Documentation ¶
Overview ¶
Package authority creates and manages platform certificates.
Example ¶
path, _ := ioutil.TempDir("", "") keyPath := filepath.Join(path, PkeyFileName) certPath := filepath.Join(path, RootCAFileName) // Generate root certificate and key v := common.MockViper("key_size", 1024, "validity", 365, "country", "UK", "organization", "DFSS", "unit", "unit", "cn", "ROOT", "path", path) hash, err := Initialize(v, nil, nil) if err != nil || hash == nil { fmt.Println(err) return } CheckFile(keyPath, "Private key") CheckFile(certPath, "Certificate") // Fetch files into memory pid, err := Start(path) if err != nil { fmt.Println(err) return } // Generate child certificate and key childPath := filepath.Join(path, "child") v = common.MockViper("key_size", 1024, "validity", 10, "country", "FR", "organization", "DFSS", "unit", "unit", "cn", "CHILD", "path", childPath) _, err = Initialize(v, pid.RootCA, pid.Pkey) if err != nil { fmt.Println(err) return } CheckFile(filepath.Join(childPath, "key.pem"), "Child private key") CheckFile(filepath.Join(childPath, "cert.pem"), "Child certificate") _ = os.RemoveAll(path)
Output: Private key file has been found Certificate file has been found Child private key file has been found Child certificate file has been found
Index ¶
Examples ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func Initialize ¶
func Initialize(v *viper.Viper, ca *x509.Certificate, rKey *rsa.PrivateKey) (hash []byte, err error)
Initialize creates and saves the platform's private key and root certificate to a PEM format. If ca and rKey are not nil, they will be used as the root certificate and root private key instead of creating a ones. The files are saved at the specified path by viper. The returned `hash` is the SHA-512 hash of the generated certificate.
Types ¶
type PlatformID ¶
type PlatformID struct { Pkey *rsa.PrivateKey RootCA *x509.Certificate }
PlatformID contains platform private key and root certificate
func Start ¶
func Start(path string) (*PlatformID, error)
Start fetches the platform's private rsa key and root certificate, and create a PlatformID accordingly.
The specified path should not end by a separator.
The files are fetched using their default name.
type TTPHolder ¶ added in v0.3.0
type TTPHolder struct {
// contains filtered or unexported fields
}
TTPHolder stores available TTPs (trusted third parties)
func NewTTPHolder ¶ added in v0.3.0
NewTTPHolder loads available TTPs from the specified file. The format of this file should be as-is:
<addr ttp 1>[:<port ttp 1] <SHA-512 hash of the ttp certificate (hex format)>\n ...
Example: see testdata/ttps. If an error occurs during the retrieval of the file, an empty TTPHolder will be provided. If the file is corrupted (wrong format), and error will be thrown.
func (*TTPHolder) Add ¶ added in v0.3.0
Add adds the provided TTP to the TTP holder. It is thread-safe.
func (*TTPHolder) Get ¶ added in v0.3.0
func (h *TTPHolder) Get() *api.LaunchSignature_TTP
Get returns a TTP from the TTP holder. It is thread-safe, and base on a round-robin system.
If the TTPHolder is empty, returns nil.