ca

package

v0.0.0-...-d1cd67c Latest Latest Go to latest Published: Feb 9, 2018 License: MIT Imports: 7 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/paultag/cybercom

Links

Open Source Insights

Documentation ¶

Index ¶

type CA
- func New(caStore store.Store, preparer policy.Preparer) (*CA, error)

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type CA ¶

type CA struct {
	Store    store.Store
	Preparer policy.Preparer
}

Encapsulation of a Certificate Authority. This has a set of defined operations to be used in conjunction with other packages in this library, such as a keystore.

This struct and collection of functions exists only to sign CSRs and preform other CA operations that require a private key. The behavior of this module is designed to be simple, predictable, and default to sane and safe behavior.

func New ¶

func New(
	caStore store.Store,
	preparer policy.Preparer,
) (*CA, error)

Create a new CA Struct from the given `store.Store` and `policy.Preparer`.

This will double check the provided CA is valid for purposes of CA Signing.

func (CA) CertPool ¶

func (c CA) CertPool() (*x509.CertPool, error)

Create an x509.CertPool out of our Certificate. In the future this function is likely to output all known root and intermediary Certificates.

func (CA) CreateCRL ¶

func (c CA) CreateCRL(rand io.Reader, revokedCerts []pkix.RevokedCertificate, now, expiry time.Time) ([]byte, error)

func (CA) Sign ¶

func (c CA) Sign(rand io.Reader, template *x509.Certificate) ([]byte, error)

Sign an x509.Certificate template (as one would pass to CreateCertificate) first running it through the given CA Preparer. This will set things like the Serial, NotAfter and NotBefore.

There are no safey checks to see if signing this Certificate is, in fact, a good idea, this will just sign a given Certificate with the CA key.

func (CA) SignWithoutPreparing ¶

func (c CA) SignWithoutPreparing(rand io.Reader, template *x509.Certificate) ([]byte, error)

Sign an x509.Certificate template (as one would pass to CreateCertificate) without first running it through the CA's Preparer. This is usually a very dangerous and ill advised move, since this will bypas the controls and policies the CA has put into place.

The only exception to this rule is if the Certificate was put through the Preparer in the code block calling this, and has explicitly overridden known defaults in a thoughtful and meaningful way.

There are no safey checks to see if signing this Certificate is, in fact, a good idea, this will just sign a given Certificate with the CA key.

Source Files ¶

View all Source files

ca.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL