Back to

Package caddypki

Latest Go to latest

The latest major version is v2.

Published: Oct 13, 2020 | License: Apache-2.0 | Module:



const (
	// DefaultCAID is the default CA ID.
	DefaultCAID = "local"

type AuthorityConfig

type AuthorityConfig struct {
	SignWithRoot bool

	// TODO: should we just embed the underlying authority.Config struct type?
	DB         *db.Config
	AuthConfig *authority.AuthConfig

AuthorityConfig is used to help a CA configure the underlying signing authority.

type CA

type CA struct {
	// The user-facing name of the certificate authority.
	Name string `json:"name,omitempty"`

	// The name to put in the CommonName field of the
	// root certificate.
	RootCommonName string `json:"root_common_name,omitempty"`

	// The name to put in the CommonName field of the
	// intermediate certificates.
	IntermediateCommonName string `json:"intermediate_common_name,omitempty"`

	// Whether Caddy will attempt to install the CA's root
	// into the system trust store, as well as into Java
	// and Mozilla Firefox trust stores. Default: true.
	InstallTrust *bool `json:"install_trust,omitempty"`

	// The root certificate to use; if empty, one will be generated.
	Root *KeyPair `json:"root,omitempty"`

	// The intermediate (signing) certificate; if empty, one will be generated.
	Intermediate *KeyPair `json:"intermediate,omitempty"`

	// Optionally configure a separate storage module associated with this
	// issuer, instead of using Caddy's global/default-configured storage.
	// This can be useful if you want to keep your signing keys in a
	// separate location from your leaf certificates.
	StorageRaw json.RawMessage `json:"storage,omitempty" caddy:" inline_key=module"`
	// contains filtered or unexported fields

CA describes a certificate authority, which consists of root/signing certificates and various settings pertaining to the issuance of certificates and trusting them.

func (CA) ID

func (ca CA) ID() string

ID returns the CA's ID, as given by the user in the config.

func (CA) IntermediateCertificate

func (ca CA) IntermediateCertificate() *x509.Certificate

IntermediateCertificate returns the CA's intermediate certificate (public key).

func (CA) IntermediateKey

func (ca CA) IntermediateKey() interface{}

IntermediateKey returns the CA's intermediate private key.

func (CA) NewAuthority

func (ca CA) NewAuthority(authorityConfig AuthorityConfig) (*authority.Authority, error)

NewAuthority returns a new Smallstep-powered signing authority for this CA.

func (*CA) Provision

func (ca *CA) Provision(ctx caddy.Context, id string, log *zap.Logger) error

Provision sets up the CA.

func (CA) RootCertificate

func (ca CA) RootCertificate() *x509.Certificate

RootCertificate returns the CA's root certificate (public key).

func (CA) RootKey

func (ca CA) RootKey() (interface{}, error)

RootKey returns the CA's root private key. Since the root key is not cached in memory long-term, it needs to be loaded from storage, which could yield an error.

type KeyPair

type KeyPair struct {
	// The certificate. By default, this should be the path to
	// a PEM file unless format is something else.
	Certificate string `json:"certificate,omitempty"`

	// The private key. By default, this should be the path to
	// a PEM file unless format is something else.
	PrivateKey string `json:"private_key,omitempty"`

	// The format in which the certificate and private
	// key are provided. Default: pem_file
	Format string `json:"format,omitempty"`

KeyPair represents a public-private key pair, where the public key is also called a certificate.

func (KeyPair) Load

func (kp KeyPair) Load() (*x509.Certificate, interface{}, error)

Load loads the certificate and key.

type PKI

type PKI struct {
	// The CAs to manage. Each CA is keyed by an ID that is used
	// to uniquely identify it from other CAs. The default CA ID
	// is "local".
	CAs map[string]*CA `json:"certificate_authorities,omitempty"`
	// contains filtered or unexported fields

PKI provides Public Key Infrastructure facilities for Caddy.

func (PKI) CaddyModule

func (PKI) CaddyModule() caddy.ModuleInfo

CaddyModule returns the Caddy module information.

func (*PKI) Provision

func (p *PKI) Provision(ctx caddy.Context) error

Provision sets up the configuration for the PKI app.

func (*PKI) Start

func (p *PKI) Start() error

Start starts the PKI app.

func (*PKI) Stop

func (p *PKI) Stop() error

Stop stops the PKI app.

Package Files

Documentation was rendered with GOOS=linux and GOARCH=amd64.

Jump to identifier

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to identifier