Documentation

Overview

Package roots includes support for loading trusted roots from various sources.

The following are supported trusted roout sources provided:

The "system" type does not take any metadata. It will use the default system certificates provided by the operating system.

The "cfssl" provider takes keys for the CFSSL "host", "label", and "profile", and loads the returned certificate into the trust store.

The "file" provider takes a source file (specified under the "source" key) that contains one or more certificates and adds them into the source tree.

Index

Constants

This section is empty.

Variables

View Source
var Providers = map[string]func(map[string]string) ([]*x509.Certificate, error){
	"system": system.New,
	"cfssl":  NewCFSSL,
	"file":   TrustPEM,
}

Providers is a mapping of supported providers and the functions that can build them.

Functions

func NewCFSSL

func NewCFSSL(metadata map[string]string) ([]*x509.Certificate, error)

NewCFSSL produces a new CFSSL root.

func TrustPEM

func TrustPEM(metadata map[string]string) ([]*x509.Certificate, error)

TrustPEM takes a source file containing one or more certificates and adds them to the trust store.

Types

type TrustStore

type TrustStore struct {
	// contains filtered or unexported fields
}

A TrustStore contains a pool of certificate that are trusted for a given TLS configuration.

func New

func New(rootDefs []*core.Root) (*TrustStore, error)

New produces a new trusted root provider from a collection of roots. If there are no roots, the system roots will be used.

func (*TrustStore) Certificates

func (ts *TrustStore) Certificates() []*x509.Certificate

Certificates returns a slice of the loaded certificates.

func (*TrustStore) Pool

func (ts *TrustStore) Pool() *x509.CertPool

Pool returns a certificate pool containing the certificates loaded into the provider.

type Trusted

type Trusted interface {
	// Certificates returns a slice containing the certificates
	// that are loaded into the provider.
	Certificates() []*x509.Certificate

	// AddCert adds a new certificate into the certificate pool.
	AddCert(cert *x509.Certificate)

	// AddPEM adds a one or more PEM-encoded certificates into the
	// certificate pool.
	AddPEM(cert []byte) bool
}

Trusted contains a store of trusted certificates.

Directories

Path Synopsis