certutil

package
v0.4.0-rc1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Nov 20, 2015 License: MPL-2.0 Imports: 11 Imported by: 0

Documentation

Overview

Package certutil contains helper functions that are mostly used with the PKI backend but can be generally useful. Functionality includes helpers for converting a certificate/private key bundle between DER and PEM, printing certificate serial numbers, and more.

Functionality specific to the PKI backend includes some types and helper methods to make requesting certificates from the backend easy.

Index

Constants

View Source
const (
	UnknownPrivateKey = iota
	RSAPrivateKey
	ECPrivateKey

	TLSUnknown TLSUsage = 0
	TLSServer  TLSUsage = 1 << iota
	TLSClient
)

The type of of the Private Key referenced in CertBundle and ParsedCertBundle. This uses colloquial names rather than official names, to eliminate confusion

Variables

This section is empty.

Functions

func GetOctalFormatted

func GetOctalFormatted(buf []byte, sep string) string

GetOctalFormatted returns the byte buffer formatted in octal with the specified separator between bytes. FIXME: where did I originally copy this code from? This ain't octal, it's hex.

func GetSubjKeyID

func GetSubjKeyID(privateKey crypto.Signer) ([]byte, error)

GetSubjKeyID returns the subject key ID, e.g. the SHA1 sum of the marshaled public key

func ParseHexFormatted added in v0.4.0

func ParseHexFormatted(in, sep string) []byte

Types

type CertBundle

type CertBundle struct {
	PrivateKeyType string `json:"private_key_type" structs:"private_key_type" mapstructure:"private_key_type"`
	Certificate    string `json:"certificate" structs:"certificate" mapstructure:"certificate"`
	IssuingCA      string `json:"issuing_ca" structs:"issuing_ca" mapstructure:"issuing_ca"`
	PrivateKey     string `json:"private_key" structs:"private_key" mapstructure:"private_key"`
	SerialNumber   string `json:"serial_number" structs:"serial_number" mapstructure:"serial_number"`
}

CertBundle contains a key type, a PEM-encoded private key, a PEM-encoded certificate, and a string-encoded serial number, returned from a successful Issue request

func (*CertBundle) ToParsedCertBundle

func (c *CertBundle) ToParsedCertBundle() (*ParsedCertBundle, error)

ToParsedCertBundle converts a string-based certificate bundle to a byte-based raw certificate bundle

type InternalError

type InternalError struct {
	Err string
}

InternalError represents an error generated internally, presumably not due to invalid user input

func (InternalError) Error

func (e InternalError) Error() string

type IssueData

type IssueData struct {
	Lease      string `json:"lease" structs:"lease" mapstructure:"lease"`
	CommonName string `json:"common_name" structs:"common_name" mapstructure:"common_name"`
	AltNames   string `json:"alt_names" structs:"alt_names" mapstructure:"alt_names"`
	IPSANs     string `json:"ip_sans" structs:"ip_sans" mapstructure:"ip_sans"`
}

IssueData is a structure that is suitable for marshaling into a request; either via JSON, or into a map[string]interface{} via the structs package

type ParsedCertBundle

type ParsedCertBundle struct {
	PrivateKeyType   int
	PrivateKeyBytes  []byte
	PrivateKey       crypto.Signer
	IssuingCABytes   []byte
	IssuingCA        *x509.Certificate
	CertificateBytes []byte
	Certificate      *x509.Certificate
}

ParsedCertBundle contains a key type, a DER-encoded private key, a DER-encoded certificate, and a big.Int serial number

func ParsePEMBundle

func ParsePEMBundle(pemBundle string) (*ParsedCertBundle, error)

ParsePEMBundle takes a string of concatenated PEM-format certificate and private key values and decodes/parses them, checking validity along the way. There must be at max two certificates (a certificate and its issuing certificate) and one private key.

func ParsePKIJSON

func ParsePKIJSON(input []byte) (*ParsedCertBundle, error)

ParsePKIJSON takes a JSON-encoded string and returns a CertBundle ParsedCertBundle.

This can be either the output of an issue call from the PKI backend or just its data member; or, JSON not coming from the PKI backend.

func ParsePKIMap

func ParsePKIMap(data map[string]interface{}) (*ParsedCertBundle, error)

ParsePKIMap takes a map (for instance, the Secret.Data returned from the PKI backend) and returns a ParsedCertBundle.

func (*ParsedCertBundle) GetTLSConfig

func (p *ParsedCertBundle) GetTLSConfig(usage TLSUsage) (*tls.Config, error)

GetTLSConfig returns a TLS config generally suitable for client authentiation. The returned TLS config can be modified slightly to be made suitable for a server requiring client authentication; specifically, you should set the value of ClientAuth in the returned config to match your needs.

func (*ParsedCertBundle) ToCertBundle

func (p *ParsedCertBundle) ToCertBundle() (*CertBundle, error)

ToCertBundle converts a byte-based raw DER certificate bundle to a PEM-based string certificate bundle

type Secret

type Secret struct {
	Data map[string]interface{} `json:"data"`
}

Secret is used to attempt to unmarshal a Vault secret JSON response, as a convenience

type TLSUsage

type TLSUsage int

TLSUsage controls whether the intended usage of a *tls.Config returned from ParsedCertBundle.GetTLSConfig is for server use, client use, or both, which affects which values are set

type UserError

type UserError struct {
	Err string
}

UserError represents an error generated due to invalid user input

func (UserError) Error

func (e UserError) Error() string

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL