Documentation
¶
Overview ¶
Package certgen provides TLS certificate generation for local development.
It automatically generates a Certificate Authority (CA) and server certificates for wildcard domains (*.dev.localhost) without requiring external tools like mkcert.
Index ¶
- func ExportToDER(pemPath, derPath string) error
- func ExportToPEM(srcPath, dstPath string) error
- func GetCAFingerprint(certPath string) (string, error)
- func GetCASubject(certPath string) (string, error)
- func IsWSL() bool
- type CAInstaller
- type FirefoxInstaller
- type Generator
- type InstallStatus
- type LinuxInstaller
- type WSLInstaller
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func ExportToDER ¶ added in v0.8.0
ExportToDER exports a PEM certificate to DER format
func ExportToPEM ¶ added in v0.8.0
ExportToPEM copies a PEM certificate to a new location
func GetCAFingerprint ¶ added in v0.8.0
GetCAFingerprint returns the SHA256 fingerprint of a CA certificate
func GetCASubject ¶ added in v0.8.0
GetCASubject returns the subject (CN) of a CA certificate
Types ¶
type CAInstaller ¶ added in v0.8.0
type CAInstaller interface {
// Install installs the CA certificate to the system trust store
Install(caCertPath string) error
// Uninstall removes the CA certificate from the system trust store
Uninstall(caCertPath string) error
// IsInstalled checks if the CA certificate is installed in the system trust store
IsInstalled(caCertPath string) (bool, error)
// NeedsSudo returns whether this installer requires elevated privileges
NeedsSudo() bool
// Description returns a human-readable description of where certs are installed
Description() string
}
CAInstaller is the interface for installing CA certificates into system trust stores
func NewSystemInstaller ¶ added in v0.8.0
func NewSystemInstaller() CAInstaller
NewSystemInstaller returns the system CA installer for the current platform
func NewUserInstaller ¶ added in v0.8.0
func NewUserInstaller() CAInstaller
NewUserInstaller returns a user-level CA installer Note: On Linux, there's no standard user-level CA store, so this still uses system store
type FirefoxInstaller ¶ added in v0.8.0
type FirefoxInstaller struct{}
FirefoxInstaller installs CA certificates to Firefox's NSS store
func NewFirefoxInstaller ¶ added in v0.8.0
func NewFirefoxInstaller() *FirefoxInstaller
NewFirefoxInstaller returns a Firefox-specific CA installer
func (*FirefoxInstaller) Description ¶ added in v0.8.0
func (i *FirefoxInstaller) Description() string
func (*FirefoxInstaller) Install ¶ added in v0.8.0
func (i *FirefoxInstaller) Install(caCertPath string) error
func (*FirefoxInstaller) IsInstalled ¶ added in v0.8.0
func (i *FirefoxInstaller) IsInstalled(caCertPath string) (bool, error)
func (*FirefoxInstaller) NeedsSudo ¶ added in v0.8.0
func (i *FirefoxInstaller) NeedsSudo() bool
func (*FirefoxInstaller) Uninstall ¶ added in v0.8.0
func (i *FirefoxInstaller) Uninstall(caCertPath string) error
type Generator ¶
type Generator struct {
// contains filtered or unexported fields
}
Generator handles TLS certificate generation
func NewGenerator ¶
NewGenerator creates a new certificate generator
func (*Generator) CACrtPath ¶
CACrtPath returns the path to Windows-compatible CA certificate (DER format)
func (*Generator) CheckCertDomain ¶ added in v0.8.0
CheckCertDomain checks if the existing server certificate matches the configured domain. Returns (matches, certDNSNames, error). If certificate doesn't exist, returns (true, nil, nil) to indicate no mismatch.
func (*Generator) EnsureCerts ¶
EnsureCerts generates certificates if they don't exist If server cert/key already exist (e.g., from mkcert), they are used as-is
func (*Generator) RegenerateCerts ¶ added in v0.8.0
RegenerateCerts forces regeneration of server certificates (keeping CA).
type InstallStatus ¶ added in v0.8.0
type InstallStatus struct {
Installed bool `json:"installed"`
Location string `json:"location"`
Description string `json:"description"`
NeedsSudo bool `json:"needs_sudo"`
}
InstallStatus represents the installation status of a CA certificate
type LinuxInstaller ¶ added in v0.8.0
type LinuxInstaller struct {
// contains filtered or unexported fields
}
LinuxInstaller installs CA certificates to the Linux system trust store
func (*LinuxInstaller) Description ¶ added in v0.8.0
func (i *LinuxInstaller) Description() string
func (*LinuxInstaller) Install ¶ added in v0.8.0
func (i *LinuxInstaller) Install(caCertPath string) error
func (*LinuxInstaller) IsInstalled ¶ added in v0.8.0
func (i *LinuxInstaller) IsInstalled(caCertPath string) (bool, error)
func (*LinuxInstaller) NeedsSudo ¶ added in v0.8.0
func (i *LinuxInstaller) NeedsSudo() bool
func (*LinuxInstaller) Uninstall ¶ added in v0.8.0
func (i *LinuxInstaller) Uninstall(caCertPath string) error
type WSLInstaller ¶ added in v0.8.0
type WSLInstaller struct{}
WSLInstaller installs CA certificates to Windows from WSL Note: WSL cannot run Windows commands with admin privileges, so this always installs to the current user's certificate store.
func NewWSLInstaller ¶ added in v0.8.0
func NewWSLInstaller() *WSLInstaller
NewWSLInstaller returns a Windows CA installer for use from WSL Note: Always installs to user store since WSL cannot elevate to admin
func NewWSLUserInstaller ¶ added in v0.8.0
func NewWSLUserInstaller() *WSLInstaller
NewWSLUserInstaller returns a Windows user-level CA installer for use from WSL Deprecated: Use NewWSLInstaller instead. WSL always uses user store.
func (*WSLInstaller) Description ¶ added in v0.8.0
func (i *WSLInstaller) Description() string
func (*WSLInstaller) Install ¶ added in v0.8.0
func (i *WSLInstaller) Install(caCertPath string) error
func (*WSLInstaller) IsInstalled ¶ added in v0.8.0
func (i *WSLInstaller) IsInstalled(caCertPath string) (bool, error)
func (*WSLInstaller) NeedsSudo ¶ added in v0.8.0
func (i *WSLInstaller) NeedsSudo() bool
func (*WSLInstaller) Uninstall ¶ added in v0.8.0
func (i *WSLInstaller) Uninstall(caCertPath string) error
Source Files