ca

package module
v0.2.3 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Oct 13, 2024 License: MIT Imports: 26 Imported by: 1

Documentation

Overview

Package ca provides a basic Certificate Authority

Index

Constants

View Source 
const (
	Day  = 24 * time.Hour // Day is 24 hours
	Year = 365 * Day      // Year is 365 days

	// DefaultCertificateDuration is 90 days
	DefaultCertificateDuration = 90 * Day
	// DefaultCADuration is 10 years
	DefaultCADuration = 10 * Year
)

Variables

This section is empty.

Functions

func RandomSerialNumber 

func RandomSerialNumber() *big.Int

RandomSerialNumber generates a random serial number for a new Certificate

Types

type CA 

type CA struct {
	// contains filtered or unexported fields
}

CA is a basic Certificate Authority

func (*CA) CreateCertificate 

func (ca *CA) CreateCertificate(tpl *x509.Certificate,
	pub crypto.PublicKey) (certPEM []byte, err error)

CreateCertificate signs a x509.Certificate returning the result PEM encoded

func (*CA) ECDSA 

func (ca *CA) ECDSA() bool

ECDSA tells if certificates should be ECDSA instead of RSA

func (*CA) ED25519 

func (ca *CA) ED25519() bool

ED25519 tells if certificates should be ED25519 instead of RSA

func (*CA) GenerateKey 

func (ca *CA) GenerateKey() (x509utils.PrivateKey, error)

GenerateKey generates a new PrivateKey for a Server

func (*CA) GetCAPool 

func (ca *CA) GetCAPool() *x509.CertPool

GetCAPool generates a CertPool only including this CA

func (*CA) GetCertificate 

func (ca *CA) GetCertificate(chi *tls.ClientHelloInfo) (*tls.Certificate, error)

GetCertificate looks for the TLS certificate for a given chi.ServerName, and creates one if it doesn't

func (*CA) NewKeyCertPair 

func (ca *CA) NewKeyCertPair(clientAuth bool,
	tpl *x509.Certificate) (keyPEM, certPEM []byte, err error)

NewKeyCertPair creates a new key+cert based on a given template, returning the resulting PEM encoded

func (*CA) ServeCertificate 

func (ca *CA) ServeCertificate(rw http.ResponseWriter, req *http.Request)

ServeCertificate handles requests for the CA Certificate

func (*CA) WriteCert 

func (ca *CA) WriteCert(w io.Writer) (int64, error)

WriteCert writes the CA's Certificate PEM encoded

func (*CA) WriteKey 

func (ca *CA) WriteKey(w io.Writer) (int64, error)

WriteKey writes the CA's Private Key PEM encoded

type Config 

type Config struct {
	// KeyAlgorithm specifies the algorithm to use when
	// generating a PrivateKey. Defaults to RSA.
	KeyAlgorithm KeyAlgorithm

	// Template is used to create new certificates
	Template TemplateConfig
}

Config describes how the CA will operate

func (*Config) GenerateKey 

func (cfg *Config) GenerateKey(rootCA bool) (x509utils.PrivateKey, error)

GenerateKey generates a new PrivateKey

func (Config) LoadCA 

func (cfg Config) LoadCA(key x509utils.PrivateKey, certs []*x509.Certificate) (*CA, error)

LoadCA creates a new CA using the given key and certs chain

func (Config) NewCA 

func (cfg Config) NewCA(tc *TemplateConfig) (*CA, error)

NewCA generates a new self-signed CA using the provided TemplateConfig

type KeyAlgorithm 

type KeyAlgorithm int

KeyAlgorithm specifies the algorithm to use when generating a Private Key 

const (
	// KeyAlgorithmUnspecified is treated as if it was KeyAlgorithmRSA
	KeyAlgorithmUnspecified KeyAlgorithm = iota
	// KeyAlgorithmRSA uses RSA3072 for the CA, and 2048 for servers
	KeyAlgorithmRSA
	// KeyAlgorithmECDSA uses ECDSA 256 for either CA or server
	KeyAlgorithmECDSA
	// KeyAlgorithmED25519 uses ED25519 for either CA or server
	KeyAlgorithmED25519
)

type TemplateConfig 

type TemplateConfig struct {
	O  string // O is the Subject.Organizaton
	OU string // OU is the Subject.OrganizationalUnit
	CN string // CN in the Subject.CommonName

	// Duration is how long the certificate will last
	Duration time.Duration
}

TemplateConfig describes the details to compose a new Certificate and CertificateRequest template

func (*TemplateConfig) NewCATemplate 

func (tc *TemplateConfig) NewCATemplate(skid []byte) *x509.Certificate

NewCATemplate generates the template to create a new CA, based on the information on the Issuer field.

func (*TemplateConfig) NewCSRTemplate 

func (tc *TemplateConfig) NewCSRTemplate(names ...string) *x509.CertificateRequest

NewCSRTemplate creates a Certificate Request Template for a list of names. These names can be IP addresses, e-mail addresses, URIs or DNS names.

func (*TemplateConfig) NewCertificateTemplate 

func (tc *TemplateConfig) NewCertificateTemplate(names ...string) *x509.Certificate

NewCertificateTemplate creates a Certificate Template for a list of names. These names can be IP addresses, e-mail addresses, URIs or DNS names.

func (*TemplateConfig) NewTemplateFromCSR 

func (tc *TemplateConfig) NewTemplateFromCSR(csr *x509.CertificateRequest) *x509.Certificate

NewTemplateFromCSR prepares a x509.Certificate from a x509.CertificateRequest

func (TemplateConfig) SetDefaults 

func (tc TemplateConfig) SetDefaults(target *TemplateConfig)

SetDefaults uses itself to set default values to a target TemplateConfig

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.
JackTT - Gopher 🇻🇳