goki

package module

v0.0.0-...-c11ff22 Latest Latest Go to latest Published: Jul 20, 2019 License: GPL-2.0 Imports: 20 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/iDigitalFlame/goki

README ¶

goki

Golang Public Key Infrastructure (PKI) Framework, no openssl needed!

Who needs OpenSSL when you have Golang?

Goki has support for Server, Client, Encryption and various other certificate types! CRLs and certificate revokation are supported! The library allows for storage in a directory, but the entire PKI infrastructure can be used only in memory, if desired. Set 'Directory' to an empty string to run in-memory only.

The CRL list can also be written to disk, and is handled by the CA struct. The CA details can be exported/imported via JSON, using json.Marshal/json.Unmarshal, or the Write/Read healper functions.

Almost everything can be customized easily, including Keysizes and Key Extensions!

Quick Getting Started

Import: import "github.com/iDigitalFlame/goki"

Example:

c, _ := goki.New("testca", "", 365, &goki.Subject{})

client1, _ := c.CreateClientCertificate("client1", "client@example.com", 90)
client2, _ := c.CreateClientCertificate("client2", "client2@example.com", 90)

server, _ := c.CreateServerCertificate("server1", "", 180)

fmt.Printf("Certificates isued\n")
fmt.Printf("client1: %s\n", client1)
fmt.Printf("client2: %s\n", client2)
fmt.Printf("server: %s\n", server)

fmt.Printf("Revoking client2..\n")
client2.Revoke()
fmt.Printf("client2: %s\n", client2)

crl, _ := c.CRL()
c.Commit()
fmt.Printf("CRL: %v\n", crl)

for _, v := range c.Certificates {
  fmt.Printf("%s: %X\n", v.Name, v.ID)
}

TODO

Add ECDSA Private Key generation support (we already have read support, need to add a flag to create instead of RSA).

Documentation ¶

Index ¶

Variables
type CA
type CRL
type Certificate
- func GetCertificate(p, k string) (*Certificate, error)
type Subject

Constants ¶

This section is empty.

Variables ¶

View Source

var (
	// ErrNilSubject is returned when any function that takes a detail struct is presented with a nil struct.
	ErrNilSubject = errors.New("ca: subject struct cannot be nil")

	// ErrMissingKey is returned when the Private Key file for the CA encounters an error when loading occurs.
	// Lacking a Private Key prevents the CA from doing basic signing functions required to function.
	ErrMissingKey = errors.New("ca: private key cannot be loaded, cannot contiue with CA functions")

	// ErrInvalidCA is returned when the CA is loaded when not properaly created. CA structs
	// require to be created first before calling the 'init' function.
	ErrInvalidCA = errors.New("ca: invalid CA state, create using the 'NewCA' function")

	// ErrEmptyCAName is returned from the 'New' functions when the CA name is empty. CA structs must have a name.
	ErrEmptyCAName = errors.New("ca: name cannot be empty")
)

View Source

var (
	// ErrAlreadyRevoked is returned when attempting to Revoke a Certificate that is not valid for revocation.
	ErrAlreadyRevoked = errors.New("certificate: certificate has already been revoked")

	// ErrInvalidKey is returned during the 'Write' function when the key is not a proper private key.
	ErrInvalidKey = errors.New("certificate: private key is not a valid type")
)

Functions ¶

This section is empty.

Types ¶

type CA ¶

type CA struct {
	File         string   `json:"file"`
	Subject      *Subject `json:"subject"`
	Keysize      uint16   `json:"keysize"`
	Directory    string   `json:"path"`
	Certificates certList `json:"certificates"`
	// contains filtered or unexported fields
}

CA is a struct that contains the information for the PKI certificate authority. This is used to generate new certificates.

func Load ¶

func Load(s string) (*CA, error)

Load will attempt to create a CA struct from the file 's'.

func New ¶

func New(n, d string, l int, s *Subject) (*CA, error)

New creates a new CA infrastructure. This function supports the following parameters, 'n' is the CA name, 'd' is the CA Directory path, 'l' is the CA lifetime and 's' is the Subject struct. This function defaults the keysize to 4096 and the CA file name to 'ca'. This will return an error if any of the parameters are incorrectly formatted.

func NewCA ¶

func NewCA(n, d, f string, l, k int, s *Subject) (*CA, error)

