRLReason is used for designating certificate revocation reason. See 

const (
	CRLReasonKeyCompromise      CRLReason = "KeyCompromise"
	CRLReasonAffiliationChanged CRLReason = "AffiliationChanged"
	CRLReasonSuperseded         CRLReason = "Superseded"
	CRLReasonUnspecified        CRLReason = "Unspecified"
)

Known CRL reasons

type CertificateOption 

type CertificateOption func(*x509.Certificate) error

CertificateOption are used for easier template generation

func WithName 

func WithName(name pkix.Name) CertificateOption

WithName sets certificate subject to the given PKIX name

type Config 

type Config struct {
	Certificate       string `yaml:"certificate"`
	PrivateKey        string `yaml:"privateKey"`
	ExpirationDays    int    `yaml:"expirationDays"`
	CertificateURL    string `yaml:"certificateUrl" bind:"required"`
	CRL               string `yaml:"crl"`
	CRLExpirationDays int    `yaml:"crlExpirationDays"`
	CRLURL            string `yaml:"crlUrl" bind:"required"`
}

Config holds CA configuration

type PEMType 

type PEMType string

PEMType is used for encoding objects 

const (
	PEMTypeCertificate        PEMType = "CERTIFICATE"
	PEMTypeECPrivateKey       PEMType = "EC PRIVATE KEY"
	PEMTypePublicKey          PEMType = "PUBLIC KEY"
	PEMTypeRevocationList     PEMType = "X509 CRL"
	PEMTypeCertificateRequest PEMType = "CERTIFICATE REQUEST"
)

Known PEM types

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.