Documentation

Overview

    Package store provides different methods to store a Public Key Infrastructure.

    Index

    Constants

    View Source
    const (
    	LocalCertsDir = "certs"
    	LocalKeysDir  = "keys"
    	LocalCrlsDir  = "crls"
    )

      Predifined directory names.

      Variables

      View Source
      var (
      	ErrDoesNotExist = errors.New("does not exist")
      )

        Errors.

        Functions

        func InitCADir

        func InitCADir(path string) error

          InitCADir creates the basic structure of a CA subdirectory.

          |- crlnumber
          |- index.txt
          |- index.txt.attr
          |- serial
          |- certs/
            |- ca.crt
            |- name.crt
          |- keys/
            |- ca.key
            |- name.key
          

          Types

          type Bolt

          type Bolt struct {
          	DB *bolt.DB
          }

            Bolt lets us store a Certificate Authority in a Bolt DB.

            Certificate bundles are stored per CA bucket, and each of them has a keys bucket and a certs buckets.

            func (*Bolt) Add

            func (b *Bolt) Add(caName, name string, isCa bool, key, cert []byte) error

              Add adds the given bundle to the database.

              func (*Bolt) Fetch

              func (b *Bolt) Fetch(caName, name string) ([]byte, []byte, error)

                Fetch fetchs the private key and certificate for a given name signed by caName.

                func (*Bolt) Revoked

                func (b *Bolt) Revoked(caName string) ([]pkix.RevokedCertificate, error)

                  Revoked returns a list of revoked certificates.

                  func (*Bolt) Update

                  func (b *Bolt) Update(caName string, sn *big.Int, st certificate.State) error

                    Update updates the state of a given certificate in the index.txt.

                    type InMemory

                    type InMemory struct {
                    	CAs map[string]map[string][][]byte
                    }

                    func (*InMemory) Add

                    func (l *InMemory) Add(caName, name string, isCa bool, key, cert []byte) error

                      Add adds the given bundle to the in-memory store

                      func (*InMemory) Exists

                      func (l *InMemory) Exists(caName, name string) bool

                      func (*InMemory) Fetch

                      func (l *InMemory) Fetch(caName, name string) ([]byte, []byte, error)

                        Fetch fetchs the private key and certificate for a given name signed by caName.

                        func (*InMemory) Revoked

                        func (l *InMemory) Revoked(caName string) ([]pkix.RevokedCertificate, error)

                          not implemented

                          func (*InMemory) Update

                          func (l *InMemory) Update(caName string, sn *big.Int, st certificate.State) error

                            not implemented

                            type Local

                            type Local struct {
                            	Root string
                            }

                              Local lets us store a Certificate Authority on the local filesystem.

                              The structure used makes it compatible with openssl.

                              func (*Local) Add

                              func (l *Local) Add(caName, name string, isCa bool, key, cert []byte) error

                                Add adds the given bundle to the local filesystem.

                                func (*Local) Exists

                                func (l *Local) Exists(caName, name string) bool

                                  Exists checks if a certificate or private key already exist on the local filesystem for a given name.

                                  func (*Local) Fetch

                                  func (l *Local) Fetch(caName, name string) ([]byte, []byte, error)

                                    Fetch fetchs the private key and certificate for a given name signed by caName.

                                    func (*Local) Revoked

                                    func (l *Local) Revoked(caName string) ([]pkix.RevokedCertificate, error)

                                      Revoked returns a list of revoked certificates.

                                      func (*Local) Update

                                      func (l *Local) Update(caName string, sn *big.Int, st certificate.State) error

                                        Update updates the state of a given certificate in the index.txt.

                                        type Store

                                        type Store interface {
                                        	// Add adds a newly signed certificate bundle to the store.
                                        	//
                                        	// Args:
                                        	//  The CA name, if the certificate was signed with an intermediate CA.
                                        	//  The certificate bundle name.
                                        	//  Is the bundle to add an intermediate CA.
                                        	//  The raw private key.
                                        	//  The raw certificate.
                                        	//
                                        	// Returns an error if it failed to store the bundle.
                                        	Add(string, string, bool, []byte, []byte) error
                                        
                                        	// Fetch fetches a certificate bundle from the store.
                                        	//
                                        	// Args:
                                        	//   The CA name, if the certificate was signed with an intermediate CA.
                                        	//   The name of the certificate bundle.
                                        	//
                                        	// Returns the raw private key and certificate respectively or an error.
                                        	Fetch(string, string) ([]byte, []byte, error)
                                        
                                        	// Update updates the state of a certificate. (Valid, Revoked, Expired)
                                        	//
                                        	// Args:
                                        	//   The CA name, if the certificate was signed with an intermediate CA.
                                        	//   The serial of the certificate to update.
                                        	//   The new state.
                                        	//
                                        	// Returns an error if the update failed.
                                        	Update(string, *big.Int, certificate.State) error
                                        
                                        	// Revoked returns a list of revoked certificates for a given CA.
                                        	//
                                        	// Args:
                                        	//   The CA name, if it is for an intermediate CA.
                                        	//
                                        	// Returns a list of revoked certificate or an error.
                                        	Revoked(string) ([]pkix.RevokedCertificate, error)
                                        }

                                          Store reprents a way to store a Certificate Authority.