security

package

v0.10.1 Latest Latest Go to latest Published: Jan 16, 2024 License: MIT Imports: 12 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/samherrmann/serveit

Links

Open Source Insights

README ¶

security

The security package provides a simple way to quickly generate self-signed certificates.

Example

package main

import (
	"log"

	"github.com/samherrmann/serveit/security"
)

func main() {
	// 1. Define the chain of trust
	chain := &security.ChainOfTrust{
		Filename:    "my_app.crt",
		KeyFilename: "my_app.key",
		Subject: &security.Subject{
			CommonName:   "My Awesome App Name",
			Organization: []string{"My Awesome App Making Company Inc."},
			Country:      []string{"CA"},
			Province:     []string{"ON"},
			Locality:     []string{"Ottawa"},
		},
		Days:  3650,
		Hosts: []string{"localhost,192.168.0.1,example.com"},
		Parent: &security.ChainOfTrust{
			Filename:    "my_root_ca.crt",
			KeyFilename: "my_root_ca.key",
			KeyPassword: "mysecurepassword",
			Subject: &security.Subject{
				CommonName:   "My Awesome Certificate Authority",
				Organization: []string{"My Awesome Certificate Authority"},
				Country:      []string{"CA"},
				Province:     []string{"ON"},
				Locality:     []string{"Ottawa"},
			},
			Days: 3650,
		},
	}

	// 2. Create the RSA private key and x.509 certificate files.
	if err := security.WriteChainOfTrustFiles(chain, 0600); err != nil {
		log.Fatalln(err)
	}
}

The code above writes the following files to the working directory:

my_root_ca.key
my_root_ca.crt
my_app.key
my_app.crt

Documentation ¶

Index ¶

func CreateSerialNumber() (*big.Int, error)
func ReadCertFile(filename string) (*x509.Certificate, error)
func ReadKeyFile(filename, password string) (*rsa.PrivateKey, error)
func WriteCertFile(chain *ChainOfTrust, perm os.FileMode) error
func WriteChainOfTrustFiles(chain *ChainOfTrust, perm os.FileMode) error
func WriteKeyFile(filename, password string, perm os.FileMode) error
type ChainOfTrust
type Subject

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func CreateSerialNumber ¶ added in v0.8.0

func CreateSerialNumber() (*big.Int, error)

CreateSerialNumber creates a random serial number that is a maximum length of 20 bytes. See https://tools.ietf.org/html/rfc3280#appendix-B

func ReadCertFile ¶ added in v0.8.0

func ReadCertFile(filename string) (*x509.Certificate, error)

ReadCertFile returns the x.509v3 certificate from the file named by the provided filename.

func ReadKeyFile ¶ added in v0.8.0

func ReadKeyFile(filename, password string) (*rsa.PrivateKey, error)

ReadKeyFile returns the RSA private key from the file named by the provided filename. If the password is not an empty string then it's used to decrypt the PEM block.

func WriteCertFile ¶ added in v0.8.0

func WriteCertFile(chain *ChainOfTrust, perm os.FileMode) error

WriteCertFile creates a X.509v3 certificate for the first level in the given chain and writes it to the file named by the provided filename. Note that the file named by filename must not exist or an error is returned. A file-exist error may be checked with errors.Is(err, os.ErrExist). The file is created with the given perm mode.

func WriteChainOfTrustFiles ¶ added in v0.8.0

func WriteChainOfTrustFiles(chain *ChainOfTrust, perm os.FileMode) error

WriteChainOfTrustFiles writes all RSA private keys and x.509 certificates defined in ChainOfTrust. If the files defined in the chain of trust already exist they are not overwritten and no error is returned.

func WriteKeyFile ¶ added in v0.8.0

func WriteKeyFile(filename, password string, perm os.FileMode) error

WriteKeyFile creates a RSA private key and writes it to the file named by the provided filename. The key is written as a PEM block. If the password is not an empty string then the PEM block is encrypted using the password. The file named by filename must not exist or an error is returned. A file-exist error may be checked with errors.Is(err, os.ErrExist). The file is created with the given perm mode.

Types ¶

type ChainOfTrust ¶ added in v0.8.0

type ChainOfTrust struct {
	// Parent is the parent link in the chain of trust.
	Parent *ChainOfTrust
	// Days is the number of days for which the certificate is valid.
	Days int
	// Subject is x.509 certificate subject.
	Subject *Subject
	// Hosts is a list of domain names and/or IP addresses.
	Hosts []string
	// Filename is the filename of the file containing the x.509 certificate.
	Filename string
	// KeyFilename is the filename of the file containing the RSA private key.
	KeyFilename string
	// KeyPassword is the password used to encrypt the RSA private key PEM block.
	// If no password is provided (i.e. empty string) then the PEM block is not
	// encrypted.
	KeyPassword string
	// contains filtered or unexported fields
}

ChainOfTrust defines a chain of x.509 certificates and RSA private keys.

type Subject ¶ added in v0.8.0

type Subject = pkix.Name

Subject represents a x.509 certificate subject.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL