p11support

package

v0.1.0 Latest Latest Go to latest Published: Jul 12, 2023 License: MIT Imports: 13 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/telekom-mms/p11support

Links

Open Source Insights

Documentation ¶

Overview ¶

Package p11support provides the interface to PKCS#11 tokens.

Index ¶

Variables
type P11Support
- func New(p11Module, p11Uri, keyAlgorithm, keyParameter string) (*P11Support, error)

Constants ¶

This section is empty.

Variables ¶

View Source

var ErrNoTokenFound = errors.New("no matching token found")

ErrNoTokenFound is used to signal that there is no usable token available.

Functions ¶

This section is empty.

Types ¶

type P11Support ¶

type P11Support struct {
	// contains filtered or unexported fields
}

P11Support encapsulates PKCS#11 token functionality.

func New ¶

func New(p11Module, p11Uri, keyAlgorithm, keyParameter string) (*P11Support, error)

New creates a new P11Support instance for the given PKCS#11 library module and the given PKCS#11 URI.

func (*P11Support) BuildNewCSR ¶

func (s *P11Support) BuildNewCSR(fqdn string, deleteExisting bool) ([]byte, error)

BuildNewCSR creates a new certificate signing request (CSR) for the given fully qualified domain name (fqdn). A new keypair for the label in the PKCS#11 URI is generated if there is none yet.

func (*P11Support) GetExistingCertificate ¶

func (s *P11Support) GetExistingCertificate() (*x509.Certificate, error)

GetExistingCertificate retrieves an existing certificate identified by the label from the PKCS#11 URI.

func (*P11Support) NewP11TokenCert ¶

func (s *P11Support) NewP11TokenCert() ([]tls.Certificate, *x509.Certificate, []byte, error)

NewP11TokenCert returns the client certificate including its associated private key handle for TLS client authentication, the actual certificate instance and a new signing request for renewal of the certificate.

An error is returned if retrieving the key pair or the certificate from the token fails, or if the CSR cannot be generated.

func (*P11Support) StoreCertificate ¶

func (s *P11Support) StoreCertificate(certificate *x509.Certificate) error

StoreCertificate stores the given certificate in a certificate entry of the PKCS#11 token with the same id and label as the corresponding private key. The label is taken from the PKCS#11 URI.

Source Files ¶

View all Source files

p11support.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL