certs

package
v0.0.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Aug 21, 2024 License: Apache-2.0 Imports: 30 Imported by: 0

README

certs

X.509 certificate generation and management code.

Documentation

Index

Constants

View Source 
const (
	// ECCKey - Namespace for ECC keys
	ECCKey = "ecc"

	// RSAKey - Namespace for RSA keys
	RSAKey       = "rsa"
	RootName     = "Root"
	OperatorName = "server.operator"
	ListenerName = "default"
)
View Source 
const (
	OperatorCA = iota + 1
	ListenerCA
	ImplantCA
	RootCA
)
View Source 
const (
	// ACMEDirName - Name of dir to store ACME certs
	ACMEDirName = "acme"
)
View Source 
const (
	ListenerNamespace = "listener" // Listener servers

)

Variables

View Source 
var (
	// ErrCertDoesNotExist - Returned if a GetCertificate() is called for a cert/cn that does not exist
	ErrCertDoesNotExist = errors.New("certificate does not exist")
)
View Source 
var (
	// TLSKeyLogger - File descriptor for logging TLS keys
	TLSKeyLogger = newKeyLogger()
)

Functions

func CheckCertIsExist 

func CheckCertIsExist(certPath, keyPath, commonName string, caType int) ([]byte, []byte, error)

func ClientGenerateCertificate 

func ClientGenerateCertificate(host, name string, port int, clientType int) (*mtls.ClientConfig, error)

ClientGenerateCertificate - Generate a certificate signed with a given CA

func ClientGetCertificate 

func ClientGetCertificate(operator string) ([]byte, []byte, error)

ClientGetCertificate - Helper function to fetch a client cert

func ClientListCertificates 

func ClientListCertificates() []*x509.Certificate

ClientListCertificates - Get all client certificates

func ClientRemoveCertificate 

func ClientRemoveCertificate(operator string) error

ClientRemoveCertificate - Helper function to remove a client cert

func GenerateCertificateAuthority 

func GenerateCertificateAuthority(caType int, commonName string) (*x509.Certificate, *rsa.PrivateKey)

GenerateCertificateAuthority - Creates a new CA cert for a given type

func GenerateECCCertificate 

func GenerateECCCertificate(caType int, commonName string, isCA bool, isClient bool) ([]byte, []byte)

GenerateECCCertificate - Generate a TLS certificate with the given parameters We choose some reasonable defaults like Curve, Key Size, ValidFor, etc. Returns two strings `cert` and `key` (PEM Encoded).

func GenerateListenerCertificate 

func GenerateListenerCertificate(config *configs.TlsConfig) ([]byte, []byte, error)

func GenerateRSACertificate 

func GenerateRSACertificate(caType int, commonName string, isCA bool, isClient bool,
	subject *pkix.Name) ([]byte, []byte)

GenerateRSACertificate - Generates an RSA Certificate

func GetACMEDir 

func GetACMEDir() string

GetACMEDir - Dir to store ACME certs

func GetACMEManager 

func GetACMEManager(domain string) *autocert.Manager

GetACMEManager - Get an ACME cert/tls config with the certs

func GetCertificate 

func GetCertificate(caType int, keyType string, commonName string) ([]byte, []byte, error)

GetCertificate - Get the PEM encoded certificate & key for a host

func GetCertificateAuthority 

func GetCertificateAuthority() (*x509.Certificate, *rsa.PrivateKey, error)

GetCertificateAuthority - Get the current CA certificate

func GetCertificateAuthorityPEM 

func GetCertificateAuthorityPEM(caCertPath, caKeyPath string) ([]byte, []byte, error)

GetCertificateAuthorityPEM - Get PEM encoded CA cert/key

func GetECCCertificate 

func GetECCCertificate(caType int, commonName string) ([]byte, []byte, error)

GetECCCertificate - Get an ECC certificate

func GetOperatorServerMTLSConfig 

func GetOperatorServerMTLSConfig(host string) *tls.Config

GetOperatorServerMTLSConfig - Get the TLS config for the operator server

func GetRSACertificate 

func GetRSACertificate(caType int, commonName string) ([]byte, []byte, error)

GetRSACertificate - Get an RSA certificate

func ParseCertificateAuthority 

func ParseCertificateAuthority(certPEM, keyPEM []byte) (*x509.Certificate, *rsa.PrivateKey, error)

func RemoveCertificate 

func RemoveCertificate(caType int, keyType string, commonName string) error

RemoveCertificate - Remove a certificate from the cert store

func RsaKeySize 

func RsaKeySize() int

func SaveCertificateAuthority 

func SaveCertificateAuthority(caType int, cert []byte, key []byte)

SaveCertificateAuthority - Save the certificate and the key to the filesystem doesn't return an error because errors are fatal. If we can't generate CAs, then we can't secure communication and we should die a horrible death.

func SaveToPEMFile 

func SaveToPEMFile(filename string, pemData []byte) error

SaveToPEMFile 将 PEM 格式数据保存到文件

func ServerGenerateCertificate 

func ServerGenerateCertificate(name string, isCA bool, cfgPath string) ([]byte, []byte, error)

ServerGenerateCertificate - Generate a certificate signed with a given CA

func ServerGetCertificate 

func ServerGetCertificate(hostname string) ([]byte, []byte, error)

ServerGetCertificate - Helper function to fetch a server cert

Types

This section is empty.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.