Documentation ¶
Overview ¶
Package ca implements a simple certificate authority.
Index ¶
Constants ¶
const ( CertificatePurposeControl = "control" CertificatePurposeAgent = "agent" CertificatePurposeService = "service" )
Certificate purposes, intended to be on CertificateName.Purpose
Variables ¶
This section is empty.
Functions ¶
func MakeCertificateAuthority ¶
MakeCertificateAuthority generates a new certificate authority key, and self-signs it.
func ValidateCACert ¶
ValidateCACert performs some basic checks on the CA cert, like validity period and that it can sign certs.
Types ¶
type CA ¶
type CA struct {
// contains filtered or unexported fields
}
CA holds the state for the certificate authority.
func LoadCAFromFile ¶
LoadCAFromFile will load an existing authority.
func MakeCAFromData ¶
MakeCAFromData does approximately the same thing as LoadCAFromFile() except the CA contents are loaded from PEM strings.
func (*CA) GenerateCertificate ¶
GenerateCertificate will make a new certificate, and return a base64 encoded string for the certificate, key, and authority certificate.
func (*CA) GetCACertificate ¶
GetCACertificate returns the public certificate for the CA.
func (*CA) MakeCertPool ¶
MakeCertPool will return a certificate pool with our CA installed.
func (*CA) MakeServerCert ¶
func (c *CA) MakeServerCert(names []string) (*tls.Certificate, error)
MakeServerCert will generate a new server certificate, signed with the authority, with a validity period of 1 year. The DNS names will be applied.
type CertPoolGenerator ¶
CertPoolGenerator implements a method to make a TLS x509 certificate pool for servers
type CertificateIssuer ¶
type CertificateIssuer interface { GenerateCertificate(CertificateName) (string, string, string, error) GetCACert() (string, error) }
CertificateIssuer implements a generic CA
type CertificateName ¶
type CertificateName struct { Name string `json:"name,omitempty"` Type string `json:"type,omitempty"` Agent string `json:"agent,omitempty"` Purpose string `json:"purpose,omitempty"` }
CertificateName holds the items we will encode in the certificate, so we can determine what endpoint is being requested.
func GetCertificateNameFromCert ¶
func GetCertificateNameFromCert(cert *x509.Certificate) (*CertificateName, error)
GetCertificateNameFromCert extracts the CertificateName from the certificate, or returns an error if not found.