Documentation
¶
Overview ¶
Package config contains the configuration logic for CF-SSL.
Index ¶
Constants ¶
This section is empty.
Variables ¶
var ExtKeyUsage = map[string]x509.ExtKeyUsage{ "any": x509.ExtKeyUsageAny, "server auth": x509.ExtKeyUsageServerAuth, "client auth": x509.ExtKeyUsageClientAuth, "code signing": x509.ExtKeyUsageCodeSigning, "email protection": x509.ExtKeyUsageEmailProtection, "s/mime": x509.ExtKeyUsageEmailProtection, "ipsec end system": x509.ExtKeyUsageIPSECEndSystem, "ipsec tunnel": x509.ExtKeyUsageIPSECTunnel, "ipsec user": x509.ExtKeyUsageIPSECUser, "timestamping": x509.ExtKeyUsageTimeStamping, "ocsp signing": x509.ExtKeyUsageOCSPSigning, "microsoft sgc": x509.ExtKeyUsageMicrosoftServerGatedCrypto, "netscape sgc": x509.ExtKeyUsageNetscapeServerGatedCrypto, }
ExtKeyUsage contains a mapping of string names to extended key usages.
var KeyUsage = map[string]x509.KeyUsage{ "signing": x509.KeyUsageDigitalSignature, "digital signature": x509.KeyUsageDigitalSignature, "content committment": x509.KeyUsageContentCommitment, "key encipherment": x509.KeyUsageKeyEncipherment, "data encipherment": x509.KeyUsageDataEncipherment, "cert sign": x509.KeyUsageCertSign, "crl sign": x509.KeyUsageCRLSign, "encipher only": x509.KeyUsageEncipherOnly, "decipher only": x509.KeyUsageDecipherOnly, }
KeyUsage contains a mapping of string names to key usages.
Functions ¶
This section is empty.
Types ¶
type AuthKey ¶
type AuthKey struct {
// Type contains information needed to select the appropriate
// constructor. For example, "standard" for HMAC-SHA-256,
// "standard-ip" for HMAC-SHA-256 incorporating the client's
// IP.
Type string `json:"type"`
// Key contains the key information, such as a hex-encoded
// HMAC key.
Key string `json:"key"`
}
An AuthKey contains an entry for a key used for authentication.
type Config ¶
type Config struct {
Signing *Signing `json:"signing"`
AuthKeys map[string]AuthKey `json:"auth_keys,omitempty"`
Remotes map[string]string `json:"remotes,omitempty"`
}
Config stores configuration information for the CA.
func LoadConfig ¶
LoadConfig attempts to load the configuration from a byte slice. On error, it returns nil.
type Signing ¶
type Signing struct {
Profiles map[string]*SigningProfile `json:"profiles"`
Default *SigningProfile `json:"default"`
}
Signing codifies the signature configuration policy for a CA.
func (*Signing) NeedsLocalSigner ¶
NeedsLocalSigner returns true if one of the profiles doe not have a remote set
func (*Signing) NeedsRemoteSigner ¶
NeedsRemoteSigner returns true if one of the profiles has a remote set
func (*Signing) OverrideRemotes ¶
OverrideRemotes takes a signing configuration and updates the remote server object to the hostname:port combination sent by remote
type SigningProfile ¶
type SigningProfile struct {
Usage []string `json:"usages"`
IssuerURL []string `json:"issuer_urls"`
OCSP string `json:"ocsp_url"`
CRL string `json:"crl_url"`
CA bool `json:"is_ca"`
PolicyStrings []string `json:"policies"`
OCSPNoCheck bool `json:"ocsp_no_check"`
ExpiryString string `json:"expiry"`
BackdateString string `json:"backdate"`
AuthKeyName string `json:"auth_key"`
RemoteName string `json:"remote"`
NotBefore time.Time `json:"not_before"`
NotAfter time.Time `json:"not_after"`
Policies []asn1.ObjectIdentifier
Expiry time.Duration
Backdate time.Duration
Provider auth.Provider
RemoteServer string
UseSerialSeq bool
}
A SigningProfile stores information that the CA needs to store signature policy.
func DefaultConfig ¶
func DefaultConfig() *SigningProfile
DefaultConfig returns a default configuration specifying basic key usage and a 1 year expiration time. The key usages chosen are signing, key encipherment, client auth and server auth.
func (*SigningProfile) Usages ¶
func (p *SigningProfile) Usages() (ku x509.KeyUsage, eku []x509.ExtKeyUsage, unk []string)
Usages parses the list of key uses in the profile, translating them to a list of X.509 key usages and extended key usages. The unknown uses are collected into a slice that is also returned.
Source Files