ca

Documentation

Overview

Package ca provides certificate authority management for MITM proxy.

Index

• func DefaultCADir() string
• func DefaultCertPath() string
• func DefaultKeyPath() string
• type CA
  • func Load(certPath, keyPath string) (*CA, error)
  • func LoadFromPEM(certPEM, keyPEM []byte) (*CA, error)
  • func LoadOrCreate(certPath, keyPath string, cfg *Config) (*CA, error)
  • func New(cfg *Config) (*CA, error)
  • func (ca *CA) CertPEM() []byte
  • func (ca *CA) GenerateCert(domain string) (certPEM, keyPEM []byte, err error)
  • func (ca *CA) KeyPEM() []byte
  • func (ca *CA) Save(certPath, keyPath string) error
  • func (ca *CA) TLSCertificate() (tls.Certificate, error)
• type Config
  • func DefaultConfig() *Config

Functions

func DefaultCADir

func DefaultCADir() string

DefaultCADir returns the default directory for storing CA files.

func DefaultCertPath

func DefaultCertPath() string

DefaultCertPath returns the default path for the CA certificate.

func DefaultKeyPath

func DefaultKeyPath() string

DefaultKeyPath returns the default path for the CA private key.

Types

type CA

type CA struct {
	Certificate *x509.Certificate
	PrivateKey  *ecdsa.PrivateKey
	// contains filtered or unexported fields
}

CA represents a certificate authority for MITM proxying.

func Load

func Load(certPath, keyPath string) (*CA, error)

Load loads an existing CA from PEM files.

func LoadFromPEM

func LoadFromPEM(certPEM, keyPEM []byte) (*CA, error)

LoadFromPEM loads a CA from PEM-encoded data.

func LoadOrCreate

func LoadOrCreate(certPath, keyPath string, cfg *Config) (*CA, error)

LoadOrCreate loads an existing CA or creates a new one if it doesn't exist.

func New

func New(cfg *Config) (*CA, error)

New creates a new CA with the given configuration.

func (*CA) CertPEM

func (ca *CA) CertPEM() []byte

CertPEM returns the CA certificate in PEM format.

func (*CA) GenerateCert

func (ca *CA) GenerateCert(domain string) (certPEM, keyPEM []byte, err error)

GenerateCert generates a certificate for the given domain, signed by this CA.

func (*CA) KeyPEM

func (ca *CA) KeyPEM() []byte

KeyPEM returns the CA private key in PEM format.

func (*CA) Save

func (ca *CA) Save(certPath, keyPath string) error

Save saves the CA certificate and private key to files.

func (*CA) TLSCertificate

func (ca *CA) TLSCertificate() (tls.Certificate, error)

TLSCertificate returns the CA as a tls.Certificate.

type Config

type Config struct {
	// Organization name for the CA certificate
	Organization string
	// CommonName for the CA certificate
	CommonName string
	// ValidFor is how long the CA is valid (default: 10 years)
	ValidFor time.Duration
}

Config holds CA configuration options.

func DefaultConfig

func DefaultConfig() *Config

DefaultConfig returns default CA configuration.