Documentation
¶
Index ¶
- Variables
- func AddEntryToCAIndex(indexPath string, certPath string) (bool, error)
- func B64DecodeBytesToBytes(input []byte) ([]byte, error)
- func B64DecodeStrToBytes(input string) ([]byte, error)
- func B64EncodeBytesToStr(input []byte) string
- func Bootstrap()
- func CopyFile(src, dst string, BUFFERSIZE int64) error
- func CreateCRLObject(certList []pkix.RevokedCertificate, key crypto.Signer, ...) ([]byte, error)
- func CreateCert(certTemplate *x509.Certificate, signingCert *x509.Certificate, ...) (cert []byte, err error)
- func CreateDirectory(path string)
- func CreateNewCRLForCA(certificate *x509.Certificate, privateKey crypto.Signer, path string) (bool, error)
- func DecodePrivateKeyPem(inFile []byte) (*pem.Block, []byte)
- func DecodePublicKeyPem(inFile []byte) (*pem.Block, []byte)
- func DeleteFile(path string)
- func DirectoryExists(pathName string) (bool, error)
- func DirectoryListingNames(path string) []string
- func DirectoryListingNamesNoExt(path string) []string
- func DownloadFile(filepath string, url string) error
- func FileExists(fileName string) (bool, error)
- func GenerateRSAKeypair(keySize int) (*rsa.PrivateKey, *rsa.PublicKey, error)
- func GetPrivateKey(path string, rsaPrivateKeyPassword string) *rsa.PrivateKey
- func GetPublicKey(path string) *rsa.PublicKey
- func IncreaseSerialNumber(rootSlug string) (bool, error)
- func IncreaseSerialNumberAbs(path string) (bool, error)
- func LoadKeyFile(fileName string) []byte
- func NewCRL(template *x509.RevocationList, issuer *x509.Certificate, priv crypto.Signer) ([]byte, error)
- func NewRouter(basePath string) *http.ServeMux
- func NewTabDelimitedWriter(w io.Writer) (writer *csv.Writer)
- func PEMEncodeCRL(certByte []byte) *bytes.Buffer
- func ParseFlags() (string, error)
- func PreflightSetup()
- func ReadCACertificate(path string) (*x509.Certificate, error)
- func ReadCRLFromFile(path string) (*x509.Certificate, error)
- func ReadCertFromFile(path string) (*x509.Certificate, error)
- func ReadFileToBytes(path string) ([]byte, error)
- func ReadUserIP(r *http.Request) string
- func ReadUserIPNoPort(r *http.Request) string
- func SetupNewCRLTemplate(SignatureAlgorithm x509.SignatureAlgorithm, nextUpdate time.Time) *x509.RevocationList
- func Stoerr(s string) error
- func TouchFile(fileName string, updateTime bool)
- func Untar(dst string, srcFile string) error
- func ValidateCertificateConfiguration(c CertificateConfiguration) (bool, []string, error)
- func ValidateConfigPath(path string) error
- func WriteByteFile(path string, content []byte, mode int, overwrite bool) (bool, error)
- func WriteFile(path string, content string, mode int, overwrite bool) (bool, error)
- type CAIndex
- type CertificateAuthorityPaths
- type CertificateConfiguration
- type CertificateConfigurationSubject
- type CertificateInfo
- type CertificateInformation
- type CertificateRequestInfo
- type CertificateRequestInput
- type Config
- type ConfigYAML
- type Counter
- type KeyPair
- type RESTGETAuthorityJSONReturn
- type RESTGETCertificateInformationJSONReturn
- type RESTGETCertificateRequestJSONReturn
- type RESTGETCertificateRequestsJSONReturn
- type RESTGETCertificatesJSONReturn
- type RESTGETIntermedCAJSONIn
- type RESTGETIntermedCAJSONReturn
- type RESTGETKeyPairJSONReturn
- type RESTGETKeyPairsJSONReturn
- type RESTGETKeyStoresJSONReturn
- type RESTGETRevocationListJSONReturn
- type RESTPOSTCertificateJSONIn
- type RESTPOSTCertificateJSONReturn
- type RESTPOSTCertificateRequestJSONIn
- type RESTPOSTCertificateRequestJSONReturn
- type RESTPOSTIntermedCAJSONIn
- type RESTPOSTKeyStoresJSONIn
- type RESTPOSTKeyStoresJSONReturn
- type RESTPOSTNewKeyPairIn
- type RESTPOSTNewKeyPairReturn
- type RealKeyPair
- type ReturnGenericMessage
- type ReturnGetRoots
- type ReturnPostRoots
- type RootInfo
- type SANData
- type Server
- type TargetAndCAPath
Constants ¶
This section is empty.
Variables ¶
var BUFFERSIZE int64 = 4096 // 4096 bits = default page size on OSX
BUFFERSIZE is for copying files
Functions ¶
func AddEntryToCAIndex ¶
AddEntryToCAIndex adds the needed tab-separated data to the CA Index file when generating certificates State: “V” for Valid, “E” for Expired and “R” for revoked Enddate: in the format YYMMDDHHmmssZ (the “Z” stands for Zulu/GMT) Date of Revocation: same format as “Enddate” Serial: serial of the certificate Path to Certificate: can also be “unknown” Subject: subject of the certificate
func B64DecodeBytesToBytes ¶
B64DecodeBytesToBytes converts a Base64 byte slice to a Base64 Decoded Byte slice
func B64DecodeStrToBytes ¶
B64DecodeStrToBytes converts a Base64 string to a Base64 Decoded Byte slice
func B64EncodeBytesToStr ¶
B64EncodeBytesToStr converts a byte slice to a Base64 Encoded String
func CreateCRLObject ¶
func CreateCRLObject(certList []pkix.RevokedCertificate, key crypto.Signer, issuingCert *x509.Certificate, expiryTime time.Time) ([]byte, error)
CreateCRLObject will create the CRL Object
func CreateCert ¶
func CreateCert(certTemplate *x509.Certificate, signingCert *x509.Certificate, certPubkey, signingPrivKey interface{}) (cert []byte, err error)
CreateCert is a wrapper for x509.CreateCertificate to switch between parent certificates through the chain
func CreateNewCRLForCA ¶
func CreateNewCRLForCA(certificate *x509.Certificate, privateKey crypto.Signer, path string) (bool, error)
CreateNewCRLForCA wraps all the processes needed to create a new CRL for a CA
func DecodePrivateKeyPem ¶
DecodePrivateKeyPem from file to pem struct
func DecodePublicKeyPem ¶
DecodePublicKeyPem from file to pem struct
func DirectoryExists ¶
DirectoryExists checks if a file exists and returns a boolean or an erro
func DirectoryListingNames ¶
DirectoryListingNames lists just the name of files in a certain directory
func DirectoryListingNamesNoExt ¶
DirectoryListingNamesNoExt lists just the name of files in a certain directory without their extensions
func DownloadFile ¶
DownloadFile will download a url to a local file. It's efficient because it will write as it downloads and not load the whole file into memory.
func FileExists ¶
FileExists checks if a file exists and returns a boolean or an erro
func GenerateRSAKeypair ¶
GenerateRSAKeypair returns a private RSA key
func GetPrivateKey ¶
func GetPrivateKey(path string, rsaPrivateKeyPassword string) *rsa.PrivateKey
GetPrivateKey gets a private key soup to nuts
func GetPublicKey ¶
GetPublicKey gets a public key soup to nuts
func IncreaseSerialNumber ¶
IncreaseSerialNumber just updates a root CAs serial
func IncreaseSerialNumberAbs ¶
IncreaseSerialNumberAbs just updates a root CAs serial via absolute path to the serial file
func NewCRL ¶
func NewCRL(template *x509.RevocationList, issuer *x509.Certificate, priv crypto.Signer) ([]byte, error)
NewCRL basically just wraps CreateRevocationList in order to create a new blank CRL
func NewTabDelimitedWriter ¶
NewTabDelimitedWriter just wraps an IO writer
func PEMEncodeCRL ¶
PEMEncodeCRL encodes a CreateCertificateRequest DER byte stream to a PEM
func ParseFlags ¶
ParseFlags will create and parse the CLI flags and return the path to be used elsewhere
func ReadCACertificate ¶
func ReadCACertificate(path string) (*x509.Certificate, error)
ReadCACertificate reads a CA certificate and returns a *x509.Certificate object
func ReadCRLFromFile ¶
func ReadCRLFromFile(path string) (*x509.Certificate, error)
ReadCRLFromFile just wraps a byte reader and CRL Decoder
func ReadCertFromFile ¶
func ReadCertFromFile(path string) (*x509.Certificate, error)
ReadCertFromFile wraps the needed functions to safely read a PEM certificate
func ReadFileToBytes ¶
ReadFileToBytes will return the contents of a file
func ReadUserIP ¶
ReadUserIP gets the requesting client's IP so you can do a reverse DNS lookup
func ReadUserIPNoPort ¶
ReadUserIPNoPort gets the requesting client's IP without the port so you can do a reverse DNS lookup
func SetupNewCRLTemplate ¶
func SetupNewCRLTemplate(SignatureAlgorithm x509.SignatureAlgorithm, nextUpdate time.Time) *x509.RevocationList
SetupNewCRLTemplate wraps a RevokationList type with a bit of pre-processing
func Untar ¶
Untar takes a destination path and a reader; a tar reader loops over the tarfile creating the file structure at 'dst' along the way, and writing any files
func ValidateCertificateConfiguration ¶
func ValidateCertificateConfiguration(c CertificateConfiguration) (bool, []string, error)
ValidateCertificateConfiguration will run a CertificateConfiguration object through basic validations
func ValidateConfigPath ¶
ValidateConfigPath just makes sure, that the path provided is a file, that can be read
func WriteByteFile ¶
WriteByteFile creates a file from a byte slice with an optional filemode, only if it's new, and populates it - can force overwrite optionally
Types ¶
type CAIndex ¶
type CAIndex struct {
State string
EndDate string
DateOfRevokation string
Serial string
PathToCertificate string
Subject string
}
CAIndex provides the tab-delimited structure for CA Index files
type CertificateAuthorityPaths ¶
type CertificateAuthorityPaths struct {
RootCAPath string
RootCACertRequestsPath string
RootCACertsPath string
RootCACertRevListPath string
RootCANewCertsPath string
RootCACertKeysPath string
RootCAKeysPath string
RootCAIntermediateCAPath string
RootCACertIndexFilePath string
RootCACertSerialFilePath string
RootCACrlnumFilePath string
}
CertificateAuthorityPaths returns all the default paths generated by a new CA
type CertificateConfiguration ¶
type CertificateConfiguration struct {
Subject CertificateConfigurationSubject `json:"subject"`
ExpirationDate []int `json:"expiration_date,omitempty"`
RSAPrivateKey string `json:"rsa_private_key,omitempty"`
RSAPrivateKeyPassphrase string `json:"rsa_private_key_passphrase,omitempty"`
SerialNumber string `json:"serial_number,omitempty"`
SANData SANData `json:"san_data,omitempty"`
CertificateType string `json:"certificate_type,omitempty"`
}
CertificateConfiguration is a struct to pass Certificate Config Information into the setup functions
`Subject` is a CertificateConfigurationSubject object
`ExpirationDate` is expressed as a slice of 3 ints [ years, months, days ] in the future
`RSAPrivateKey` is optional - this is used to sign a certificate request with an external key instead of one generated in the PKI
`RSAPrivateKeyPassphrase` is optional - this is used to secure the key if generated via PKI
`SANData` is a SANData object
`CertificateType` is a string representing what type of certificate is being requested or generated and is used in validation checks. Options: server|client|authority|authority-no-subs
type CertificateConfigurationSubject ¶
type CertificateConfigurationSubject struct {
CommonName string `json:"common_name"`
Organization []string `json:"organization,omitempty"`
OrganizationalUnit []string `json:"organizational_unit,omitempty"`
Country []string `json:"country,omitempty"`
Province []string `json:"province,omitempty"`
Locality []string `json:"locality,omitempty"`
StreetAddress []string `json:"street_address,omitempty"`
PostalCode []string `json:"postal_code,omitempty"`
}
CertificateConfigurationSubject is simply a redefinition of pkix.Name
type CertificateInfo ¶
type CertificateInfo struct {
Slug string `json:"slug"`
CertificatePEM string `json:"certificate_pem"`
Certificate *x509.Certificate `json:"certificate"`
CertificateAuthorityPEMBundle string `json:"ca_bundle"`
}
CertificateInfo provides general Certificate information
type CertificateInformation ¶
type CertificateInformation struct {
CommonName string `json:"common_name"`
StartDate string `json:"start_date"`
ExpirationDate string `json:"expiration_date"`
}
CertificateInformation gives a general read out of a certificate file
type CertificateRequestInfo ¶
type CertificateRequestInfo struct {
Slug string `json:"slug"`
CertificateRequestPEM string `json:"csr_pem"`
CertificateRequest *x509.CertificateRequest `json:"certificate_request"`
KeyPair KeyPair `json:"key_pair,omitempty"`
}
CertificateRequestInfo provides general Certificate Request information
type CertificateRequestInput ¶
type CertificateRequestInput struct {
PublicKey string `json:"public_key"`
CertificateType string `json:"certificate_type,omitempty"`
FromPEM string `json:"from_pem,omitempty"`
FromCAPath TargetAndCAPath `json:"from_ca_path,omitempty"`
}
CertificateRequestInput provides a set of possible input sources for a CSR in Certificate Generation
type Config ¶
type Config struct {
Locksmith ConfigYAML `yaml:"locksmith"`
}
Config struct for webapp config
func (Config) RunHTTPServer ¶
func (config Config) RunHTTPServer()
RunHTTPServer will run the HTTP Server
type ConfigYAML ¶
ConfigYAML is what is defined for this Locksmith server
type Counter ¶
type Counter struct {
// contains filtered or unexported fields
}
Counter for serial number
type KeyPair ¶
type KeyPair struct {
PublicKey string `json:"public_key,omitempty"`
PrivateKey string `json:"private_key,omitempty"`
}
KeyPair combines a string for a Public and Private Key Base64 PEM
type RESTGETAuthorityJSONReturn ¶
type RESTGETAuthorityJSONReturn struct {
Status string `json:"status"`
Errors []string `json:"errors"`
Messages []string `json:"messages"`
Slug string `json:"slug"`
CertificatePEM string `json:"certificate_pem"`
CertificateInfo *x509.Certificate `json:"certificate_information"`
}
RESTGETAuthorityJSONReturn handles the data returned by the GET /authority endpoint
type RESTGETCertificateInformationJSONReturn ¶
type RESTGETCertificateInformationJSONReturn struct {
Status string `json:"status"`
Errors []string `json:"errors"`
Messages []string `json:"messages"`
Slug string `json:"slug"`
CertificatePEM string `json:"certificate_pem"`
CertificateInfo *x509.Certificate `json:"certificate_information"`
}
RESTGETCertificateInformationJSONReturn handles the data returned by the GET /certificate endpoint
type RESTGETCertificateRequestJSONReturn ¶
type RESTGETCertificateRequestJSONReturn struct {
Status string `json:"status"`
Errors []string `json:"errors"`
Messages []string `json:"messages"`
CertificateRequestPEM string `json:"csr_pem"`
CertificateRequest *x509.CertificateRequest `json:"certificate_request"`
}
RESTGETCertificateRequestJSONReturn handles the data returned by the GET /certificate-request endpoint
type RESTGETCertificateRequestsJSONReturn ¶
type RESTGETCertificateRequestsJSONReturn struct {
Status string `json:"status"`
Errors []string `json:"errors"`
Messages []string `json:"messages"`
CertificateRequests []string `json:"certificate_requests"`
}
RESTGETCertificateRequestsJSONReturn handles the data returned by the GET /certificate-requests endpoint
type RESTGETCertificatesJSONReturn ¶
type RESTGETCertificatesJSONReturn struct {
Status string `json:"status"`
Errors []string `json:"errors"`
Messages []string `json:"messages"`
Certificates []string `json:"certificates"`
}
RESTGETCertificatesJSONReturn handles the data returned by the GET /certificates endpoint
type RESTGETIntermedCAJSONIn ¶
type RESTGETIntermedCAJSONIn struct {
CommonNamePath string `json:"cn_path,omitempty"`
SlugPath string `json:"slug_path,omitempty"`
}
RESTGETIntermedCAJSONIn handles the data required by the GET /intermediates endpoint
type RESTGETIntermedCAJSONReturn ¶
type RESTGETIntermedCAJSONReturn struct {
Status string `json:"status"`
