gopki

package module
v0.0.0-...-a9a9230 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Nov 4, 2019 License: MIT Imports: 16 Imported by: 0

README

gopki

Tiny PKI for microservices to implement 2-way SSL and from P2P or policy based verification based on cryptographic certificates. The system will install certificate, auto-renewal, decommissioning and revoking complete hidden from the developers. The system will explain to the application to validate certificate to create P2P communication or Zoning based on certificate policies (or naming convetion). This will be tightly integrated into Kubernetes clusters where it will first be conceived for. Due to the emphemeral properties of containers, certificate and private will be centrally stored and securely pushed in memory to containers when they start and bootstrap with gopki. This is the central server which shall communicate with different kind of integrations:

  • go http integration
  • Spring One integration

Any other ideas are welcome

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var CREATE_CA_CONFIG_TABLE = "" /* 144-byte string literal not displayed */
View Source 
var DC = asn1.ObjectIdentifier{0, 9, 2342, 19200300, 100, 1, 25}

type description OID C countryName 2.5.4.6 CN commonName 2.5.4.3 DC domainComponent 0.9.2342.19200300.100.1.25 E emailAddress (deprecated) 1.2.840.113549.1.9.1 G or GN givenName 2.5.4.42 L localityName 2.5.4.7 O organizationName 2.5.4.10 OU organizationalUnit 2.5.4.11 SERIALNUMBER serialNumber 2.5.4.5 SN surname 2.5.4.4 ST or S stateOrProvinceName 2.5.4.8 STREET streetAddress 2.5.4.9 T or TITLE title 2.5.4.12 UID userID 0.9.2342.19200300.100.1.1

View Source 
var EMAIL = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 9, 1}
View Source 
var GN = asn1.ObjectIdentifier{2, 5, 4, 42}
View Source 
var SN = asn1.ObjectIdentifier{2, 5, 4, 4}
View Source 
var ST = asn1.ObjectIdentifier{2, 5, 4, 8}
View Source 
var TITLE = asn1.ObjectIdentifier{2, 5, 4, 12}
View Source 
var UID = asn1.ObjectIdentifier{0, 9, 2342, 19200300, 100, 1, 1}

Functions

func ConvertDNToPKIXName 

func ConvertDNToPKIXName(dn string) (p *pkix.Name, e error)

TODO: Refactor the function

func LoadCertificate 

func LoadCertificate(in io.Reader) (c []byte, e error)

func LoadPrivateKeyPem 

func LoadPrivateKeyPem(in io.Reader, password []byte) (p crypto.PrivateKey, e error)

func StoreCertificate 

func StoreCertificate(out io.Writer, cert []byte) (err error)

func StorePrivateKeyPem 

func StorePrivateKeyPem(out io.Writer, p crypto.PrivateKey, password []byte) (e error)

Types

type Attribute 

type Attribute struct {
	// contains filtered or unexported fields
}

func ParseDistinguishedName 

func ParseDistinguishedName(data string) (attr []*Attribute, err error)

<name> ::= <name-component> ( <spaced-separator> ) 

| <name-component> <spaced-separator> <name>

type CA 

type CA struct {
	Bytes       []byte
	Certificate *x509.Certificate
	// contains filtered or unexported fields
}

func LoadCA 

func LoadCA(cacert []byte, priv crypto.PrivateKey, serialNumber big.Int) (c *CA, e error)

func NewCA 

func NewCA(dn string, years int, pub crypto.PublicKey, priv crypto.PrivateKey) (c *CA, e error)

func (*CA) CreateTLSClientCertificate 

func (ca *CA) CreateTLSClientCertificate(dn string, pub crypto.PublicKey) (cert []byte, err error)

func (*CA) CreateTLSServerCertificate 

func (ca *CA) CreateTLSServerCertificate(dn string, pub crypto.PublicKey) (cert []byte, err error)

type DB 

type DB struct {
	// contains filtered or unexported fields
}

func NewDB 

func NewDB(dbtype string, connect string) (d *DB, e error)

func (*DB) CloseDB 

func (d *DB) CloseDB()

func (*DB) CreateDB 

func (d *DB) CreateDB() (e error)

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.