pki

package
Version: v0.0.0-...-f2f0146 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Mar 1, 2022 License: Apache-2.0 Imports: 26 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source
var (
	TLS_CERTIFICATE_MISSING = "TLS client authentication required for certificate renewal."
	TLS_CRT_SUBJECT_MISSING = "TLS client authentication requires certificat with CommonName, OrganizationalUnit and Organization."
	TLS_CRT_REQUEST_INVALID = "Certificate request invalid. "
)
View Source
var (
	RENEW_CFG_PRIVKEY_MISSING     = "configuration is nil or TLS client private key not found."
	RENEW_TLS_CERTIFICATE_MISSING = "no TLS Certificate found to check expiration date."
	RENEW_CFG_CERT_PATH_MISSING   = "configuration is nil or client cert path is missing."
)
View Source
var ErrorInvalidCommonName = errors.New("invalid Common Name provided")

Functions

func CertExpirationDate

func CertExpirationDate(cfg *arc_config.Config) (*time.Time, error)

CertExpirationDate return the notAfter attribute of the cert

func CertExpiresIn

func CertExpiresIn(notAfter *time.Time) int64

CertExpiresIn returns expiration time in hours (int64)

func CheckAndRenewCert

func CheckAndRenewCert(cfg *arc_config.Config, renewURI string, renewThreshold int64, httpClientInsecureSkipVerify bool) (int64, error)

CheckAndRenewCert check with the threshold and renew the cert int64 --> hours left to the expiration date. If int64 > 0 means that hoursLeft > threshold and there is no need to renew the cert error --> something wrong happend

func CreateSignReqCert

func CreateSignReqCert(commonName, organization, organizationalUnit string, privKey interface{}) (csreq []byte, err error)

CreateSignReqCert Creates a signing request cert PEM Block from a private key

func CreateSignReqCertAndPrivKey

func CreateSignReqCertAndPrivKey(commonName, organization, organizationalUnit string) (csreq, key []byte, err error)

CreateSignReqCertAndPrivKey Creates a signing request cert and private key SignatureAlgorithm is x509.ECDSAWithSHA256

func CreateTestToken

func CreateTestToken(db *sql.DB, subject string) string

CreateTestToken save a test token in the db

func CreateToken

func CreateToken(db *sql.DB, authorization *auth.Authorization, payload TokenRequest) (string, error)

CreateToken return a new sign token

func GetTestToken

func GetTestToken(db *sql.DB, token string) (string, error)

GetTestToken get a saved token

func PruneCertificates

func PruneCertificates(db *sql.DB) (int64, error)

func PruneTokens

func PruneTokens(db *sql.DB) (int64, error)

func RenewCert

func RenewCert(cfg *arc_config.Config, renewURI string, httpClientInsecureSkipVerify bool) error

RenewCert renew the cert

func SaveCertificate

func SaveCertificate(certPEMBlock []byte, cfg *arc_config.Config) error

func SendCertificateRequest

func SendCertificateRequest(client *http.Client, endpoint string, cfg *arc_config.Config) ([]byte, error)

func SetupSigner

func SetupSigner(caCertFile, caKeyFile, configFile string) (err error)

SetupSigner initializes the Signer

func Sign

func Sign(csr []byte, subject signer.Subject, profile string) ([]byte, error)

func SignToken

func SignToken(db *sql.DB, token string, csr []byte) (*[]byte, string, error)

SignToken sign a given token returning the certificate

Types

type SignForbidden

type SignForbidden struct {
	Msg string
}

SignForbidden should be used to return a 403

func (SignForbidden) Error

func (e SignForbidden) Error() string

type Subject

type Subject struct {
	CommonName         string
	OrganizationalUnit string
	Organization       string
}

func TLSRequestSubject

func TLSRequestSubject(r *http.Request) (Subject, error)

type TokenRequest

type TokenRequest struct {
	signer.Subject
	Profile string
}

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL