cert

package

v1.2.0 Latest Latest Go to latest Published: Sep 26, 2022 License: MIT Imports: 12 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/kairoaraujo/goca

Links

Open Source Insights

Documentation ¶

Overview ¶

Package cert provides RSA Key API management for crypto/x509 certificates.

This package makes easy to generate and certificates from files to be used by GoLang applications.

Generating Certificates (even by Signing), the files will be saved in the $CAPATH by default. For $CAPATH, please check out the GoCA documentation.

Index ¶

Constants
Variables
func CASignCSR(CACommonName string, csr x509.CertificateRequest, caCert *x509.Certificate, ...) (cert []byte, err error)
func CreateCACert(...) (cert []byte, err error)
func CreateCSR(...) (csr []byte, err error)
func CreateRootCert(...) (cert []byte, err error)
func LoadCRL(crlString []byte) (*pkix.CertificateList, error)
func LoadCSR(csrString []byte) (*x509.CertificateRequest, error)
func LoadCert(certString []byte) (*x509.Certificate, error)
func LoadParentCACertificate(commonName string) (certificate *x509.Certificate, privateKey *rsa.PrivateKey, err error)
func RevokeCertificate(CACommonName string, certificateList []pkix.RevokedCertificate, ...) (crl []byte, err error)

Constants ¶

View Source

const (
	// MinValidCert is the minimal valid time: 1 day
	MinValidCert int = 1
	// MaxValidCert is the maximum valid time: 825 day
	MaxValidCert int = 825
	// DefaultValidCert is the default valid time: 397 days
	DefaultValidCert int = 397
)

Variables ¶

View Source

var ErrCertExists = errors.New("certificate already exists")

ErrCertExists means that the certificate requested already exists

View Source

var ErrParentCANotFound = errors.New("parent CA not found")

Functions ¶

func CASignCSR ¶

func CASignCSR(CACommonName string, csr x509.CertificateRequest, caCert *x509.Certificate, privKey *rsa.PrivateKey, valid int, creationType storage.CreationType) (cert []byte, err error)

CASignCSR signs an Certificate Signing Request and returns the Certificate as Go bytes.

A file is also stored in $CAPATH/certs/<CSR Common Name>/<CSR Common Name>.crt

func CreateCACert ¶ added in v1.2.0

func CreateCACert(
	CACommonName,
	commonName,
	country,
	province,
	locality,
	organization,
	organizationalUnit,
	emailAddresses string,
	validDays int,
	dnsNames []string,
	privateKey,
	parentPrivateKey *rsa.PrivateKey,
	parentCertificate *x509.Certificate,
	publicKey *rsa.PublicKey,
	creationType storage.CreationType,
) (cert []byte, err error)

CreateCACert creates a CA Certificate

Root certificates are self-signed. When creating a root certificate, leave parentPrivateKey and parentCertificate parameters as nil. When creating an intermediate CA certificates, provide parentPrivateKey and parentCertificate

func CreateCSR ¶

func CreateCSR(CACommonName, commonName, country, province, locality, organization, organizationalUnit, emailAddresses string, dnsNames []string, priv *rsa.PrivateKey, creationType storage.CreationType) (csr []byte, err error)

CreateCSR creates a Certificate Signing Request returning certData with CSR.

The CSR is also stored in $CAPATH with extension .csr

func CreateRootCert ¶

func CreateRootCert(
	CACommonName,
	commonName,
	country,
	province,
	locality,
	organization,
	organizationalUnit,
	emailAddresses string,
	valid int,
	dnsNames []string,
	privateKey *rsa.PrivateKey,
	publicKey *rsa.PublicKey,
	creationType storage.CreationType,
) (cert []byte, err error)

CreateRootCert creates a Root CA Certificate (self-signed)

func LoadCRL ¶ added in v1.0.3

func LoadCRL(crlString []byte) (*pkix.CertificateList, error)

LoadCRL loads a Certificate Revocation List from a read file.

Using ioutil.ReadFile() satisfyies the read file.

func LoadCSR ¶

func LoadCSR(csrString []byte) (*x509.CertificateRequest, error)

LoadCSR loads a Certificate Signing Request from a read file.

Using ioutil.ReadFile() satisfyies the read file.

func LoadCert ¶

func LoadCert(certString []byte) (*x509.Certificate, error)

LoadCert loads a certifiate from a read file (bytes).

Using ioutil.ReadFile() satisfyies the read file.

func LoadParentCACertificate ¶ added in v1.2.0

func LoadParentCACertificate(commonName string) (certificate *x509.Certificate, privateKey *rsa.PrivateKey, err error)

LoadParentCACertificate loads parent CA's certificate and private key

TODO maybe make this more generic, something like LoadCACertificate that returns the certificate and private/public key

func RevokeCertificate ¶

func RevokeCertificate(CACommonName string, certificateList []pkix.RevokedCertificate, caCert *x509.Certificate, privKey *rsa.PrivateKey) (crl []byte, err error)

RevokeCertificate is used to revoke a certificate (added to the revoked list)

Types ¶

This section is empty.

Source Files ¶

View all Source files

cert.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL