proxy

package module
v0.0.0-...-919a10a Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jun 29, 2017 License: Apache-2.0 Imports: 19 Imported by: 0

README

go-proxy

go-proxy is an utility library written in Go to handle X509 proxies, with and without VOMS extensions. It supports Legacy, Draft and RFC3820 proxies.

What does it do

  • X509 proxy parsing with and without VOMS exceptions.
  • Re-delegating from an existing proxy.

What doesn't it do

  • It can't acquire VOMS extensions from a VOMS server.
  • It can't create a brand new proxy from a user certificate and key. API limitation, mostly.
  • It doesn't include (yet) any validation logic (chain, root CA, nor VOMS extensions)

GoDoc

Examples

Load a proxy, print its VOMS
package main

import (
	"flag"
	"gitlab.cern.ch/fts/go-proxy"
	"log"
)

func main() {
	flag.Parse()

	var p proxy.X509Proxy
	if e := p.DecodeFromFile(flag.Arg(0)); e != nil {
		log.Fatal(e)
	}
	log.Print(p.Subject)
	for _, v := range p.VomsAttributes {
		log.Print(v.Vo)
		log.Print(v.Fqan)
	}
}

Documentation

Index

Constants

View Source 
const (
	TypeNoProxy = Type(0)
	TypeLegacy  = Type(1)
	TypeDraft   = Type(2)
	TypeRFC3820 = Type(3)
)

Proxy types.

Variables

View Source 
var (
	ErrProxyNotFound = errors.New("User proxy not found")
)

Functions

func GetCertAndKeyLocation 

func GetCertAndKeyLocation() (string, string, error)

GetCertAndKeyLocation returns the location of the user cert and key (or proxy)

func KeyUsageRepr 

func KeyUsageRepr(k x509.KeyUsage) string

KeyUsageRepr generates a string representing the key usage.

func NameRepr 

func NameRepr(name *pkix.Name) string

NameRepr generates a string representation of the pkix.Name

Types

type CertPool 

type CertPool struct {
	*x509.CertPool
	Crls     map[string]*pkix.CertificateList
	CaByHash map[string]*x509.Certificate
}

CertPool is a set of certificates and CRLs.

func LoadCAPath 

func LoadCAPath(capath string, loadCrls bool) (roots *CertPool, err error)

LoadCAPath loads the certificates stored under path into a cert-pool

func (*CertPool) AppendFromPEM 

func (pool *CertPool) AppendFromPEM(data []byte, loadCrls bool) error

AppendFromPEM appends certificates and/or revocations lists from the passed raw PEM data

type Type 

type Type int

Type is the detected type of the proxy. It can be No Proxy, Legacy, Draft or RFC.

type VOVerificationError 

type VOVerificationError struct {
	VerificationError
}

VOVerificationError is returned when there has been an error validating the VO extensions

func (*VOVerificationError) Error 

func (e *VOVerificationError) Error() string

String returns the human readable representation of a VO verification error

type VerificationError 

type VerificationError struct {
	// contains filtered or unexported fields
}

VerificationError is returned when there has been an error validating the main proxy chain

func (*VerificationError) Error 

func (e *VerificationError) Error() string

String returns the human readable representation of a verification error

type VerifyOptions 

type VerifyOptions struct {
	Roots       *CertPool
	VomsDir     string
	CurrentTime time.Time // if zero, the current time is used
}

VerifyOptions contains parameters for X509Proxy.Verify

type VomsAttribute 

type VomsAttribute struct {
	Raw []byte

	Subject             pkix.Name
	Issuer              pkix.Name
	Vo                  string
	Fqan                string
	NotBefore, NotAfter time.Time
	PolicyAuthority     string

	SignatureAlgorithm pkix.AlgorithmIdentifier
	SignatureValue     asn1.BitString
	Chain              []*x509.Certificate
}

VomsAttribute holds basic information about the Vo extensions of a proxy.

func (*VomsAttribute) Expired 

func (v *VomsAttribute) Expired() bool

Expired returns true if the VO extension has expired.

func (*VomsAttribute) Lifetime 

func (v *VomsAttribute) Lifetime() time.Duration

Lifetime returns the remaining life of the Vo extension.

type X509Proxy 

type X509Proxy struct {
	x509.Certificate
	PrivateKey     *rsa.PrivateKey
	Chain          []*x509.Certificate
	ProxyType      Type
	Issuer         pkix.Name
	Identity       pkix.Name
	VomsAttributes []VomsAttribute
}

X509Proxy holds an X509 proxy.

func (*X509Proxy) Decode 

func (p *X509Proxy) Decode(raw []byte) (err error)

Decode loads a X509 proxy from a string in memory. Returns a pointer to a X509Proxy holding basic information about the proxy, as valid timestamps, VO extensions, etc.

func (*X509Proxy) DecodeFromFile 

func (p *X509Proxy) DecodeFromFile(path string) (err error)

DecodeFromFile loads a X509 proxy from a file. Returns a pointer to a X509Proxy holding basic information about the proxy, as valid timestamps, VO extensions, etc.

func (*X509Proxy) DecodeFromFiles 

func (p *X509Proxy) DecodeFromFiles(cert string, key string) (err error)

DecodeFromFiles loads a X509 proxy from two files with the cert and the key. Returns a pointer to a X509Proxy holding basic information about the proxy, as valid timestamps, VO extensions, etc.

func (*X509Proxy) DelegationID 

func (p *X509Proxy) DelegationID() string

DelegationID returns the delegation id corresponding to the proxy.

func (*X509Proxy) Encode 

func (p *X509Proxy) Encode() []byte

Encode returns the PEM version of the proxy.

func (*X509Proxy) Expired 

func (p *X509Proxy) Expired() bool

Expired returns true if the proxy has expired, or if any of its Vo extensions has

func (*X509Proxy) InitFromCertificates 

func (p *X509Proxy) InitFromCertificates(chain []*x509.Certificate) (err error)

InitFromCertificates initializes the proxy from a x509 certificate

func (*X509Proxy) Lifetime 

func (p *X509Proxy) Lifetime() time.Duration

Lifetime returns the remaining life of the proxy.

func (*X509Proxy) SignRequest 

func (p *X509Proxy) SignRequest(req *X509ProxyRequest, lifetime time.Duration) (new *X509Proxy, err error)

SignRequest creates a new delegated proxy signed by this proxy. The private key will be missing!

func (*X509Proxy) Verify 

func (p *X509Proxy) Verify(options VerifyOptions) error

Verify tries to verify if the proxy is trustworthy If it is, it will return nil, an error otherwise.

type X509ProxyRequest 

type X509ProxyRequest struct {
	Request *x509.CertificateRequest
	Key     *rsa.PrivateKey
}

X509ProxyRequest contains both certificate request and the associated private key.

func (*X509ProxyRequest) Decode 

func (r *X509ProxyRequest) Decode(req []byte, key []byte) (err error)

Decode decodes a proxy request from both the serialized request and key

func (*X509ProxyRequest) EncodeKey 

func (r *X509ProxyRequest) EncodeKey() []byte

EncodeKey returns the PEM encoded version of the private key.

func (*X509ProxyRequest) EncodeRequest 

func (r *X509ProxyRequest) EncodeRequest() []byte

EncodeRequest returns the PEm encoded version of the request.

func (*X509ProxyRequest) Init 

func (r *X509ProxyRequest) Init(bits int, signature x509.SignatureAlgorithm) (err error)

Init initializes the certificate request and private key, using a key of 'bits', and signed with the given algorithm.

func (*X509ProxyRequest) Matches 

func (r *X509ProxyRequest) Matches(p *X509Proxy) bool

Matches returns true if p is the request signed.

Source Files

View all Source files

Directories

Path Synopsis
examples
http-server
* Copyright (c) CERN 2017 * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License.
 * Copyright (c) CERN 2017 * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License.
proxy-delegate
proxy-info

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.