store

package

v1.1.0 Latest Latest Go to latest Published: Apr 18, 2024 License: Apache-2.0 Imports: 13 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/openziti/ziti

Links

Open Source Insights

Documentation ¶

Overview ¶

Package store provides different methods to store a Public Key Infrastructure.

Constants ¶

View Source

const (
	LocalCertsDir = "certs"
	LocalKeysDir  = "keys"
	LocalCrlsDir  = "crls"
)

Predefined directory names.

Variables ¶

This section is empty.

Functions ¶

func InitCADir ¶

func InitCADir(path string) error

InitCADir creates the basic structure of a CA subdirectory.

|- crlnumber
|- index.txt
|- index.txt.attr
|- serial
|- certs/
  |- ca.cert
  |- name.cert
|- keys/
  |- ca.key
  |- name.key

Types ¶

type Local ¶

type Local struct {
	Root string
}

Local lets us store a Certificate Authority on the local filesystem.

The structure used makes it compatible with openssl.

func (*Local) Add ¶

func (l *Local) Add(caName, name string, isCa bool, key, cert []byte, allowOverwrite bool) error

Add adds the given bundle to the local filesystem.

func (*Local) AddCSR ¶

func (l *Local) AddCSR(caName, name string, isCa bool, key, cert []byte) error

AddCSR adds the given csr to the local filesystem.

func (*Local) AddKey ¶

func (l *Local) AddKey(caName string, name string, key []byte) error

AddKey adds the given private key to the local filesystem.

func (*Local) Chain ¶

func (l *Local) Chain(caName, destCaName, name string) error

Chain concats an intermediate cert and a newly signed certificate bundle and adds the chained cert to the store.

func (*Local) Exists ¶

func (l *Local) Exists(caName, name string) bool

Exists checks if a certificate or private key already exist on the local filesystem for a given name.

func (*Local) Fetch ¶

func (l *Local) Fetch(caName, name string) ([]byte, []byte, error)

Fetch fetches the private key and certificate for a given name signed by caName.

func (*Local) FetchKeyBytes ¶

func (l *Local) FetchKeyBytes(caName, name string) ([]byte, error)

FetchKeyBytes fetches the private key and certificate for a given name signed by caName.

func (*Local) Revoked ¶

func (l *Local) Revoked(caName string) ([]pkix.RevokedCertificate, error)

Revoked returns a list of revoked certificates.

func (*Local) Update ¶

func (l *Local) Update(caName string, sn *big.Int, st certificate.State) error

Update updates the state of a given certificate in the index.txt.

type Store ¶

type Store interface {
	// Add adds a newly signed certificate bundle to the store.
	//
	// Args:
	//  The CA name, if the certificate was signed with an intermediate CA.
	//  The certificate bundle name.
	//  Is the bundle to add an intermediate CA.
	//  The raw private key.
	//  The raw certificate.
	//  Flag indicating if existing certs can be overwritten
	//
	// Returns an error if it failed to store the bundle.
	Add(string, string, bool, []byte, []byte, bool) error

	// Chain concats a signing cert and a newly signed certificate bundle and adds the chained cert to the store.
	//
	// Args:
	//  The signing CA name.
	//  The destination CA name.
	//  The certificate bundle name.
	//
	// Returns an error if it failed to store the bundle.
	Chain(string, string, string) error

	// AddCSR adds a CSR to the store.
	//
	// Args:
	//  The CA name, if the certificate was signed with an intermediate CA.
	//  The CSR bundle name.
	//  Is the bundle to add an intermediate CA.
	//  The raw private key.
	//  The raw certificate.
	//
	// Returns an error if it failed to store the bundle.
	AddCSR(string, string, bool, []byte, []byte) error

	// AddKey adds a new private key to the store.
	//
	// Args:
	//  The intermediate CA name
	//  The Key name
	//  The private key
	//
	// Returns an error if it failed to store the bundle.
	AddKey(string, string, []byte) error

	// Fetch fetches a certificate bundle from the store.
	//
	// Args:
	//   The CA name, if the certificate was signed with an intermediate CA.
	//   The name of the certificate bundle.
	//
	// Returns the raw private key and certificate respectively or an error.
	Fetch(string, string) ([]byte, []byte, error)

	// FetchKeyBytes fetches the private key of a certificate bundle from the store.
	//
	// Args:
	//   The CA name, if the certificate was signed with an intermediate CA.
	//   The name of the certificate bundle.
	//
	// Returns the raw private key or an error.
	FetchKeyBytes(string, string) ([]byte, error)

	// Update updates the state of a certificate. (Valid, Revoked, Expired)
	//
	// Args:
	//   The CA name, if the certificate was signed with an intermediate CA.
	//   The serial of the certificate to update.
	//   The new state.
	//
	// Returns an error if the update failed.
	Update(string, *big.Int, certificate.State) error

	// Revoked returns a list of revoked certificates for a given CA.
	//
	// Args:
	//   The CA name, if it is for an intermediate CA.
	//
	// Returns a list of revoked certificate or an error.
	Revoked(string) ([]pkix.RevokedCertificate, error)
}

Store represents a way to store a Certificate Authority.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL