certs

package

v1.57.0 Latest Latest Go to latest Published: Jul 17, 2023 License: Apache-2.0 Imports: 19 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/getoutreach/devenv

Documentation ¶

Rendered for

Overview ¶

Package certs contains logic for interacting with self-signed certificates and ensuring they are trusted by the operating system in use.

Index ¶

Variables
func Add(c Certificate, privKeyPem []byte) error
func Delete(devenvName string) error
type Archive
- func NewArchive() *Archive
type CertMetadata
type Certificate
type GenerateOptions
type NSSDB
- func MustNewDefaultNSSDB() *NSSDB
- func NewDefaultNSSDB() (*NSSDB, error)
type Store

Constants ¶

This section is empty.

Variables ¶

View Source

var ErrNotFound = errors.New("certificate not found")

ErrNotFound is returned when a certificate is not found.

Functions ¶

func Add ¶

func Add(c Certificate, privKeyPem []byte) error

Add adds a certificate to the store. If a private key is provided, it will be used stored alongside the certificate and returned by Get in future calls.

func Delete ¶

func Delete(devenvName string) error

Delete deletes a certificate from the store. Should not return an error if the certificate does not exist.

Types ¶

type Archive ¶

type Archive struct {
	// contains filtered or unexported fields
}

Archive is an archive of certificates. An archive is currently only used for storing CA (certificate authority) certificates. These are special certificates with the CA flag set to true.

An archive can be exported to a file and imported from a file. When an archive is exported, it is a gzip compressed tar archive containing all certificates in the archive in a flat structure based on the certificate's DevenvName.

func NewArchive ¶

func NewArchive() *Archive

NewArchive creates a new archive suitable for storing certificates.

func (*Archive) Add ¶

func (a *Archive) Add(c Certificate)

Add adds a certificate to the archive.

func (*Archive) Export ¶

func (a *Archive) Export(path string) error

Export exports the archive to a file. If the provided file path exists, it will be overwritten. Output file is a gzip compressed tar archive containing all certificates in the archive.

func (*Archive) Import ¶

func (a *Archive) Import(path string) error

Import imports all certificates from an archive generated by Export.

func (*Archive) List ¶

func (a *Archive) List() []Certificate

List lists all certificates in the archive.

type CertMetadata ¶

type CertMetadata struct {
	// MacOSSHAHash is a SHA hash of the certificate data as reported by
	// the macOS keychain.
	MacOSSHAHash string
}

CertMetadata is OS specific metadata about a certificate.

Only populated by List().

type Certificate ¶

type Certificate struct {
	// DevenvName is the name of the devenv that this certificate is
	// associated with.
	DevenvName string

	// Email is the email of the user that this certificate is associated
	// with as well as the creator of the devenv.
	Email string

	// Data is the PEM encoded certificate data for this certificate.
	Data []byte
	// contains filtered or unexported fields
}

Certificate is a certificate in the root certificate store.

func Generate ¶

func Generate(opts GenerateOptions) (Certificate, []byte, error)

Generate generates a new self-signed certificate for the provided devenv name and email address. The private key is retrievable through Get.

func Get ¶

func Get(devenvName string) (Certificate, []byte, error)

Get returns the certificate for a given devenv.

func List ¶

func List() ([]Certificate, error)

List lists all certificates in the store.

func UnmarshalCertificate ¶

func UnmarshalCertificate(data []byte) (c Certificate, rest []byte, err error)

UnmarshalCertificate unmarshals a certificate from PEM encoded data. The rest of the data is returned as the second return value.

If no certificate is found, the error ErrNotFound is returned.

type GenerateOptions ¶

type GenerateOptions struct {
	// DevenvName is the name of the devenv that this certificate is
	// associated with.
	DevenvName string

	// Email is the email of the user that this certificate is associated
	// with as well as the creator of the devenv.
	Email string

	// Days is the number of days that the certificate should be valid
	// for.
	//
	// Defaults to 3650 (10 years) when not provided or set to 0.
	Days int
	// contains filtered or unexported fields
}

GenerateOptions are options for generating a new self-signed certificate.

type NSSDB ¶

type NSSDB struct {
	// contains filtered or unexported fields
}

NSSDB is a Mozilla Network Security Services DB that contains CA certificates.

Note: Only to the certs8 and certs9 databases are supported. Other shared NSS databases such as key*.db are not supported.

func MustNewDefaultNSSDB ¶

func MustNewDefaultNSSDB() *NSSDB

MustNewDefaultNSSDB creates a new NSSDB instance with the default DB paths. This panics if an error occurs.

func NewDefaultNSSDB ¶

func NewDefaultNSSDB() (*NSSDB, error)

NewDefaultNSSDB creates a new NSSDB instance with the default DB paths.

func (*NSSDB) Add ¶

func (n *NSSDB) Add(c Certificate) error

Add adds a certificate to the NSSDB. This returns an error only if the certificate was unable to be added. If it already exists, it will return nil.

func (*NSSDB) Delete ¶

func (n *NSSDB) Delete(c Certificate) error

Delete deletes a certificate from the NSSDB. This returns an error only if the certificate was unable to be deleted. If it does not exist, it will return nil.

func (*NSSDB) List ¶

func (n *NSSDB) List() ([]string, error)

List returns a list of all certificates, by their nicknames, in the NSSDB. This returns an error only if the list of certificates was unable to be retrieved.

type Store ¶

type Store interface {
	// List lists all certificates in the store.
	List() ([]Certificate, error)

	// Delete deletes a certificate from the store.
	// Should not return an error if the certificate does not exist.
	Delete(devenvName string) error

	// Add adds a certificate to the store. If a private key is
	// provided, it will be used stored alongside the certificate
	// and returned by Get in future calls.
	Add(c Certificate, privKeyPem []byte) error

	// Generate generates a new self-signed certificate for the
	// provided devenv name and email address. The private key
	// is retrievable through Get.
	Generate(opts GenerateOptions) (Certificate, []byte, error)

	// Get returns the certificate for a given devenv.
	Get(devenvName string) (Certificate, []byte, error)
}

Store implements a certificate storage interface for interacting with a host operating system's certificate store.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL