pki

package

v0.0.0-...-116ca14 Latest Latest Go to latest Published: Sep 15, 2023 License: Apache-2.0 Imports: 26 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/sapcc/arc

Links

Open Source Insights

Documentation ¶

Index ¶

Variables
func CertExpirationDate(cfg *arc_config.Config) (*time.Time, error)
func CertExpiresIn(notAfter *time.Time) int64
func CheckAndRenewCert(cfg *arc_config.Config, renewURI string, renewThreshold int64, ...) (int64, error)
func CreateSignReqCert(commonName, organization, organizationalUnit string, privKey interface{}) (csreq []byte, err error)
func CreateSignReqCertAndPrivKey(commonName, organization, organizationalUnit string) (csreq, key []byte, err error)
func CreateTestToken(db *sql.DB, subject string) string
func CreateToken(db *sql.DB, authorization *auth.Authorization, payload TokenRequest) (string, error)
func GetTestToken(db *sql.DB, token string) (string, error)
func PruneCertificates(db *sql.DB) (int64, error)
func PruneTokens(db *sql.DB) (int64, error)
func RenewCert(cfg *arc_config.Config, renewURI string, httpClientInsecureSkipVerify bool) error
func SaveCertificate(certPEMBlock []byte, cfg *arc_config.Config) error
func SendCertificateRequest(client *http.Client, endpoint string, cfg *arc_config.Config) ([]byte, error)
func SetupSigner(caCertFile, caKeyFile, configFile string) (err error)
func Sign(csr []byte, subject signer.Subject, profile string) ([]byte, error)
func SignToken(db *sql.DB, token string, csr []byte) (*[]byte, string, error)
type SignForbidden
- func (e SignForbidden) Error() string
type Subject
- func TLSRequestSubject(r *http.Request) (Subject, error)
type TokenRequest

Constants ¶

This section is empty.

Variables ¶

View Source

var (
	TLS_CERTIFICATE_MISSING = "TLS client authentication required for certificate renewal."
	TLS_CRT_SUBJECT_MISSING = "TLS client authentication requires certificat with CommonName, OrganizationalUnit and Organization."
	TLS_CRT_REQUEST_INVALID = "Certificate request invalid. "
)

View Source

var (
	RENEW_CFG_PRIVKEY_MISSING     = "configuration is nil or TLS client private key not found."
	RENEW_TLS_CERTIFICATE_MISSING = "no TLS Certificate found to check expiration date."
	RENEW_CFG_CERT_PATH_MISSING   = "configuration is nil or client cert path is missing."
)

View Source

var ErrorInvalidCommonName = errors.New("invalid Common Name provided")

Functions ¶

func CertExpirationDate ¶

func CertExpirationDate(cfg *arc_config.Config) (*time.Time, error)

CertExpirationDate return the notAfter attribute of the cert

func CertExpiresIn ¶

func CertExpiresIn(notAfter *time.Time) int64

CertExpiresIn returns expiration time in hours (int64)

func CheckAndRenewCert ¶

func CheckAndRenewCert(cfg *arc_config.Config, renewURI string, renewThreshold int64, httpClientInsecureSkipVerify bool) (int64, error)

CheckAndRenewCert check with the threshold and renew the cert int64 --> hours left to the expiration date. If int64 > 0 means that hoursLeft > threshold and there is no need to renew the cert error --> something wrong happend

func CreateSignReqCert ¶

func CreateSignReqCert(commonName, organization, organizationalUnit string, privKey interface{}) (csreq []byte, err error)

CreateSignReqCert Creates a signing request cert PEM Block from a private key

func CreateSignReqCertAndPrivKey ¶

func CreateSignReqCertAndPrivKey(commonName, organization, organizationalUnit string) (csreq, key []byte, err error)

CreateSignReqCertAndPrivKey Creates a signing request cert and private key SignatureAlgorithm is x509.ECDSAWithSHA256

func CreateTestToken ¶

func CreateTestToken(db *sql.DB, subject string) string

CreateTestToken save a test token in the db

func CreateToken ¶

func CreateToken(db *sql.DB, authorization *auth.Authorization, payload TokenRequest) (string, error)

CreateToken return a new sign token

func GetTestToken ¶

func GetTestToken(db *sql.DB, token string) (string, error)

GetTestToken get a saved token

func PruneCertificates ¶

func PruneCertificates(db *sql.DB) (int64, error)

func PruneTokens ¶

func PruneTokens(db *sql.DB) (int64, error)

func RenewCert ¶

func RenewCert(cfg *arc_config.Config, renewURI string, httpClientInsecureSkipVerify bool) error

RenewCert renew the cert

func SaveCertificate ¶

func SaveCertificate(certPEMBlock []byte, cfg *arc_config.Config) error

func SendCertificateRequest ¶

func SendCertificateRequest(client *http.Client, endpoint string, cfg *arc_config.Config) ([]byte, error)

func SetupSigner ¶

func SetupSigner(caCertFile, caKeyFile, configFile string) (err error)

SetupSigner initializes the Signer

func Sign ¶

func Sign(csr []byte, subject signer.Subject, profile string) ([]byte, error)

func SignToken ¶

func SignToken(db *sql.DB, token string, csr []byte) (*[]byte, string, error)

SignToken sign a given token returning the certificate

Types ¶

type SignForbidden ¶

type SignForbidden struct {
	Msg string
}

SignForbidden should be used to return a 403

func (SignForbidden) Error ¶

func (e SignForbidden) Error() string

type Subject ¶

type Subject struct {
	CommonName         string
	OrganizationalUnit string
	Organization       string
}

func TLSRequestSubject ¶

func TLSRequestSubject(r *http.Request) (Subject, error)

type TokenRequest ¶

type TokenRequest struct {
	signer.Subject
	Profile string
}

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL