pki

package
v1.0.6 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 3, 2023 License: GPL-3.0 Imports: 15 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type Authority 

type Authority struct {
	Subject   Subject        `json:"subject"`
	Directory string         `json:"dir"`
	Issued    []*Certificate `json:"certificates"`

	Lifetime Lifetime `json:"lifetime"`
	// contains filtered or unexported fields
}

Authority is a struct that contains a listing of Certificates and can generate a full PKI stack.

This struct can be Marshaled into JSON to save/load the PKI configuration.

func New 

func New(name, dir string, days uint64, s Subject) (*Authority, error)

New creates a new Authority with the following options, Name, FileSystem directory, length of the CA certificate and the initial Authority Subject details.

func (*Authority) Certificate 

func (a *Authority) Certificate(n string) *Certificate

Certificate will attempt to get the Certificate by the supplied subject name. If no Certificate is found that matches, nil is returned.

func (*Authority) CreateClient 

func (a *Authority) CreateClient(name, email string, days int) (*Certificate, error)

CreateClient attempts to create a new client certificate from this CA. The name and email are recommended, but optional.

If the days parameter is less than or equal to zero, the default CA client timespan will be used.

func (*Authority) CreateServer 

func (a *Authority) CreateServer(name, email string, days int) (*Certificate, error)

CreateServer attempts to create a new server certificate from this CA. The name and email are recommended, but optional.

If the days parameter is less than or equal to zero, the default CA server timespan will be used.

func (*Authority) File 

func (a *Authority) File() string

File returns the full path to the Authority CA public certificate file.

func (*Authority) Update 

func (a *Authority) Update() ([]Update, error)

Update will generate the CRL file and save it under the 'Directory' path.

This function will also save the Authority certificate and key files, if not yet created. Any certificates that have been revoked or expired will be saved once this function is called.

func (*Authority) Write 

func (a *Authority) Write(w io.Writer) error

Write writes the data of the CA Certificate to the specified Writer.

This function will return any errors that occurred during the encoding process.

type Certificate 

type Certificate struct {
	PrivateKey        *ecdsa.PrivateKey `json:"-"`
	*x509.Certificate `json:"-"`

	Revoked *time.Time `json:"revoked,omitempty"`
	Name    string     `json:"name,omitempty"`
	Key     string     `json:"key_file,omitempty"`
	File    string     `json:"cert_file,omitempty"`
	Serial  big.Int    `json:"serial"`
	Status  status     `json:"status,omitempty"`
}

Certificate is a struct representation of a x509 Certificate. This struct contains some functions for convince and easy management.

The certificate data is not loaded from the specified file path until it is needed.

func (*Certificate) Revoke 

func (c *Certificate) Revoke()

Revoke will revoke the Certificate if not already revoked. This function does not return any values. The CRL must be regenerated using the 'Authority.Update()' function in order to take effect.

func (*Certificate) String 

func (c *Certificate) String() string

String returns a string representation of this Certificate.

func (*Certificate) Valid 

func (c *Certificate) Valid() bool

Valid returns true if the certificate is valid and is not expired nor revoked.

func (*Certificate) ValidFor 

func (c *Certificate) ValidFor(d time.Duration) bool

ValidFor returns true if the certificate is valid and is not expired nor revoked and ensures it will be valid for the supplied time duration.

func (*Certificate) Write 

func (c *Certificate) Write(w io.Writer) error

Write writes the data of this Certificate to the specified Writer.

This function will return any errors that occurred during the encoding process.

func (*Certificate) WriteKey 

func (c *Certificate) WriteKey(w io.Writer) error

WriteKey will attempt to write the PrivateKey for this Certificate to the specified Writer. This function returns 'ErrPrivateKey' error if no PrivateKey is loaded. Any other errors will be returned if the encoding process fails.

type Lifetime 

type Lifetime struct {
	CRL    uint16 `json:"crl_days"`
	Client uint16 `json:"client_days"`
	Server uint16 `json:"server_days"`
}

Lifetime is a struct that stores the days that each type of certificate will be valid for. This can be overridden during certificate generation.

type Subject 

type Subject struct {
	ZIP          string `json:"zip,omitempty"`
	City         string `json:"city,omitempty"`
	State        string `json:"state,omitempty"`
	Email        string `json:"email,omitempty"`
	Street       string `json:"street,omitempty"`
	Domain       string `json:"domain,omitempty"`
	Country      string `json:"country"`
	Department   string `json:"department,omitempty"`
	Organization string `json:"organization"`
}

Subject is a struct that can be used to generate a 'pkix.Name' struct from a loaded JSON structure.

type Update 

type Update struct {
	Name    string
	Expired bool
}

Update is a struct that can be returned from an Update function to indicate the certificates that may have expired of were revoked during the previous CRL period.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.