certs

package

v0.1.2 Latest Latest Go to latest Published: Dec 20, 2023 License: GPL-3.0 Imports: 22 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/reeflective/team

Links

Open Source Insights

README ¶

certs

X.509 certificate generation and management code.

Documentation ¶

Index ¶

Constants
Variables
func RootOnlyVerifyCertificate(caCertificate string, rawCerts [][]byte) error
type Manager
- func NewManager(filesystem *assets.FS, db *gorm.DB, logger *logrus.Entry, ...) *Manager

Constants ¶

View Source

const (
	// ECCKey - Namespace for ECC keys.
	ECCKey = "ecc"

	// RSAKey - Namespace for RSA keys.
	RSAKey = "rsa"
)

View Source

const (
	// DefaultPort is the default team.Server listening port.
	// Should be 31415, but... go to hell with your endless limits.
	DefaultPort = 31416
)

Variables ¶

View Source

var ErrCertDoesNotExist = errors.New("Certificate does not exist")

ErrCertDoesNotExist - Returned if a GetCertificate() is called for a cert/cn that does not exist.

Functions ¶

func RootOnlyVerifyCertificate ¶

func RootOnlyVerifyCertificate(caCertificate string, rawCerts [][]byte) error

RootOnlyVerifyCertificate - Go doesn't provide a method for only skipping hostname validation so we have to disable all of the certificate validation and re-implement everything. https://github.com/golang/go/issues/21971

Types ¶

type Manager ¶

type Manager struct {
	// contains filtered or unexported fields
}

Manager is used to manage the certificate infrastructure for a given teamserver. Has access to a given database for storage, a logger and an abstract filesystem.

func NewManager ¶

func NewManager(filesystem *assets.FS, db *gorm.DB, logger *logrus.Entry, appName, appDir string) *Manager

NewManager initializes and returns a certificate manager for a given teamserver. The returned manager will have ensured that all certificate authorities are initialized and working, or will create them if needed. Any critical error happening at initialization time will send a log.Fatal event to the provided logger. If the latter has no modified log.ExitFunc, this will make the server panic and exit.

func (*Manager) GenerateECCCertificate ¶

func (c *Manager) GenerateECCCertificate(caType string, commonName string, isCA bool, isClient bool) ([]byte, []byte)

GenerateECCCertificate - Generate a TLS certificate with the given parameters We choose some reasonable defaults like Curve, Key Size, ValidFor, etc. Returns two strings `cert` and `key` (PEM Encoded).

func (*Manager) GenerateRSACertificate ¶

func (c *Manager) GenerateRSACertificate(caType string, commonName string, isCA bool, isClient bool) ([]byte, []byte)

GenerateRSACertificate - Generates an RSA Certificate.

func (*Manager) GetCertificate ¶

func (c *Manager) GetCertificate(caType string, keyType string, commonName string) ([]byte, []byte, error)

GetCertificate - Get the PEM encoded certificate & key for a host.

func (*Manager) GetECCCertificate ¶

func (c *Manager) GetECCCertificate(caType string, commonName string) ([]byte, []byte, error)

GetECCCertificate - Get an ECC certificate.

func (*Manager) GetRSACertificate ¶

func (c *Manager) GetRSACertificate(caType string, commonName string) ([]byte, []byte, error)

GetRSACertificate - Get an RSA certificate.

func (*Manager) GetUsersCA ¶

func (c *Manager) GetUsersCA() (*x509.Certificate, *ecdsa.PrivateKey, error)

GetUsersCA returns the certificate authority for teamserver users.

func (*Manager) GetUsersCAPEM ¶

func (c *Manager) GetUsersCAPEM() ([]byte, []byte, error)

GetUsersCAPEM returns the certificate authority for teamserver users, PEM-encoded.

func (*Manager) OpenTLSKeyLogFile ¶

func (c *Manager) OpenTLSKeyLogFile() *os.File

OpenTLSKeyLogFile returns an open file to the TLS keys log file, if the environment variable SSLKEYLOGFILE is defined.

func (*Manager) RemoveCertificate ¶

func (c *Manager) RemoveCertificate(caType string, keyType string, commonName string) error

RemoveCertificate - Remove a certificate from the cert store.

func (*Manager) SaveUsersCA ¶

func (c *Manager) SaveUsersCA(cert, key []byte)

SaveUsersCA saves a user certificate authority (may contain several users).

func (*Manager) UserClientGenerateCertificate ¶

func (c *Manager) UserClientGenerateCertificate(user string) ([]byte, []byte, error)

UserClientGenerateCertificate - Generate a certificate signed with a given CA.

func (*Manager) UserClientGetCertificate ¶

func (c *Manager) UserClientGetCertificate(user string) ([]byte, []byte, error)

UserClientGetCertificate - Helper function to fetch a client cert.

func (*Manager) UserClientListCertificates ¶

func (c *Manager) UserClientListCertificates() []*x509.Certificate

UserClientListCertificates - Get all client certificates.

func (*Manager) UserClientRemoveCertificate ¶

func (c *Manager) UserClientRemoveCertificate(user string) error

UserClientRemoveCertificate - Helper function to remove a client cert.

func (*Manager) UserServerGenerateCertificate ¶

func (c *Manager) UserServerGenerateCertificate() ([]byte, []byte, error)

UserServerGenerateCertificate - Generate a certificate signed with a given CA.

func (*Manager) UserServerGetCertificate ¶

func (c *Manager) UserServerGetCertificate() ([]byte, []byte, error)

UserServerGetCertificate - Helper function to fetch a server cert.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL