README
¶
EasyRsa
Simple go library with implementation of some easy-rsa functions
Sample cli usage
go get github.com/kemsta/go-easyrsa/easyrsa-cli
build ca pair
easyrsa-cli -k keys build-ca
build server pair
easyrsa-cli -k keys build-server-key some-server-name
build client pair
easyrsa-cli -k keys build-key some-client-name
revoke cert
easyrsa-cli -k keys revoke-full some-client-name
Documentation
¶
Index ¶
- Constants
- type CRLHolder
- type DirKeyStorage
- func (s *DirKeyStorage) DeleteByCn(cn string) error
- func (s *DirKeyStorage) DeleteBySerial(serial *big.Int) error
- func (s *DirKeyStorage) GetAll() ([]*X509Pair, error)
- func (s *DirKeyStorage) GetByCN(cn string) ([]*X509Pair, error)
- func (s *DirKeyStorage) GetBySerial(serial *big.Int) (*X509Pair, error)
- func (s *DirKeyStorage) GetLastByCn(cn string) (*X509Pair, error)
- func (s *DirKeyStorage) Put(pair *X509Pair) error
- type FileCRLHolder
- type FileSerialProvider
- type KeyStorage
- type NotExist
- type PKI
- func (p *PKI) ExtractGroups(cert *x509.Certificate) (groups *[]string, err error)
- func (p *PKI) GetCRL() (*pkix.CertificateList, error)
- func (p *PKI) GetLastCA() (*X509Pair, error)
- func (p *PKI) IsRevoked(serial *big.Int) bool
- func (p *PKI) NewCa() (*X509Pair, error)
- func (p *PKI) NewCert(cn string, server bool, groups []string) (*X509Pair, error)
- func (p *PKI) RevokeAllByCN(cn string) error
- func (p *PKI) RevokeOne(serial *big.Int) error
- type SerialProvider
- type X509Pair
Examples ¶
Constants ¶
View Source
const ( PEMCertificateBlock string = "CERTIFICATE" // pem block header for x509.Certificate PEMRSAPrivateKeyBlock = "RSA PRIVATE KEY" // pem block header for rsa.PrivateKey PEMx509CRLBlock = "X509 CRL" // pem block header for CRL CertFileExtension = ".crt" // certificate file extension DefaultKeySizeBytes int = 2048 // default key size in bytes DefaultExpireYears = 99 // default expire time for certs )
View Source
const ( LockPeriod = time.Millisecond * 100 LockTimeout = time.Second * 10 )
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type CRLHolder ¶
type CRLHolder interface {
Put([]byte) error // Put file content for crl
Get() (*pkix.CertificateList, error) // Get current revoked cert list
}
type DirKeyStorage ¶
type DirKeyStorage struct {
// contains filtered or unexported fields
}
DirKeyStorage is a implementation KeyStorage interface with storing pairs on fs
func NewDirKeyStorage ¶
func NewDirKeyStorage(keydir string) *DirKeyStorage
func (*DirKeyStorage) DeleteByCn ¶
func (s *DirKeyStorage) DeleteByCn(cn string) error
DeleteByCn delete all pair with cn
func (*DirKeyStorage) DeleteBySerial ¶
func (s *DirKeyStorage) DeleteBySerial(serial *big.Int) error
Delete only one pair with serial
func (*DirKeyStorage) GetAll ¶
func (s *DirKeyStorage) GetAll() ([]*X509Pair, error)
GetAll return all pairs
func (*DirKeyStorage) GetByCN ¶
func (s *DirKeyStorage) GetByCN(cn string) ([]*X509Pair, error)
GetByCN return all pairs with cn
func (*DirKeyStorage) GetBySerial ¶
func (s *DirKeyStorage) GetBySerial(serial *big.Int) (*X509Pair, error)
GetBySerial return only one pair with serial
func (*DirKeyStorage) GetLastByCn ¶
func (s *DirKeyStorage) GetLastByCn(cn string) (*X509Pair, error)
GetLastByCn return only last pair with cn
func (*DirKeyStorage) Put ¶
func (s *DirKeyStorage) Put(pair *X509Pair) error
Put keypair in dir as /keydir/cn/serial.[crt,key]
type FileCRLHolder ¶
type FileCRLHolder struct {
// contains filtered or unexported fields
}
FileCRLHolder implement CRLHolder interface
func NewFileCRLHolder ¶
func NewFileCRLHolder(path string) *FileCRLHolder
func (*FileCRLHolder) Get ¶
func (h *FileCRLHolder) Get() (*pkix.CertificateList, error)
func (*FileCRLHolder) Put ¶
func (h *FileCRLHolder) Put(content []byte) error
type FileSerialProvider ¶
type FileSerialProvider struct {
// contains filtered or unexported fields
}
FileSerialProvider implement SerialProvider interface with storing serial in file
func NewFileSerialProvider ¶
func NewFileSerialProvider(path string) *FileSerialProvider
type KeyStorage ¶
type KeyStorage interface {
Put(pair *X509Pair) error // Put new pair to Storage. Overwrite if already exist.
GetByCN(cn string) ([]*X509Pair, error) // Get all keypairs by CN.
GetLastByCn(cn string) (*X509Pair, error) // Get last pair by CN.
GetBySerial(serial *big.Int) (*X509Pair, error) // Get one keypair by serial.
DeleteByCn(cn string) error // Delete all keypairs by CN.
DeleteBySerial(serial *big.Int) error // Delete one keypair by serial.
GetAll() ([]*X509Pair, error) // Get all keypair
}
type NotExist ¶
type NotExist struct {
// contains filtered or unexported fields
}
func NewNotExist ¶
type PKI ¶
type PKI struct {
Storage KeyStorage
// contains filtered or unexported fields
}
PKI struct holder
func NewPKI ¶
func NewPKI(storage KeyStorage, sp SerialProvider, crlHolder CRLHolder, subjTemplate pkix.Name) *PKI
NewPKI PKI struct "constructor"
Example ¶
storDir := "/var/tmp"
storage := NewDirKeyStorage(storDir)
serialProvider := NewFileSerialProvider(filepath.Join(storDir, "serial"))
crlHolder := NewFileCRLHolder(filepath.Join(storDir, "crl.pem"))
NewPKI(storage, serialProvider, crlHolder, pkix.Name{})
Output:
func (*PKI) ExtractGroups ¶ added in v0.2.8
func (p *PKI) ExtractGroups(cert *x509.Certificate) (groups *[]string, err error)
func (*PKI) GetCRL ¶
func (p *PKI) GetCRL() (*pkix.CertificateList, error)
GetCRL return current revoke list
func (*PKI) RevokeAllByCN ¶
RevokeAllByCN revoke all pairs with common name
type SerialProvider ¶
type X509Pair ¶
type X509Pair struct {
KeyPemBytes []byte // pem encoded rsa.PrivateKey bytes
CertPemBytes []byte // pem encoded x509.Certificate bytes
CN string // common name
Serial *big.Int // serial number
}
X509Pair represent pair cert and key
func NewX509Pair ¶
NewX509Pair create new X509Pair object
func (*X509Pair) Decode ¶
func (pair *X509Pair) Decode() (key *rsa.PrivateKey, cert *x509.Certificate, err error)
Decode pem bytes to rsa.PrivateKey and x509.Certificate
Source Files
Click to show internal directories.
Click to hide internal directories.