Documentation ¶
Index ¶
- Variables
- func AddEntryToCAIndex(indexPath string, certPath string) (bool, error)
- func B64DecodeBytesToBytes(input []byte) ([]byte, error)
- func B64DecodeStrToBytes(input string) ([]byte, error)
- func B64EncodeBytesToStr(input []byte) string
- func Bootstrap()
- func CopyFile(src, dst string, BUFFERSIZE int64) error
- func CreateCRLObject(certList []pkix.RevokedCertificate, key crypto.Signer, ...) ([]byte, error)
- func CreateCert(certTemplate *x509.Certificate, signingCert *x509.Certificate, ...) (cert []byte, err error)
- func CreateDirectory(path string)
- func CreateNewCRLForCA(certificate *x509.Certificate, privateKey crypto.Signer, path string) (bool, error)
- func DecodePrivateKeyPem(inFile []byte) (*pem.Block, []byte)
- func DecodePublicKeyPem(inFile []byte) (*pem.Block, []byte)
- func DeleteFile(path string)
- func DirectoryExists(pathName string) (bool, error)
- func DirectoryListingNames(path string) []string
- func DirectoryListingNamesNoExt(path string) []string
- func DownloadFile(filepath string, url string) error
- func FileExists(fileName string) (bool, error)
- func GenerateRSAKeypair(keySize int) (*rsa.PrivateKey, *rsa.PublicKey, error)
- func GetPrivateKey(path string, rsaPrivateKeyPassword string) *rsa.PrivateKey
- func GetPublicKey(path string) *rsa.PublicKey
- func IncreaseSerialNumber(rootSlug string) (bool, error)
- func IncreaseSerialNumberAbs(path string) (bool, error)
- func LoadKeyFile(fileName string) []byte
- func NewCRL(template *x509.RevocationList, issuer *x509.Certificate, priv crypto.Signer) ([]byte, error)
- func NewRouter(basePath string) *http.ServeMux
- func NewTabDelimitedWriter(w io.Writer) (writer *csv.Writer)
- func PEMEncodeCRL(certByte []byte) *bytes.Buffer
- func ParseFlags() (string, error)
- func PreflightSetup()
- func ReadCACertificate(path string) (*x509.Certificate, error)
- func ReadCRLFromFile(path string) (*x509.Certificate, error)
- func ReadCertFromFile(path string) (*x509.Certificate, error)
- func ReadFileToBytes(path string) ([]byte, error)
- func ReadUserIP(r *http.Request) string
- func ReadUserIPNoPort(r *http.Request) string
- func SetupNewCRLTemplate(SignatureAlgorithm x509.SignatureAlgorithm, nextUpdate time.Time) *x509.RevocationList
- func Stoerr(s string) error
- func TouchFile(fileName string, updateTime bool)
- func Untar(dst string, srcFile string) error
- func ValidateCertificateConfiguration(c CertificateConfiguration) (bool, []string, error)
- func ValidateConfigPath(path string) error
- func WriteByteFile(path string, content []byte, mode int, overwrite bool) (bool, error)
- func WriteFile(path string, content string, mode int, overwrite bool) (bool, error)
- type CAIndex
- type CertificateAuthorityPaths
- type CertificateConfiguration
- type CertificateConfigurationSubject
- type CertificateInfo
- type CertificateInformation
- type CertificateRequestInfo
- type CertificateRequestInput
- type Config
- type ConfigYAML
- type Counter
- type KeyPair
- type RESTGETAuthorityJSONReturn
- type RESTGETCertificateInformationJSONReturn
- type RESTGETCertificateRequestJSONReturn
- type RESTGETCertificateRequestsJSONReturn
- type RESTGETCertificatesJSONReturn
- type RESTGETIntermedCAJSONIn
- type RESTGETIntermedCAJSONReturn
- type RESTGETKeyPairJSONReturn
- type RESTGETKeyPairsJSONReturn
- type RESTGETKeyStoresJSONReturn
- type RESTGETRevocationListJSONReturn
- type RESTPOSTCertificateJSONIn
- type RESTPOSTCertificateJSONReturn
- type RESTPOSTCertificateRequestJSONIn
- type RESTPOSTCertificateRequestJSONReturn
- type RESTPOSTIntermedCAJSONIn
- type RESTPOSTKeyStoresJSONIn
- type RESTPOSTKeyStoresJSONReturn
- type RESTPOSTNewKeyPairIn
- type RESTPOSTNewKeyPairReturn
- type RealKeyPair
- type ReturnGenericMessage
- type ReturnGetRoots
- type ReturnPostRoots
- type RootInfo
- type SANData
- type Server
- type TargetAndCAPath
Constants ¶
This section is empty.
Variables ¶
var BUFFERSIZE int64 = 4096 // 4096 bits = default page size on OSX
BUFFERSIZE is for copying files
Functions ¶
func AddEntryToCAIndex ¶
AddEntryToCAIndex adds the needed tab-separated data to the CA Index file when generating certificates State: “V” for Valid, “E” for Expired and “R” for revoked Enddate: in the format YYMMDDHHmmssZ (the “Z” stands for Zulu/GMT) Date of Revocation: same format as “Enddate” Serial: serial of the certificate Path to Certificate: can also be “unknown” Subject: subject of the certificate
func B64DecodeBytesToBytes ¶
B64DecodeBytesToBytes converts a Base64 byte slice to a Base64 Decoded Byte slice
func B64DecodeStrToBytes ¶
B64DecodeStrToBytes converts a Base64 string to a Base64 Decoded Byte slice
func B64EncodeBytesToStr ¶
B64EncodeBytesToStr converts a byte slice to a Base64 Encoded String
func CreateCRLObject ¶
func CreateCRLObject(certList []pkix.RevokedCertificate, key crypto.Signer, issuingCert *x509.Certificate, expiryTime time.Time) ([]byte, error)
CreateCRLObject will create the CRL Object
func CreateCert ¶
func CreateCert(certTemplate *x509.Certificate, signingCert *x509.Certificate, certPubkey, signingPrivKey interface{}) (cert []byte, err error)
CreateCert is a wrapper for x509.CreateCertificate to switch between parent certificates through the chain
func CreateNewCRLForCA ¶
func CreateNewCRLForCA(certificate *x509.Certificate, privateKey crypto.Signer, path string) (bool, error)
CreateNewCRLForCA wraps all the processes needed to create a new CRL for a CA
func DecodePrivateKeyPem ¶
DecodePrivateKeyPem from file to pem struct
func DecodePublicKeyPem ¶
DecodePublicKeyPem from file to pem struct
func DirectoryExists ¶
DirectoryExists checks if a file exists and returns a boolean or an erro
func DirectoryListingNames ¶
DirectoryListingNames lists just the name of files in a certain directory
func DirectoryListingNamesNoExt ¶
DirectoryListingNamesNoExt lists just the name of files in a certain directory without their extensions
func DownloadFile ¶
DownloadFile will download a url to a local file. It's efficient because it will write as it downloads and not load the whole file into memory.
func FileExists ¶
FileExists checks if a file exists and returns a boolean or an erro
func GenerateRSAKeypair ¶
GenerateRSAKeypair returns a private RSA key
func GetPrivateKey ¶
func GetPrivateKey(path string, rsaPrivateKeyPassword string) *rsa.PrivateKey
GetPrivateKey gets a private key soup to nuts
func GetPublicKey ¶
GetPublicKey gets a public key soup to nuts
func IncreaseSerialNumber ¶
IncreaseSerialNumber just updates a root CAs serial
func IncreaseSerialNumberAbs ¶
IncreaseSerialNumberAbs just updates a root CAs serial via absolute path to the serial file
func NewCRL ¶
func NewCRL(template *x509.RevocationList, issuer *x509.Certificate, priv crypto.Signer) ([]byte, error)
NewCRL basically just wraps CreateRevocationList in order to create a new blank CRL
func NewTabDelimitedWriter ¶
NewTabDelimitedWriter just wraps an IO writer
func PEMEncodeCRL ¶
PEMEncodeCRL encodes a CreateCertificateRequest DER byte stream to a PEM
func ParseFlags ¶
ParseFlags will create and parse the CLI flags and return the path to be used elsewhere
func ReadCACertificate ¶
func ReadCACertificate(path string) (*x509.Certificate, error)
ReadCACertificate reads a CA certificate and returns a *x509.Certificate object
func ReadCRLFromFile ¶
func ReadCRLFromFile(path string) (*x509.Certificate, error)
ReadCRLFromFile just wraps a byte reader and CRL Decoder
func ReadCertFromFile ¶
func ReadCertFromFile(path string) (*x509.Certificate, error)
ReadCertFromFile wraps the needed functions to safely read a PEM certificate
func ReadFileToBytes ¶
ReadFileToBytes will return the contents of a file
func ReadUserIP ¶
ReadUserIP gets the requesting client's IP so you can do a reverse DNS lookup
func ReadUserIPNoPort ¶
ReadUserIPNoPort gets the requesting client's IP without the port so you can do a reverse DNS lookup
func SetupNewCRLTemplate ¶
func SetupNewCRLTemplate(SignatureAlgorithm x509.SignatureAlgorithm, nextUpdate time.Time) *x509.RevocationList
SetupNewCRLTemplate wraps a RevokationList type with a bit of pre-processing
func Untar ¶
Untar takes a destination path and a reader; a tar reader loops over the tarfile creating the file structure at 'dst' along the way, and writing any files
func ValidateCertificateConfiguration ¶
func ValidateCertificateConfiguration(c CertificateConfiguration) (bool, []string, error)
ValidateCertificateConfiguration will run a CertificateConfiguration object through basic validations
func ValidateConfigPath ¶
ValidateConfigPath just makes sure, that the path provided is a file, that can be read
func WriteByteFile ¶
WriteByteFile creates a file from a byte slice with an optional filemode, only if it's new, and populates it - can force overwrite optionally
Types ¶
type CAIndex ¶
type CAIndex struct { State string EndDate string DateOfRevokation string Serial string PathToCertificate string Subject string }
CAIndex provides the tab-delimited structure for CA Index files
type CertificateAuthorityPaths ¶
type CertificateAuthorityPaths struct { RootCAPath string RootCACertRequestsPath string RootCACertsPath string RootCACertRevListPath string RootCANewCertsPath string RootCACertKeysPath string RootCAKeysPath string RootCAIntermediateCAPath string RootCACertIndexFilePath string RootCACertSerialFilePath string RootCACrlnumFilePath string }
CertificateAuthorityPaths returns all the default paths generated by a new CA
type CertificateConfiguration ¶
type CertificateConfiguration struct { Subject CertificateConfigurationSubject `json:"subject"` ExpirationDate []int `json:"expiration_date,omitempty"` RSAPrivateKey string `json:"rsa_private_key,omitempty"` RSAPrivateKeyPassphrase string `json:"rsa_private_key_passphrase,omitempty"` SerialNumber string `json:"serial_number,omitempty"` SANData SANData `json:"san_data,omitempty"` CertificateType string `json:"certificate_type,omitempty"` }
CertificateConfiguration is a struct to pass Certificate Config Information into the setup functions
`Subject` is a CertificateConfigurationSubject object
`ExpirationDate` is expressed as a slice of 3 ints [ years, months, days ] in the future
`RSAPrivateKey` is optional - this is used to sign a certificate request with an external key instead of one generated in the PKI
`RSAPrivateKeyPassphrase` is optional - this is used to secure the key if generated via PKI
`SANData` is a SANData object
`CertificateType` is a string representing what type of certificate is being requested or generated and is used in validation checks. Options: server|client|authority|authority-no-subs
type CertificateConfigurationSubject ¶
type CertificateConfigurationSubject struct { CommonName string `json:"common_name"` Organization []string `json:"organization,omitempty"` OrganizationalUnit []string `json:"organizational_unit,omitempty"` Country []string `json:"country,omitempty"` Province []string `json:"province,omitempty"` Locality []string `json:"locality,omitempty"` StreetAddress []string `json:"street_address,omitempty"` PostalCode []string `json:"postal_code,omitempty"` }
CertificateConfigurationSubject is simply a redefinition of pkix.Name
type CertificateInfo ¶
type CertificateInfo struct { Slug string `json:"slug"` CertificatePEM string `json:"certificate_pem"` Certificate *x509.Certificate `json:"certificate"` CertificateAuthorityPEMBundle string `json:"ca_bundle"` }
CertificateInfo provides general Certificate information
type CertificateInformation ¶
type CertificateInformation struct { CommonName string `json:"common_name"` StartDate string `json:"start_date"` ExpirationDate string `json:"expiration_date"` }
CertificateInformation gives a general read out of a certificate file
type CertificateRequestInfo ¶
type CertificateRequestInfo struct { Slug string `json:"slug"` CertificateRequestPEM string `json:"csr_pem"` CertificateRequest *x509.CertificateRequest `json:"certificate_request"` KeyPair KeyPair `json:"key_pair,omitempty"` }
CertificateRequestInfo provides general Certificate Request information
type CertificateRequestInput ¶
type CertificateRequestInput struct { PublicKey string `json:"public_key"` CertificateType string `json:"certificate_type,omitempty"` FromPEM string `json:"from_pem,omitempty"` FromCAPath TargetAndCAPath `json:"from_ca_path,omitempty"` }
CertificateRequestInput provides a set of possible input sources for a CSR in Certificate Generation
type Config ¶
type Config struct {
Locksmith ConfigYAML `yaml:"locksmith"`
}
Config struct for webapp config
func (Config) RunHTTPServer ¶
func (config Config) RunHTTPServer()
RunHTTPServer will run the HTTP Server
type ConfigYAML ¶
ConfigYAML is what is defined for this Locksmith server
type Counter ¶
type Counter struct {
// contains filtered or unexported fields
}
Counter for serial number
type KeyPair ¶
type KeyPair struct { PublicKey string `json:"public_key,omitempty"` PrivateKey string `json:"private_key,omitempty"` }
KeyPair combines a string for a Public and Private Key Base64 PEM
type RESTGETAuthorityJSONReturn ¶
type RESTGETAuthorityJSONReturn struct { Status string `json:"status"` Errors []string `json:"errors"` Messages []string `json:"messages"` Slug string `json:"slug"` CertificatePEM string `json:"certificate_pem"` CertificateInfo *x509.Certificate `json:"certificate_information"` }
RESTGETAuthorityJSONReturn handles the data returned by the GET /authority endpoint
type RESTGETCertificateInformationJSONReturn ¶
type RESTGETCertificateInformationJSONReturn struct { Status string `json:"status"` Errors []string `json:"errors"` Messages []string `json:"messages"` Slug string `json:"slug"` CertificatePEM string `json:"certificate_pem"` CertificateInfo *x509.Certificate `json:"certificate_information"` }
RESTGETCertificateInformationJSONReturn handles the data returned by the GET /certificate endpoint
type RESTGETCertificateRequestJSONReturn ¶
type RESTGETCertificateRequestJSONReturn struct { Status string `json:"status"` Errors []string `json:"errors"` Messages []string `json:"messages"` CertificateRequestPEM string `json:"csr_pem"` CertificateRequest *x509.CertificateRequest `json:"certificate_request"` }
RESTGETCertificateRequestJSONReturn handles the data returned by the GET /certificate-request endpoint
type RESTGETCertificateRequestsJSONReturn ¶
type RESTGETCertificateRequestsJSONReturn struct { Status string `json:"status"` Errors []string `json:"errors"` Messages []string `json:"messages"` CertificateRequests []string `json:"certificate_requests"` }
RESTGETCertificateRequestsJSONReturn handles the data returned by the GET /certificate-requests endpoint
type RESTGETCertificatesJSONReturn ¶
type RESTGETCertificatesJSONReturn struct { Status string `json:"status"` Errors []string `json:"errors"` Messages []string `json:"messages"` Certificates []string `json:"certificates"` }
RESTGETCertificatesJSONReturn handles the data returned by the GET /certificates endpoint
type RESTGETIntermedCAJSONIn ¶
type RESTGETIntermedCAJSONIn struct { CommonNamePath string `json:"cn_path,omitempty"` SlugPath string `json:"slug_path,omitempty"` }
RESTGETIntermedCAJSONIn handles the data required by the GET /intermediates endpoint
type RESTGETIntermedCAJSONReturn ¶
type RESTGETIntermedCAJSONReturn struct { Status string `json:"status"` Errors []string `json:"errors"` Messages []string `json:"messages"` IntermediateCAs []string `json:"intermediate_certificate_authorities"` }
RESTGETIntermedCAJSONReturn handles the data returned by the GET /intermediates endpoint
type RESTGETKeyPairJSONReturn ¶
type RESTGETKeyPairJSONReturn struct { Status string `json:"status"` Errors []string `json:"errors"` Messages []string `json:"messages"` KeyPair KeyPair `json:"key_pair,omitempty"` }
RESTGETKeyPairJSONReturn handles the data returned by the GET /keys endpoint for specific key pair id data
type RESTGETKeyPairsJSONReturn ¶
type RESTGETKeyPairsJSONReturn struct { Status string `json:"status"` Errors []string `json:"errors"` Messages []string `json:"messages"` KeyPairs []string `json:"key_pairs,omitempty"` }
RESTGETKeyPairsJSONReturn handles the data returned by the GET /keys endpoint for key pair listings
type RESTGETKeyStoresJSONReturn ¶
type RESTGETKeyStoresJSONReturn struct { Status string `json:"status"` Errors []string `json:"errors"` Messages []string `json:"messages"` KeyStores []string `json:"key_stores,omitempty"` }
RESTGETKeyStoresJSONReturn handles the data returned by the GET /keystores endpoint for key store listings
type RESTGETRevocationListJSONReturn ¶
type RESTGETRevocationListJSONReturn struct { Status string `json:"status"` Errors []string `json:"errors"` Messages []string `json:"messages"` Slug string `json:"slug"` CertificatePEM string `json:"crl_pem"` CertificateList *pkix.CertificateList `json:"crl_list"` }
RESTGETRevocationListJSONReturn handles the data returned by the GET /authority endpoint
type RESTPOSTCertificateJSONIn ¶
type RESTPOSTCertificateJSONIn struct { CommonNamePath string `json:"cn_path,omitempty"` SlugPath string `json:"slug_path,omitempty"` SigningPrivateKeyPassphrase string `json:"signing_key_passphrase,omitempty"` CertificateRequestInput CertificateRequestInput `json:"csr_input"` ExpirationDate []int `json:"expiration_date,omitempty"` }
RESTPOSTCertificateJSONIn handles the data required by the POST /certificate endpoint
type RESTPOSTCertificateJSONReturn ¶
type RESTPOSTCertificateJSONReturn struct { Status string `json:"status"` Errors []string `json:"errors"` Messages []string `json:"messages"` CertInfo CertificateInfo `json:"csr_info"` }
RESTPOSTCertificateJSONReturn handles the data returned by the POST /certificate endpoint
type RESTPOSTCertificateRequestJSONIn ¶
type RESTPOSTCertificateRequestJSONIn struct { CommonNamePath string `json:"cn_path,omitempty"` SlugPath string `json:"slug_path,omitempty"` CertificateConfiguration CertificateConfiguration `json:"certificate_config"` }
RESTPOSTCertificateRequestJSONIn handles the data required by the POST /certificate-request endpoint
type RESTPOSTCertificateRequestJSONReturn ¶
type RESTPOSTCertificateRequestJSONReturn struct { Status string `json:"status"` Errors []string `json:"errors"` Messages []string `json:"messages"` CSRInfo CertificateRequestInfo `json:"csr_info"` }
RESTPOSTCertificateRequestJSONReturn handles the data returned by the POST /certificate-request endpoint
type RESTPOSTIntermedCAJSONIn ¶
type RESTPOSTIntermedCAJSONIn struct { CommonNamePath string `json:"cn_path,omitempty"` SlugPath string `json:"slug_path,omitempty"` CertificateConfiguration CertificateConfiguration `json:"certificate_config"` SigningPrivateKeyPassphrase string `json:"rsa_private_key_passphrase,omitempty"` }
RESTPOSTIntermedCAJSONIn handles the data required by the POST /intermediates endpoint
type RESTPOSTKeyStoresJSONIn ¶
type RESTPOSTKeyStoresJSONIn struct {
KeyStore string `json:"key_store_name"`
}
RESTPOSTKeyStoresJSONIn handles the data returned by the GET /keystores endpoint for key store listings
type RESTPOSTKeyStoresJSONReturn ¶
type RESTPOSTKeyStoresJSONReturn struct { Status string `json:"status"` Errors []string `json:"errors"` Messages []string `json:"messages"` KeyStore string `json:"key_store_id"` }
RESTPOSTKeyStoresJSONReturn handles the data returned by the GET /keystores endpoint for key store listings
type RESTPOSTNewKeyPairIn ¶
type RESTPOSTNewKeyPairIn struct { KeyPairID string `json:"key_pair_id"` KeyStoreID string `json:"key_store_id,omitempty"` Passphrase string `json:"passphrase,omitempty"` StorePrivateKey bool `json:"store_private_key"` }
RESTPOSTNewKeyPairIn organizes the data required for creating a new Key Pair
type RESTPOSTNewKeyPairReturn ¶
type RESTPOSTNewKeyPairReturn struct { Status string `json:"status"` Errors []string `json:"errors"` Messages []string `json:"messages"` KeyPair KeyPair `json:"key_pair,omitempty"` KeyPairID string `json:"key_pair_id,omitempty"` }
RESTPOSTNewKeyPairReturn handles the data returned by the POST /keys endpoint for generated key pairs
type RealKeyPair ¶
type RealKeyPair struct { PublicKey *rsa.PublicKey `json:"public_key,omitempty"` PrivateKey *rsa.PrivateKey `json:"private_key,omitempty"` }
RealKeyPair combines a string for a Public and Private Key objects
type ReturnGenericMessage ¶
type ReturnGenericMessage struct { Status string `json:"status"` Errors []string `json:"errors"` Messages []string `json:"messages"` }
ReturnGenericMessage - Generic message
type ReturnGetRoots ¶
type ReturnGetRoots struct { Status string `json:"status"` Errors []string `json:"errors"` Messages []string `json:"messages"` Roots []string `json:"roots"` }
ReturnGetRoots - GET /roots, handles listing of root ca slugs
type ReturnPostRoots ¶
type ReturnPostRoots struct { Status string `json:"status"` Errors []string `json:"errors"` Messages []string `json:"messages"` Root RootInfo `json:"root"` }
ReturnPostRoots - POST /roots, handles the returned data from creating a Root CA
type RootInfo ¶
type RootInfo struct { Slug string `json:"slug"` Serial string `json:"next_serial"` CertInfo x509.Certificate `json:"certificate"` }
RootInfo provides general root informations
type SANData ¶
type SANData struct { IPAddresses []net.IP `json:"ip_addresses,omitempty"` EmailAddresses []string `json:"email_addresses,omitempty"` DNSNames []string `json:"dns_names,omitempty"` URIs []string `json:"uris,omitempty"` }
SANData provides a collection of SANData for a certificate
type Server ¶
type Server struct { // Host is the local machine IP Address to bind the HTTP Server to Host string `yaml:"host"` BasePath string `yaml:"base_path"` // Port is the local machine TCP Port to bind the HTTP Server to Port string `yaml:"port"` Timeout struct { // Server is the general server timeout to use // for graceful shutdowns Server time.Duration `yaml:"server"` // Write is the amount of time to wait until an HTTP server // write opperation is cancelled Write time.Duration `yaml:"write"` // Read is the amount of time to wait until an HTTP server // read operation is cancelled Read time.Duration `yaml:"read"` // Read is the amount of time to wait // until an IDLE HTTP session is closed Idle time.Duration `yaml:"idle"` } `yaml:"timeout"` }
Server configures the HTTP server
type TargetAndCAPath ¶
TargetAndCAPath provides a structure to target items under a CA path such as certificates, CSRs, etc Target could be certs/slug-here, certreqs/slug-here
Source Files ¶
- api.app.go
- api.authorities.go
- api.ca.go
- api.certs.go
- api.crl.go
- api.csr.go
- api.intermediate-ca.go
- api.keys.go
- api.keystores.go
- func.certs.go
- func.cli.go
- func.crl.go
- func.csr.go
- func.encryption.go
- func.file.go
- func.http-server.go
- func.index.go
- func.intermediate-ca.go
- func.keys.go
- func.keystores.go
- func.logging.go
- func.misc.go
- func.network.go
- func.pem.go
- func.root-ca.go
- func.x509.go
- main.go
- types.go
- variables.go