ca

package module

v0.0.0-...-0c1ac1e Latest Latest Go to latest Published: Nov 30, 2015 License: MIT Imports: 12 Imported by: 2

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/neptulon/ca

Links

Open Source Insights

README ¶

Go Certificate Authority

Go certificate authority library for creating:

CA certificates
Intermediate signing certificates
Server/hosting certificates (i.e. to be used with TLS)
Client certificates (i.e. to be used for TLS client authentication)

This library is a lightweight wrapper around Go "crypto/x509" package with no external dependencies. This is done so to make it easy to copy-paste relevant functions into your project if you don't want to take a dependency on this package.

Example

import (
	"crypto/tls"
	"log"
	"time"

	"github.com/neptulon/ca"
)

func main() {
	// create CA and server certificates along with ready-to-use tls.Conf object that uses generated certs
	certChain, err := ca.GenCertChain("FooBar", "127.0.0.1", "127.0.0.1", time.Hour, 512)
	if err != nil {
		log.Fatal(err)
	}

	l, err := tls.Listen("tcp", "127.0.0.1:4444", certChain.ServerTLSConf)
	if err != nil {
		log.Fatal(err)
	}

	// todo: use l.Accept() to start accepting connections
}

To see a more comprehensive example, check the godocs and the tests file (TestCreateCertChain function in specific).

License

MIT

Documentation ¶

Overview ¶

Package ca provides easy to use certificate authority related functions. This is a lightweight wrapper around "crypto/x509" package for creating CA certs, client certs, signing requests, and more.

Any "cert, key []byte" type of function parameters and return types are always PEM encoded X.509 certificate and private key pairs. You can store the certificate/key pair with standard naming as "cert.pem" and "key.pem" in the file system.

This package is mostly based on the example code provided at: http://golang.org/src/crypto/tls/generate_cert.go

Example ¶

Example demonstrating the use of neptulon/ca with a tls.Listener.

package main

import (
	"crypto/tls"
	"log"
	"time"

	"github.com/neptulon/ca"
)

func main() {
	// create CA and server certificates along with ready-to-use tls.Conf object that uses generated certs
	certChain, certErr := ca.GenCertChain("FooBar", "127.0.0.1", "127.0.0.1", time.Hour, 512)
	if certErr != nil {
		log.Fatal(certErr)
	}

	/*listener*/
	_, tlsErr := tls.Listen("tcp", "127.0.0.1:4444", certChain.ServerTLSConf)
	if tlsErr != nil {
		log.Fatal(tlsErr)
	}

	// todo: uncomment /*listener*/ and use listener.Accept() to start accepting connections
}

Output:

Index ¶

func GenCACert(subject pkix.Name, validFor time.Duration, keyLength int, ...) (cert, key []byte, err error)
func GenClientCert(subject pkix.Name, validFor time.Duration, keyLength int, ...) (cert, key []byte, err error)
func GenServerCert(subject pkix.Name, host string, validFor time.Duration, keyLength int, ...) (cert, key []byte, err error)
type CertChain
- func GenCertChain(name, host, hostName string, validFor time.Duration, keyLength int) (c CertChain, err error)

Examples ¶

Package

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func GenCACert ¶

func GenCACert(subject pkix.Name, validFor time.Duration, keyLength int, signingCert, signingKey []byte) (cert, key []byte, err error)

GenCACert generates a CA certificate. If signingCert and signingKey are not provided, the certificate is created as a self-signed root CA. If signingCert and signingKey are provided, the certificate is created as an intermediate CA, signed with provided certificate. The generated certificate can only be used for signing other certificates and CRLs. The returned slices are the PEM encoded X.509 certificate and private key pair.

func GenClientCert ¶

func GenClientCert(subject pkix.Name, validFor time.Duration, keyLength int, signingCert, signingKey []byte) (cert, key []byte, err error)

GenClientCert generates a client certificate. The generated certificate will have its extended key usage set to 'client authentication' and will be ready for use in TLS client authentication. The returned slices are the PEM encoded X.509 certificate and private key pair.

func GenServerCert ¶

func GenServerCert(subject pkix.Name, host string, validFor time.Duration, keyLength int, signingCert, signingKey []byte) (cert, key []byte, err error)

GenServerCert generates a hosting certificate for TLS servers. host = Comma-separated hostnames and IPs to generate a certificate for. i.e. "localhost,127.0.0.1" The returned slices are the PEM encoded X.509 certificate and private key pair.

Types ¶

type CertChain ¶

type CertChain struct {
	RootCACert,
	RootCAKey,
	IntCACert,
	IntCAKey,
	ServerCert,
	ServerKey,
	ClientCert,
	ClientKey []byte
	ServerTLSConf,
	ClientTLSConf *tls.Config
}

CertChain is a ready to use certificate chain object, created by GenCertChain function. Byte slices are the PEM encoded X.509 certificate and private key pairs. ServerTLSConf/ClientTLSConf are tead to use tls.Config objects for a TLS server and client.

func GenCertChain ¶

func GenCertChain(name, host, hostName string, validFor time.Duration, keyLength int) (c CertChain, err error)

GenCertChain generates an entire certificate chain with the following hierarchy: Root CA -> Intermediate CA -> Server Certificate & Client Certificate

name = Certificate name. i.e. FooBar host = Comma-separated hostnames and IPs to generate the server certificate for. i.e. "localhost,127.0.0.1" hostName = Server host address. i.e. foobar.com

Source Files ¶

View all Source files

ca.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL