certstate

package
v0.0.0-...-8a92b27 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jun 19, 2026 License: GPL-3.0 Imports: 21 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	CertificateStateUnset    = "unset"
	CertificateStateAccepted = "accepted"
	CertificateStateBlocked  = "blocked"
)

Variables

View Source 
var GenerateCertificateDatabase = GenerateCertificateDatabaseImpl

Functions

func CertificatePath 

func CertificatePath(name string) string

CertificatePath returns a path to the certificate file itself, given the name of the certificate (without .crt extension).

func GenerateCertificateDatabaseImpl 

func GenerateCertificateDatabaseImpl() error

GenerateCertificateDatabase generates the ca-certificates.crt based on the following folders: - /etc/ssl/certs/ (base certificates from the system) - /var/lib/snapd/pki/v1/added/ (user added certificates) - /var/lib/snapd/pki/v1/blocked/ (user blocked certificates)

Inside the added/ and blocked/ folders, the certificates are expected to be named by their digest (sha256 hash of the certificate chain). - /var/lib/snapd/pki/v1/added/<digest>.crt - /var/lib/snapd/pki/v1/blocked/<digest>.crt

The resulting ca-certificates.crt is written to /var/lib/snapd/pki/v1/merged/ca-certificates.crt If a previous version of the ca-certificates.crt exists, it is backed up to /var/lib/snapd/pki/v1/merged/ca-certificates.crt.old

func RemoveCertificate 

func RemoveCertificate(name string) error

RemoveCertificate removes the certificate file for the given name. This does not remove the symlinks in the added/blocked directories. 

func RemoveCertificateSymlinks(digest string) error

RemoveCertificateSymlinks removes the symlinks for the given certificate digest from the added and blocked directories.

func SetCertificateState 

func SetCertificateState(name, digest, state string) error

SetCertificateState sets the state of the certificate with the given name and digest. The state can be either "accepted", "blocked" or "unset". This is done by creating a symlink to the certificate file in the corresponding directory (added/blocked), or removing any existing symlink if the state is set to "unset".

func WriteCertificate 

func WriteCertificate(name, content string) error

WriteCertificate writes the given contents as a new certificate file. Does not set the state of the certificate (i.e. does not create symlinks in the added/blocked directories).

Types

type CertManager 

type CertManager struct {
	// contains filtered or unexported fields
}

func Manager 

func Manager(st *state.State, runner *state.TaskRunner) *CertManager

func (*CertManager) Ensure 

func (m *CertManager) Ensure() error

type CertificateData 

type CertificateData struct {
	Raw    *x509.Certificate
	Digest string
}

func ParseCertificateData 

func ParseCertificateData(certData []byte) (*CertificateData, error)

ParseCertificateData parses certificate data and returns the first certificate, plus the full chain DER blobs (all CERTIFICATE PEM blocks, in order).

For DER input, it returns a single-certificate chain.

type CertificateInfo 

type CertificateInfo struct {
	Name        string `json:"name"`
	Fingerprint string `json:"fingerprint"`
	State       string `json:"state"`
	Content     string `json:"content,omitempty"`
}

func CustomCertificateInfo 

func CustomCertificateInfo(name string) (*CertificateInfo, error)

CustomCertificateInfo returns the information about a custom certificate with the given name, including its fingerprint, state and content.

func CustomCertificates 

func CustomCertificates() ([]*CertificateInfo, error)

CustomCertificates returns the list of custom certificates with their name, fingerprint and state.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.