pki

package
v1.0.2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Aug 11, 2022 License: MIT Imports: 15 Imported by: 1

Documentation

Index

Constants

View Source 
const (
	PEMCertificateBlock   string = "CERTIFICATE"     // pem block header for x509.Certificate
	PEMRSAPrivateKeyBlock        = "RSA PRIVATE KEY" // pem block header for rsa.PrivateKey
	PEMx509CRLBlock              = "X509 CRL"        // pem block header for CRL
	DefaultKeySizeBytes   int    = 2048              // default key size in bytes
	DefaultExpireYears           = 99                // default expire time for certs
)

Variables

This section is empty.

Functions

func Apply 

func Apply(options []Option, cert *x509.Certificate)

Types

type CRLHolder 

type CRLHolder interface {
	Put([]byte) error                    // Put file content for crl
	Get() (*pkix.CertificateList, error) // Get current revoked cert list
}

Certificate revocation list holder interface

type KeyStorage 

type KeyStorage interface {
	Put(pair *pair.X509Pair) error                       // Put new pair to KeyStorage. Overwrite if already exist.
	GetByCN(cn string) ([]*pair.X509Pair, error)         // Get all keypairs by CN.
	GetLastByCn(cn string) (*pair.X509Pair, error)       // Get last pair by CN.
	GetBySerial(serial *big.Int) (*pair.X509Pair, error) // Get one keypair by serial.
	DeleteByCn(cn string) error                          // Delete all keypairs by CN.
	DeleteBySerial(serial *big.Int) error                // Delete one keypair by serial.
	GetAll() ([]*pair.X509Pair, error)                   // Get all keypair
}

Key storage interface

type Option 

type Option func(*x509.Certificate)

func CN 

func CN(cn string) Option

func Client added in v1.0.2 

func Client() Option

func DNSNames 

func DNSNames(names []string) Option

func ExcludedDNSDomains 

func ExcludedDNSDomains(names []string) Option

func IPAddresses 

func IPAddresses(ips []net.IP) Option

func NotAfter 

func NotAfter(time time.Time) Option

func Server 

func Server() Option

type PKI 

type PKI struct {
	Storage KeyStorage
	// contains filtered or unexported fields
}

PKI struct holder

func InitPKI 

func InitPKI(pkiDir string, subjTemplate *pkix.Name) (*PKI, error)

Init default pki with file storages

func NewPKI 

func NewPKI(storage KeyStorage, sp SerialProvider, crlHolder CRLHolder, subjTemplate pkix.Name) *PKI

NewPKI PKI struct "constructor"

func (*PKI) GetCRL 

func (p *PKI) GetCRL() (*pkix.CertificateList, error)

GetCRL return current revoke list

func (*PKI) GetLastCA 

func (p *PKI) GetLastCA() (*pair.X509Pair, error)

GetLastCA return last CA pair

func (*PKI) IsRevoked 

func (p *PKI) IsRevoked(serial *big.Int) bool

IsRevoked return true if it`s revoked serial

func (*PKI) NewCa 

func (p *PKI) NewCa(opts ...Option) (*pair.X509Pair, error)

NewCa creating new version self signed CA pair

func (*PKI) NewCert 

func (p *PKI) NewCert(cn string, opts ...Option) (*pair.X509Pair, error)

NewCert generate new pair signed by last CA key

func (*PKI) RevokeAllByCN 

func (p *PKI) RevokeAllByCN(cn string) error

RevokeAllByCN revoke all pairs with common name

func (*PKI) RevokeOne 

func (p *PKI) RevokeOne(serial *big.Int) error

RevokeOne revoke one pair with serial

type SerialProvider 

type SerialProvider interface {
	Next() (*big.Int, error) // Next return next uniq serial
}

Serial provider interface

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.