issuer: maze.io/x/issuer Index | Files | Directories

package issuer

import "maze.io/x/issuer"

Package issuer implements a common interface for several TLS Certificate Authority issuance implementations.

Index

Package Files

digicert.go issuer.go lemur.go standalone.go vault.go x509.go

Variables

var (
    // ErrNotSupported indicates the requested operation is not supported by the Issuer.
    ErrNotSupported = errors.New("issuer: not supported")
)

func DigiCertEVProduct Uses

func DigiCertEVProduct(names []string, extKeyUsage []x509.ExtKeyUsage) string

func DigiCertProduct Uses

func DigiCertProduct(names []string, extKeyUsage []x509.ExtKeyUsage) string

type Capability Uses

type Capability uint

Capability bitmask to indicate Issuer capabilities.

const (
    Sign Capability = 1 << iota
    SignKeyPair
    Renew
    Revoke
    RevocationList
    OCSP
)

Capability flags.

const (
    None Capability = 0
    All  Capability = Sign | SignKeyPair | Renew | Revoke | RevocationList | OCSP
)

Composite Capability flags.

type DigiCertProductFunc Uses

type DigiCertProductFunc func([]string, []x509.ExtKeyUsage) string

DigiCertProductFunc returns a DigiCert product name for the requested usage.

type Issuer Uses

type Issuer interface {
    // Capabilities returns the issuer capability flags.
    Capabilities() Capability

    // Certificate for this issuer.
    Certificate() *x509.Certificate

    // Chain is X.509 chain for this issuer.
    Chain() []*x509.Certificate

    // RevocationList returns the Certificate Revocation List (CRL).
    RevocationList() (crl []byte, list *pkix.CertificateList, err error)

    // Request a Certificate.
    Request(csr *x509.CertificateRequest, ttl time.Duration) (cert *x509.Certificate, chain []*x509.Certificate, err error)

    // RequestKeyPair requests a certificate and private key pair based on
    // the supplied certificate template.
    RequestKeyPair(template *x509.Certificate, ttl time.Duration) (cert *x509.Certificate, chain []*x509.Certificate, key crypto.PrivateKey, err error)

    // Renew a certificate previously issued by this issuer.
    Renew(old *x509.Certificate, ttl time.Duration) (cert *x509.Certificate, chain []*x509.Certificate, err error)

    // Revoke a certificate previously issued by this issuer.
    Revoke(crt *x509.Certificate) (revoked bool, err error)
}

Issuer can issue certificates.

func NewDigiCert Uses

func NewDigiCert(token string, product DigiCertProductFunc) Issuer

NewDigiCert returns an issuer that uses the DigiCert API. If product is nil, DigiCertProduct will be used to determine what product to use in requesting new certificates.

func NewLemur Uses

func NewLemur(api, authorityName string, options ...LemurOption) (Issuer, error)

NewLemur sets up a Lemur based issuer.

func NewStandalone Uses

func NewStandalone(certFile, keyFile, crlFile string) (Issuer, error)

Newstandalone returns a standalone issuer, with the supplied certFile and keyFile as Certificate Authority certificate and key (PEM format). The crlFile location should be writable, so the issuer can store revoked certificates.

func NewVault Uses

func NewVault(api, mountpoint, role string, options ...VaultOption) (Issuer, error)

NewVault initializes a new Vault based issuer on the specified mountpoint and role. Each role requires a separate instance.

type LemurOption Uses

type LemurOption func(*lemur)

LemurOption is an option for NewLemur.

func LemurAuth Uses

func LemurAuth(username, password string) LemurOption

LemurAuth enables username/password authentication.

func LemurDefaultOwner Uses

func LemurDefaultOwner(email string) LemurOption

LemurDefaultOwner defines the owner for certificates that don't have an emailAddress attribute type and value in the subject.

func LemurSkipVerifyTLS Uses

func LemurSkipVerifyTLS() LemurOption

LemurSkipVerifyTLS disabled TLS verification.

func LemurToken Uses

func LemurToken(token string) LemurOption

LemurToken enables token authentication.

type VaultOption Uses

type VaultOption func(*vault)

VaultOption is an option for NewVault.

func VaultToken Uses

func VaultToken(token string) VaultOption

VaultToken adds the Vault authentication token.

Directories

PathSynopsis
pkixutilPackage pkixutil implements helpers for formatting and parsing X.509 attributes and types.

Package issuer imports 25 packages (graph). Updated 2018-12-02. Refresh now. Tools for package owners.