Documentation ¶
Index ¶
- Variables
- type CA
- func (c *CA) CRL() (*CRL, error)
- func (c *CA) Certificate(n int64) (*Certificate, error)
- func (c *CA) CertificateByName(n string) (*Certificate, error)
- func (c *CA) Commit() error
- func (c *CA) CreateCertificate(n, o string, l int, u ...x509.ExtKeyUsage) (*Certificate, error)
- func (c *CA) CreateCertificateEx(n, o string, l, b int, d *Subject, k x509.KeyUsage, u ...x509.ExtKeyUsage) (*Certificate, error)
- func (c *CA) CreateClientCertificate(n, o string, l int) (*Certificate, error)
- func (c *CA) CreateEncryptionCertificate(n, o string, l int) (*Certificate, error)
- func (c *CA) CreateServerCertificate(n, o string, l int) (*Certificate, error)
- func (c *CA) PathCA() string
- func (c *CA) PathCRL() string
- func (c *CA) Read(s string) error
- func (c *CA) Write(s string) error
- type CRL
- type Certificate
- func (c *Certificate) File() string
- func (c *Certificate) HasPrivateKey() bool
- func (c *Certificate) IsExpired() bool
- func (c *Certificate) IsRevoked() bool
- func (c *Certificate) IsValid() bool
- func (c *Certificate) MarshalJSON() ([]byte, error)
- func (c *Certificate) PrivateKey() crypto.PrivateKey
- func (c *Certificate) PublicKey() crypto.PublicKey
- func (c *Certificate) Raw() *x509.Certificate
- func (c *Certificate) Read(p, k string) error
- func (c *Certificate) Revoke() error
- func (c *Certificate) String() string
- func (c *Certificate) UnmarshalJSON(b []byte) error
- func (c *Certificate) Valid() bool
- func (c *Certificate) Write(p, k string) error
- func (c *Certificate) WriteCertificate(w io.Writer) error
- func (c *Certificate) WriteKey(w io.Writer) error
- type Subject
Constants ¶
This section is empty.
Variables ¶
var ( // ErrNilSubject is returned when any function that takes a detail struct is presented with a nil struct. ErrNilSubject = errors.New("ca: subject struct cannot be nil") // ErrMissingKey is returned when the Private Key file for the CA encounters an error when loading occurs. // Lacking a Private Key prevents the CA from doing basic signing functions required to function. ErrMissingKey = errors.New("ca: private key cannot be loaded, cannot contiue with CA functions") // ErrInvalidCA is returned when the CA is loaded when not properaly created. CA structs // require to be created first before calling the 'init' function. ErrInvalidCA = errors.New("ca: invalid CA state, create using the 'NewCA' function") // ErrEmptyCAName is returned from the 'New' functions when the CA name is empty. CA structs must have a name. ErrEmptyCAName = errors.New("ca: name cannot be empty") )
var ( // ErrAlreadyRevoked is returned when attempting to Revoke a Certificate that is not valid for revocation. ErrAlreadyRevoked = errors.New("certificate: certificate has already been revoked") // ErrInvalidKey is returned during the 'Write' function when the key is not a proper private key. ErrInvalidKey = errors.New("certificate: private key is not a valid type") )
Functions ¶
This section is empty.
Types ¶
type CA ¶
type CA struct { File string `json:"file"` Subject *Subject `json:"subject"` Keysize uint16 `json:"keysize"` Directory string `json:"path"` Certificates certList `json:"certificates"` // contains filtered or unexported fields }
CA is a struct that contains the information for the PKI certificate authority. This is used to generate new certificates.
func New ¶
New creates a new CA infrastructure. This function supports the following parameters, 'n' is the CA name, 'd' is the CA Directory path, 'l' is the CA lifetime and 's' is the Subject struct. This function defaults the keysize to 4096 and the CA file name to 'ca'. This will return an error if any of the parameters are incorrectly formatted.
func NewCA ¶
NewCA creates a new CA infrastructure. This function supports the following parameters, 'n' is the CA name, 'd' is the CA Directory path, 'f' is the CA file name, 'l' is the CA lifetime, 'k' is the CA keysize and 's' is the Subject struct. This will return an error if any of the parameters are incorrectly formatted.
func (*CA) Certificate ¶
func (c *CA) Certificate(n int64) (*Certificate, error)
Certificate returnes the certificate with the ID 'n'.
func (*CA) CertificateByName ¶
func (c *CA) CertificateByName(n string) (*Certificate, error)
CertificateByName attempts to find the first Certifcate with the CommonName 'n'.
func (*CA) CreateCertificate ¶
func (c *CA) CreateCertificate(n, o string, l int, u ...x509.ExtKeyUsage) (*Certificate, error)
CreateCertificate allows for simple creation of a Certificate. The paramaters are as follows: 'n' is the CommonName, 'o' is the owner email (optional) 'l' is the Duration length (in Days) and'u' is a vardict of the Extended Key Usage properties. This function defaults to using the CA details and the Digital Signature for Key Usage properties. Certificates generated are registered but are not written to the filesystem. Use the 'Certificate.Save()' or 'Certificate.Write(s, k)' function.
func (*CA) CreateCertificateEx ¶
func (c *CA) CreateCertificateEx(n, o string, l, b int, d *Subject, k x509.KeyUsage, u ...x509.ExtKeyUsage) (*Certificate, error)
CreateCertificateEx allows for advanced creation of a Certificate. The paramaters are as follows: 'n' is the CommonName, 'o' is the owner email (optional) 'l' is the Duration length (in Days), 'b' is the requested block size, 'd' is a Details struct used for Certificate Subject details 'k' is the x509 Key Usage integer and 'u' is a vardict of the Extended Key Usage properties. Certificates generated are registered but are not written to the filesystem. Use the 'Certificate.Save()' or 'Certificate.Write(s, k)' function.
