Documentation
¶
Overview ¶
Package tls takes care of all tls actions for a chain
Index ¶
Constants ¶
This section is empty.
Variables ¶
var ( // DefaultExpiry is the default expiry for DefaultExpiry = 365 * 24 * time.Hour // DefaultKeyUsage is used when no KeyUsages are set DefaultKeyUsage = x509.KeyUsageDataEncipherment | x509.KeyUsageDigitalSignature | x509.KeyUsageKeyEncipherment // DefaultExtendedKeyUsages is a list of extended Key usages to be used when not // specified in the config DefaultExtendedKeyUsages = []x509.ExtKeyUsage{ x509.ExtKeyUsageClientAuth, x509.ExtKeyUsageEmailProtection, x509.ExtKeyUsageServerAuth, } // DefaultSubject is used when no subject is set DefaultSubject = Subject{ Country: "NL", CommonName: "chainsmith", Locality: "Blarocum", Organisation: "Nibble-IT", OrganisationalUnit: "postgres", PostalCode: "1261 WZ", State: "Utrecht", StreetAddress: "Binnendelta 1-U2", } )
Functions ¶
This section is empty.
Types ¶
type Cert ¶ added in v0.3.0
type Cert struct {
Subject *Subject `json:"subject"`
Expiry time.Duration `json:"expiry"`
KeyUsage x509.KeyUsage `json:"key_usage"`
ExtKeyUsage []x509.ExtKeyUsage `json:"extended_key_usage"`
IsCa bool `json:"is_ca"`
AlternateNames []string `json:"subject_alternate_names"`
PEM []byte `json:"pem"`
Path string `json:"path"`
// contains filtered or unexported fields
}
Cert is an object representing a certificate
func (*Cert) Generate ¶ added in v0.3.0
Generate will generate a Certificate which still needs to be signed (a CSR)
func (*Cert) SetDefaults ¶ added in v0.3.0
func (c *Cert) SetDefaults( defaultSubject Subject, defaultExpiry time.Duration, defaultKeyUsage x509.KeyUsage, defaultExtKeyUsage []x509.ExtKeyUsage, )
SetDefaults will set default values when none is set
type Chain ¶ added in v0.3.0
type Chain struct {
Root Pair `json:"root"`
Intermediates Intermediates `json:"intermediates"`
// Path where all files are stored
Store string `json:"store"`
Keys Key `json:"keys"`
}
Chain can hold all configuration for a chain.
func (*Chain) InitializeCA ¶ added in v0.3.0
InitializeCA can be used to generate, build and save the CA cert and private key
func (*Chain) InitializeIntermediates ¶ added in v0.3.0
InitializeIntermediates can be used to inititialize all initermediates belonging to this chain
func (*Chain) Structure ¶ added in v0.3.0
func (c *Chain) Structure() ChainStructure
Structure will convert a chain into a structure that is easy convertible to YAML
type ChainStructure ¶ added in v0.3.0
type ChainStructure struct {
Certs map[string]map[string]string `json:"certs"`
Keys map[string]map[string]string `json:"private_keys"`
}
ChainStructure is a type that will be returned by the chain.Structure method
type ClassicIntermediate ¶ added in v0.3.0
type ClassicIntermediate struct {
Name string `json:"name"`
Intermediate `json:",inline"`
}
ClassicIntermediate exists for historic reasons
func (ClassicIntermediate) AsIntermediate ¶ added in v0.3.0
func (ci ClassicIntermediate) AsIntermediate() Intermediate
AsIntermediate converts a ClassicIntermediate into a Intermediate
type ClassicIntermediates ¶ added in v0.3.0
type ClassicIntermediates []ClassicIntermediate
ClassicIntermediates is a classical approach (list of structs with name in struct) to Intermediates (map of intermediates with name as key)
func (ClassicIntermediates) AsIntermediates ¶ added in v0.3.0
func (cis ClassicIntermediates) AsIntermediates() Intermediates
AsIntermediates converts a ClassicIntermediates into a Intermediates
type ExtKeyUsages ¶ added in v0.3.0
type ExtKeyUsages []string
ExtKeyUsages can be used to store KeyUsage references as strings
func (ExtKeyUsages) AsEKeyUsages ¶ added in v0.3.0
func (eks ExtKeyUsages) AsEKeyUsages() ([]x509.ExtKeyUsage, error)
AsEKeyUsages converts a ExtKeyUsages into a list of x509.ExtKeyUsage's
type Intermediate ¶ added in v0.3.0
type Intermediate struct {
Cert Pair `json:"cert"`
Servers Servers `json:"servers"`
Clients []string `json:"clients"`
// contains filtered or unexported fields
}
Intermediate holds the config of an intermediate, which can be either Server or Client (or both)
func (*Intermediate) InitializeClients ¶ added in v0.3.0
func (i *Intermediate) InitializeClients() error
InitializeClients can be used to generate, build and save certificates and private keys for all clients of an intermediate
func (*Intermediate) InitializeIntermediate ¶ added in v0.3.0
func (i *Intermediate) InitializeIntermediate( name string, signer Pair, ) error
InitializeIntermediate can be used to initialize the intermediate
func (*Intermediate) InitializeServers ¶ added in v0.3.0
func (i *Intermediate) InitializeServers() error
InitializeServers can be used to generate, build and save certificates and private keys for all servers an intermediate
type Intermediates ¶ added in v0.3.0
type Intermediates map[string]Intermediate
Intermediates holds all intermediates that are configured
func (Intermediates) Initialize ¶ added in v0.3.0
func (i Intermediates) Initialize( signer Pair, ) (Intermediates, error)
Initialize can be used to generate, build and save certificates and private keys for all servers and clients of all intermediates
type Key ¶ added in v0.3.0
Key represents a pair of private and public key used to encrypt and decrypt the private keys belonging to the certificates
type Pair ¶ added in v0.3.0
type Pair struct {
Cert Cert `json:"cert"`
PrivateKey PrivateKey `json:"private_key"`
}
A Pair is a combination of a cert and the Private key that belongs to the cert
func (*Pair) Process ¶ added in v0.3.0
Process will do all that is required for a pair, e.a. generate, sign, encode and save
type Pairs ¶ added in v0.3.0
Pairs is a collection of `certificate and private key` pairs
func (Pairs) Generate ¶ added in v0.3.0
Generate will generate a cert and private key. We use copy on write and return the copy
type PrivateKey ¶ added in v0.3.0
type PrivateKey struct {
PEM []byte `json:"pem"`
Path string `json:"path"`
// contains filtered or unexported fields
}
PrivateKey can hold all information regarding a private key
func (*PrivateKey) Encode ¶ added in v0.3.0
func (pk *PrivateKey) Encode() error
Encode will encode the rsa.PrivateKey to a PEM byte array and store it in the PEM field
func (*PrivateKey) Generate ¶ added in v0.3.0
func (pk *PrivateKey) Generate() error
Generate is a method that can generate a Private key.
func (PrivateKey) PublicKey ¶ added in v0.3.0
func (pk PrivateKey) PublicKey() (rsa.PublicKey, error)
PublicKey will return the public key belonging to the private key. PublicKey raises an error when the Private key is not properly initialized
func (*PrivateKey) Save ¶ added in v0.3.0
func (pk *PrivateKey) Save() error
Save can be used to save a Private Key PEM to disk
type ServerAddresses ¶ added in v0.3.0
type ServerAddresses []string
ServerAddresses is a list of DNS names and/or ip addresses to be used in the SAN field
type Servers ¶ added in v0.3.0
type Servers map[string]ServerAddresses
Servers is a map holding servers, with addresses. The key will be used for the CommonName
type Subject ¶ added in v0.3.0
type Subject struct {
Country string `json:"C"`
CommonName string `json:"CN"`
Locality string `json:"L"`
Organisation string `json:"O"`
OrganisationalUnit string `json:"OU"`
PostalCode string `json:"PC"`
SerialNumber string `json:"SERIAL"`
State string `json:"ST"`
StreetAddress string `json:"STREET"`
UserID string `json:"UID"`
}
Subject can hold all fields that belong to the subject of a cert
func (Subject) AsPkixName ¶ added in v0.3.0
AsPkixName will convert the Subject to a Pkix.Name
func (Subject) SetCommonName ¶ added in v0.3.0
SetCommonName will return a new Subject, but with another CommonName
Source Files