Errors []string `json:"errors"`
Messages []string `json:"messages"`
IntermediateCAs []string `json:"intermediate_certificate_authorities"`
}
RESTGETIntermedCAJSONReturn handles the data returned by the GET /intermediates endpoint
type RESTGETKeyPairJSONReturn ¶
type RESTGETKeyPairJSONReturn struct {
Status string `json:"status"`
Errors []string `json:"errors"`
Messages []string `json:"messages"`
KeyPair KeyPair `json:"key_pair,omitempty"`
}
RESTGETKeyPairJSONReturn handles the data returned by the GET /keys endpoint for specific key pair id data
type RESTGETKeyPairsJSONReturn ¶
type RESTGETKeyPairsJSONReturn struct {
Status string `json:"status"`
Errors []string `json:"errors"`
Messages []string `json:"messages"`
KeyPairs []string `json:"key_pairs,omitempty"`
}
RESTGETKeyPairsJSONReturn handles the data returned by the GET /keys endpoint for key pair listings
type RESTGETKeyStoresJSONReturn ¶
type RESTGETKeyStoresJSONReturn struct {
Status string `json:"status"`
Errors []string `json:"errors"`
Messages []string `json:"messages"`
KeyStores []string `json:"key_stores,omitempty"`
}
RESTGETKeyStoresJSONReturn handles the data returned by the GET /keystores endpoint for key store listings
type RESTGETRevocationListJSONReturn ¶
type RESTGETRevocationListJSONReturn struct {
Status string `json:"status"`
Errors []string `json:"errors"`
Messages []string `json:"messages"`
Slug string `json:"slug"`
CertificatePEM string `json:"crl_pem"`
CertificateList *pkix.CertificateList `json:"crl_list"`
}
RESTGETRevocationListJSONReturn handles the data returned by the GET /authority endpoint
type RESTPOSTCertificateJSONIn ¶
type RESTPOSTCertificateJSONIn struct {
CommonNamePath string `json:"cn_path,omitempty"`
SlugPath string `json:"slug_path,omitempty"`
SigningPrivateKeyPassphrase string `json:"signing_key_passphrase,omitempty"`
CertificateRequestInput CertificateRequestInput `json:"csr_input"`
ExpirationDate []int `json:"expiration_date,omitempty"`
}
RESTPOSTCertificateJSONIn handles the data required by the POST /certificate endpoint
type RESTPOSTCertificateJSONReturn ¶
type RESTPOSTCertificateJSONReturn struct {
Status string `json:"status"`
Errors []string `json:"errors"`
Messages []string `json:"messages"`
CertInfo CertificateInfo `json:"csr_info"`
}
RESTPOSTCertificateJSONReturn handles the data returned by the POST /certificate endpoint
type RESTPOSTCertificateRequestJSONIn ¶
type RESTPOSTCertificateRequestJSONIn struct {
CommonNamePath string `json:"cn_path,omitempty"`
SlugPath string `json:"slug_path,omitempty"`
CertificateConfiguration CertificateConfiguration `json:"certificate_config"`
}
RESTPOSTCertificateRequestJSONIn handles the data required by the POST /certificate-request endpoint
type RESTPOSTCertificateRequestJSONReturn ¶
type RESTPOSTCertificateRequestJSONReturn struct {
Status string `json:"status"`
Errors []string `json:"errors"`
Messages []string `json:"messages"`
CSRInfo CertificateRequestInfo `json:"csr_info"`
}
RESTPOSTCertificateRequestJSONReturn handles the data returned by the POST /certificate-request endpoint
type RESTPOSTIntermedCAJSONIn ¶
type RESTPOSTIntermedCAJSONIn struct {
CommonNamePath string `json:"cn_path,omitempty"`
SlugPath string `json:"slug_path,omitempty"`
CertificateConfiguration CertificateConfiguration `json:"certificate_config"`
SigningPrivateKeyPassphrase string `json:"rsa_private_key_passphrase,omitempty"`
}
RESTPOSTIntermedCAJSONIn handles the data required by the POST /intermediates endpoint
type RESTPOSTKeyStoresJSONIn ¶
type RESTPOSTKeyStoresJSONIn struct {
KeyStore string `json:"key_store_name"`
}
RESTPOSTKeyStoresJSONIn handles the data returned by the GET /keystores endpoint for key store listings
type RESTPOSTKeyStoresJSONReturn ¶
type RESTPOSTKeyStoresJSONReturn struct {
Status string `json:"status"`