func (*CA) CreateClientCertificate ¶
func (c *CA) CreateClientCertificate(n, o string, l int) (*Certificate, error)
CreateClientCertificate allows for simple creation of a client Certificate. The paramaters are as follows: 'n' is the CommonName, 'o' is the owner email (optional) and 'l' is the Duration length (in Days). This function defaults to using the CA details and Digital Signature Key for Key Usage properties and ExtKeyUsageClientAuth for Extended Key Usage. Certificates generated are registered but are not written to the filesystem. Use the 'Certificate.Save()' or 'Certificate.Write(s, k)' function.
func (*CA) CreateEncryptionCertificate ¶
func (c *CA) CreateEncryptionCertificate(n, o string, l int) (*Certificate, error)
CreateEncryptionCertificate allows for simple creation of a encryption Certificate. The paramaters are as follows: 'n' is the CommonName, 'o' is the owner email (optional) and 'l' is the Duration length (in Days). This function defaults to using the CA details and Digital Signature Key and Data Encipherment for Key Usage properties. Certificates generated are registered but are not written to the filesystem. Use the 'Certificate.Save()' or 'Certificate.Write(s, k)' function.
func (*CA) CreateServerCertificate ¶
func (c *CA) CreateServerCertificate(n, o string, l int) (*Certificate, error)
CreateServerCertificate allows for simple creation of a server Certificate. The paramaters are as follows: 'n' is the CommonName, 'o' is the owner email (optional) and 'l' is the Duration length (in Days). This function defaults to using the CA details and Digital Signature Key for Key Usage properties and ExtKeyUsageServerAuth for Extended Key Usage. Certificates generated are registered but are not written to the filesystem. Use the 'Certificate.Save()' or 'Certificate.Write(s, k)' function.
type CRL ¶
type CRL struct { File string `json:"name"` Lifetime uint32 `json:"lifetime"` // contains filtered or unexported fields }
CRL stores the certificate revokation list. Can be used to check for revoked certs.
type Certificate ¶
Certificate is a struct that holds data for a certificate entry in a CA directory.
func GetCertificate ¶
func GetCertificate(p, k string) (*Certificate, error)
GetCertificate returns the certificate file with the specified pem 'p' and optional key 'k' path. Returns an error of not nil if the files cannot be found or accessed.
func (*Certificate) File ¶
func (c *Certificate) File() string
File returns the ID of the Certificate as a hex string.
func (*Certificate) HasPrivateKey ¶
func (c *Certificate) HasPrivateKey() bool
HasPrivateKey returns true is the PrivateKey is loaded in this Certificate file.
func (*Certificate) IsExpired ¶
func (c *Certificate) IsExpired() bool
IsExpired returns true if this certificate has expired.
func (*Certificate) IsRevoked ¶
func (c *Certificate) IsRevoked() bool
IsRevoked returns true if this certificate has been revoked by the CA.
func (*Certificate) IsValid ¶
func (c *Certificate) IsValid() bool
IsValid returns true if this certificate is currently valid.
func (*Certificate) MarshalJSON ¶
func (c *Certificate) MarshalJSON() ([]byte, error)
MarshalJSON attempts to create a JSON string from a Certificate.
func (*Certificate) PrivateKey ¶
func (c *Certificate) PrivateKey() crypto.PrivateKey
PrivateKey returns the raw PrivateKey, if it is loaded.
func (*Certificate) PublicKey ¶
func (c *Certificate) PublicKey() crypto.PublicKey
PublicKey returns the raw PublicKey, if the PrivateKey is loaded.
func (*Certificate) Raw ¶
func (c *Certificate) Raw() *x509.Certificate
Raw returns the underlying certificate struct that this struct contains.
func (*Certificate) Read ¶
func (c *Certificate) Read(p, k string) error
Read load's the certificate from specified file path 's' and optional key path 'k'
func (*Certificate) Revoke ¶
func (c *Certificate) Revoke() error
Revoke marks this certificate as revoked. The CRL has to be regenrated after this function to take effect.
func (*Certificate) String ¶
func (c *Certificate) String() string
String returns a string repersentation of this Certificate.
func (*Certificate) UnmarshalJSON ¶
func (c *Certificate) UnmarshalJSON(b []byte) error
UnmarshalJSON attempts to create a certificiate from a JSON string.
func (*Certificate) Valid ¶
func (c *Certificate) Valid() bool
Valid returns true if this certificate is valid and has not been revoked or expired.
func (*Certificate) Write ¶
func (c *Certificate) Write(p, k string) error
Write encodes and writes the data of this Certificate and PrivateKey (if loaded) in the locations 'p' and 'k' respectivly.
func (*Certificate) WriteCertificate ¶
func (c *Certificate) WriteCertificate(w io.Writer) error
WriteCertificate attempts to write the certificate data to the supplied writer 'w'.
type Subject ¶
type Subject struct { ZIP string `json:"zip,omitempty"` City string `json:"city"` State string `json:"state"` Email string `json:"email"` Street string `json:"street,omitempty"` Domain string `json:"domain,omitempty"` Country string `json:"country"` Department string `json:"department"` Organization string `json:"organization,omitempty"` }
Subject is a struct that contains the information for issuing a certificate.