NewCA creates a new CA infrastructure. This function supports the following parameters, 'n' is the CA name, 'd' is the CA Directory path, 'f' is the CA file name, 'l' is the CA lifetime, 'k' is the CA keysize and 's' is the Subject struct. This will return an error if any of the parameters are incorrectly formatted.

func (*CA) CRL ¶

func (c *CA) CRL() (*CRL, error)

CRL checks all Certificates and generates the CRL file.

func (*CA) Certificate ¶

func (c *CA) Certificate(n int64) (*Certificate, error)

Certificate returnes the certificate with the ID 'n'.

func (*CA) CertificateByName ¶

func (c *CA) CertificateByName(n string) (*Certificate, error)

CertificateByName attempts to find the first Certifcate with the CommonName 'n'.

func (*CA) Commit ¶

func (c *CA) Commit() error

Commit writes all CA changes to the filesystem and generates the CRL.

func (*CA) CreateCertificate ¶

func (c *CA) CreateCertificate(n, o string, l int, u ...x509.ExtKeyUsage) (*Certificate, error)

CreateCertificate allows for simple creation of a Certificate. The paramaters are as follows: 'n' is the CommonName, 'o' is the owner email (optional) 'l' is the Duration length (in Days) and'u' is a vardict of the Extended Key Usage properties. This function defaults to using the CA details and the Digital Signature for Key Usage properties. Certificates generated are registered but are not written to the filesystem. Use the 'Certificate.Save()' or 'Certificate.Write(s, k)' function.

func (*CA) CreateCertificateEx ¶

func (c *CA) CreateCertificateEx(n, o string, l, b int, d *Subject, k x509.KeyUsage, u ...x509.ExtKeyUsage) (*Certificate, error)

CreateCertificateEx allows for advanced creation of a Certificate. The paramaters are as follows: 'n' is the CommonName, 'o' is the owner email (optional) 'l' is the Duration length (in Days), 'b' is the requested block size, 'd' is a Details struct used for Certificate Subject details 'k' is the x509 Key Usage integer and 'u' is a vardict of the Extended Key Usage properties. Certificates generated are registered but are not written to the filesystem. Use the 'Certificate.Save()' or 'Certificate.Write(s, k)' function.

func (*CA) CreateClientCertificate ¶

func (c *CA) CreateClientCertificate(n, o string, l int) (*Certificate, error)

CreateClientCertificate allows for simple creation of a client Certificate. The paramaters are as follows: 'n' is the CommonName, 'o' is the owner email (optional) and 'l' is the Duration length (in Days). This function defaults to using the CA details and Digital Signature Key for Key Usage properties and ExtKeyUsageClientAuth for Extended Key Usage. Certificates generated are registered but are not written to the filesystem. Use the 'Certificate.Save()' or 'Certificate.Write(s, k)' function.

func (*CA) CreateEncryptionCertificate ¶

func (c *CA) CreateEncryptionCertificate(n, o string, l int) (*Certificate, error)

CreateEncryptionCertificate allows for simple creation of a encryption Certificate. The paramaters are as follows: 'n' is the CommonName, 'o' is the owner email (optional) and 'l' is the Duration length (in Days). This function defaults to using the CA details and Digital Signature Key and Data Encipherment for Key Usage properties. Certificates generated are registered but are not written to the filesystem. Use the 'Certificate.Save()' or 'Certificate.Write(s, k)' function.

func (*CA) CreateServerCertificate ¶

func (c *CA) CreateServerCertificate(n, o string, l int) (*Certificate, error)

CreateServerCertificate allows for simple creation of a server Certificate. The paramaters are as follows: 'n' is the CommonName, 'o' is the owner email (optional) and 'l' is the Duration length (in Days). This function defaults to using the CA details and Digital Signature Key for Key Usage properties and ExtKeyUsageServerAuth for Extended Key Usage. Certificates generated are registered but are not written to the filesystem. Use the 'Certificate.Save()' or 'Certificate.Write(s, k)' function.

func (*CA) PathCA ¶

func (c *CA) PathCA() string

PathCA returns the path to the CA pem file.

func (*CA) PathCRL ¶

func (c *CA) PathCRL() string

PathCRL returns the path to the CRL pem file.

func (*CA) Read ¶

func (c *CA) Read(s string) error

Read will attempt to read the CA properties from the supplied file path 's'.

