ca

package
v0.0.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 10, 2023 License: Apache-2.0 Imports: 13 Imported by: 0

Documentation

Overview

Package ca implements a simple certificate authority.

Index

Constants

View Source 
const (
	CertificatePurposeControl = "control"
	CertificatePurposeAgent   = "agent"
	CertificatePurposeService = "service"
)

Certificate purposes, intended to be on CertificateName.Purpose

Variables

This section is empty.

Functions

func MakeCertificateAuthority 

func MakeCertificateAuthority() ([]byte, []byte, error)

MakeCertificateAuthority generates a new certificate authority key, and self-signs it.

func ValidateCACert 

func ValidateCACert(certbytes []byte) error

ValidateCACert performs some basic checks on the CA cert, like validity period and that it can sign certs.

Types

type CA 

type CA struct {
	// contains filtered or unexported fields
}

CA holds the state for the certificate authority.

func LoadCAFromFile 

func LoadCAFromFile(c Config) (*CA, error)

LoadCAFromFile will load an existing authority.

func MakeCAFromData 

func MakeCAFromData(certPEM []byte, certPrivKeyPEM []byte) (*CA, error)

MakeCAFromData does approximately the same thing as LoadCAFromFile() except the CA contents are loaded from PEM strings.

func (*CA) GenerateCertificate 

func (c *CA) GenerateCertificate(name CertificateName) (string, string, string, error)

GenerateCertificate will make a new certificate, and return a base64 encoded string for the certificate, key, and authority certificate.

func (*CA) GetCACert 

func (c *CA) GetCACert() (string, error)

GetCACert returns the authority certificate encoded as base64.

func (*CA) GetCACertificate 

func (c *CA) GetCACertificate() []byte

GetCACertificate returns the public certificate for the CA.

func (*CA) MakeCertPool 

func (c *CA) MakeCertPool() (*x509.CertPool, error)

MakeCertPool will return a certificate pool with our CA installed.

func (*CA) MakeServerCert 

func (c *CA) MakeServerCert(names []string) (*tls.Certificate, error)

MakeServerCert will generate a new server certificate, signed with the authority, with a validity period of 1 year. The DNS names will be applied.

type CertPoolGenerator 

type CertPoolGenerator interface {
	MakeCertPool() (*x509.CertPool, error)
}

CertPoolGenerator implements a method to make a TLS x509 certificate pool for servers

type CertificateIssuer 

type CertificateIssuer interface {
	GenerateCertificate(CertificateName) (string, string, string, error)
	GetCACert() (string, error)
}

CertificateIssuer implements a generic CA

type CertificateName 

type CertificateName struct {
	Name    string `json:"name,omitempty"`
	Type    string `json:"type,omitempty"`
	Agent   string `json:"agent,omitempty"`
	Purpose string `json:"purpose,omitempty"`
}

CertificateName holds the items we will encode in the certificate, so we can determine what endpoint is being requested.

func GetCertificateNameFromCert 

func GetCertificateNameFromCert(cert *x509.Certificate) (*CertificateName, error)

GetCertificateNameFromCert extracts the CertificateName from the certificate, or returns an error if not found.

type Config 

type Config struct {
	CACertFile string `yaml:"caCertFile,omitempty" json:"caCertFile,omitempty"`
	CAKeyFile  string `yaml:"caKeyFile,omitempty" json:"caKeyFile,omitempty"`
}

Config holds the filenames for a CA, and has mappings for loading from YAML or JSON.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.