Errors []string `json:"errors"`
Messages []string `json:"messages"`
KeyStore string `json:"key_store_id"`
}
RESTPOSTKeyStoresJSONReturn handles the data returned by the GET /keystores endpoint for key store listings
type RESTPOSTNewKeyPairIn ¶
type RESTPOSTNewKeyPairIn struct {
KeyPairID string `json:"key_pair_id"`
KeyStoreID string `json:"key_store_id,omitempty"`
Passphrase string `json:"passphrase,omitempty"`
StorePrivateKey bool `json:"store_private_key"`
}
RESTPOSTNewKeyPairIn organizes the data required for creating a new Key Pair
type RESTPOSTNewKeyPairReturn ¶
type RESTPOSTNewKeyPairReturn struct {
Status string `json:"status"`
Errors []string `json:"errors"`
Messages []string `json:"messages"`
KeyPair KeyPair `json:"key_pair,omitempty"`
KeyPairID string `json:"key_pair_id,omitempty"`
}
RESTPOSTNewKeyPairReturn handles the data returned by the POST /keys endpoint for generated key pairs
type RealKeyPair ¶
type RealKeyPair struct {
PublicKey *rsa.PublicKey `json:"public_key,omitempty"`
PrivateKey *rsa.PrivateKey `json:"private_key,omitempty"`
}
RealKeyPair combines a string for a Public and Private Key objects
type ReturnGenericMessage ¶
type ReturnGenericMessage struct {
Status string `json:"status"`
Errors []string `json:"errors"`
Messages []string `json:"messages"`
}
ReturnGenericMessage - Generic message
type ReturnGetRoots ¶
type ReturnGetRoots struct {
Status string `json:"status"`
Errors []string `json:"errors"`
Messages []string `json:"messages"`
Roots []string `json:"roots"`
}
ReturnGetRoots - GET /roots, handles listing of root ca slugs
type ReturnPostRoots ¶
type ReturnPostRoots struct {
Status string `json:"status"`
Errors []string `json:"errors"`
Messages []string `json:"messages"`
Root RootInfo `json:"root"`
}
ReturnPostRoots - POST /roots, handles the returned data from creating a Root CA
type RootInfo ¶
type RootInfo struct {
Slug string `json:"slug"`
Serial string `json:"next_serial"`
CertInfo x509.Certificate `json:"certificate"`
}
RootInfo provides general root informations
type SANData ¶
type SANData struct {
IPAddresses []net.IP `json:"ip_addresses,omitempty"`
EmailAddresses []string `json:"email_addresses,omitempty"`
DNSNames []string `json:"dns_names,omitempty"`
URIs []string `json:"uris,omitempty"`
}
SANData provides a collection of SANData for a certificate
type Server ¶
type Server struct {
// Host is the local machine IP Address to bind the HTTP Server to
Host string `yaml:"host"`
BasePath string `yaml:"base_path"`
// Port is the local machine TCP Port to bind the HTTP Server to
Port string `yaml:"port"`
Timeout struct {
// Server is the general server timeout to use
// for graceful shutdowns
Server time.Duration `yaml:"server"`
// Write is the amount of time to wait until an HTTP server
// write opperation is cancelled
Write time.Duration `yaml:"write"`
// Read is the amount of time to wait until an HTTP server
// read operation is cancelled
Read time.Duration `yaml:"read"`
// Read is the amount of time to wait
// until an IDLE HTTP session is closed
Idle time.Duration `yaml:"idle"`
} `yaml:"timeout"`
}
Server configures the HTTP server
type TargetAndCAPath ¶
TargetAndCAPath provides a structure to target items under a CA path such as certificates, CSRs, etc Target could be certs/slug-here, certreqs/slug-here
Source Files
¶
- api.app.go
- api.authorities.go
- api.ca.go
- api.certs.go
- api.crl.go
- api.csr.go
- api.intermediate-ca.go
- api.keys.go
- api.keystores.go
- func.certs.go
- func.cli.go
- func.crl.go
- func.csr.go
- func.encryption.go
- func.file.go
- func.http-server.go
- func.index.go
- func.intermediate-ca.go
- func.keys.go
- func.keystores.go
- func.logging.go
- func.misc.go
- func.network.go
- func.pem.go
- func.root-ca.go
- func.x509.go
- main.go
- types.go
- variables.go