func (*CA) Write ¶

func (c *CA) Write(s string) error

Write will attempt to write the CA properties from the supplied file path 's'.

type CRL ¶

type CRL struct {
	File     string `json:"name"`
	Lifetime uint32 `json:"lifetime"`
	// contains filtered or unexported fields
}

CRL stores the certificate revokation list. Can be used to check for revoked certs.

func (*CRL) Bytes ¶

func (c *CRL) Bytes() []byte

Bytes returns the raw binary blob of the CRL.

func (*CRL) Write ¶

func (c *CRL) Write(s string) error

Write saves the CRL data to the specified file 's'.

func (*CRL) WriteCRL ¶

func (c *CRL) WriteCRL(w io.Writer) error

WriteCRL saves the CRL data to the supplied writer 'w'.

type Certificate ¶

type Certificate struct {
	ID   int64
	Name string
	// contains filtered or unexported fields
}

Certificate is a struct that holds data for a certificate entry in a CA directory.

func GetCertificate ¶

func GetCertificate(p, k string) (*Certificate, error)

GetCertificate returns the certificate file with the specified pem 'p' and optional key 'k' path. Returns an error of not nil if the files cannot be found or accessed.

func (*Certificate) File ¶

func (c *Certificate) File() string

File returns the ID of the Certificate as a hex string.

func (*Certificate) HasPrivateKey ¶

func (c *Certificate) HasPrivateKey() bool

HasPrivateKey returns true is the PrivateKey is loaded in this Certificate file.

func (*Certificate) IsExpired ¶

func (c *Certificate) IsExpired() bool

IsExpired returns true if this certificate has expired.

func (*Certificate) IsRevoked ¶

func (c *Certificate) IsRevoked() bool

IsRevoked returns true if this certificate has been revoked by the CA.

func (*Certificate) IsValid ¶

func (c *Certificate) IsValid() bool

IsValid returns true if this certificate is currently valid.

func (*Certificate) MarshalJSON ¶

func (c *Certificate) MarshalJSON() ([]byte, error)

MarshalJSON attempts to create a JSON string from a Certificate.

func (*Certificate) PrivateKey ¶

func (c *Certificate) PrivateKey() crypto.PrivateKey

PrivateKey returns the raw PrivateKey, if it is loaded.

func (*Certificate) PublicKey ¶

func (c *Certificate) PublicKey() crypto.PublicKey

PublicKey returns the raw PublicKey, if the PrivateKey is loaded.

func (*Certificate) Raw ¶

func (c *Certificate) Raw() *x509.Certificate

Raw returns the underlying certificate struct that this struct contains.

func (*Certificate) Read ¶

func (c *Certificate) Read(p, k string) error

Read load's the certificate from specified file path 's' and optional key path 'k'

func (*Certificate) Revoke ¶

func (c *Certificate) Revoke() error

Revoke marks this certificate as revoked. The CRL has to be regenrated after this function to take effect.

func (*Certificate) String ¶

func (c *Certificate) String() string

String returns a string repersentation of this Certificate.

func (*Certificate) UnmarshalJSON ¶

func (c *Certificate) UnmarshalJSON(b []byte) error

UnmarshalJSON attempts to create a certificiate from a JSON string.

func (*Certificate) Valid ¶

func (c *Certificate) Valid() bool

Valid returns true if this certificate is valid and has not been revoked or expired.

func (*Certificate) Write ¶

func (c *Certificate) Write(p, k string) error

Write encodes and writes the data of this Certificate and PrivateKey (if loaded) in the locations 'p' and 'k' respectivly.

func (*Certificate) WriteCertificate ¶

func (c *Certificate) WriteCertificate(w io.Writer) error

WriteCertificate attempts to write the certificate data to the supplied writer 'w'.

func (*Certificate) WriteKey ¶

func (c *Certificate) WriteKey(w io.Writer) error

WriteKey attempts to write the private key data to the supplied writer 'w'.

type Subject ¶

type Subject struct {
	ZIP          string `json:"zip,omitempty"`
	City         string `json:"city"`
	State        string `json:"state"`
	Email        string `json:"email"`
	Street       string `json:"street,omitempty"`
	Domain       string `json:"domain,omitempty"`
	Country      string `json:"country"`
	Department   string `json:"department"`
	Organization string `json:"organization,omitempty"`
}

Subject is a struct that contains the information for issuing a certificate.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL