README

issuer

Issuer for Certificates, knows how to interface several managed CA solutions.

Documentation

Overview

    Package issuer implements a common interface for several TLS Certificate Authority issuance implementations.

    Index

    Constants

    This section is empty.

    Variables

    View Source
    var (
    	// ErrNotSupported indicates the requested operation is not supported by the Issuer.
    	ErrNotSupported = errors.New("issuer: not supported")
    )

    Functions

    func DigiCertEVProduct

    func DigiCertEVProduct(names []string, extKeyUsage []x509.ExtKeyUsage) string

    func DigiCertProduct

    func DigiCertProduct(names []string, extKeyUsage []x509.ExtKeyUsage) string

    Types

    type Capability

    type Capability uint

      Capability bitmask to indicate Issuer capabilities.

      const (
      	Sign Capability = 1 << iota
      	SignKeyPair
      	Renew
      	Revoke
      	RevocationList
      	OCSP
      )

        Capability flags.

        const (
        	None Capability = 0
        	All  Capability = Sign | SignKeyPair | Renew | Revoke | RevocationList | OCSP
        )

          Composite Capability flags.

          type DigiCertProductFunc

          type DigiCertProductFunc func([]string, []x509.ExtKeyUsage) string

            DigiCertProductFunc returns a DigiCert product name for the requested usage.

            type Issuer

            type Issuer interface {
            	// Capabilities returns the issuer capability flags.
            	Capabilities() Capability
            
            	// Certificate for this issuer.
            	Certificate() *x509.Certificate
            
            	// Chain is X.509 chain for this issuer.
            	Chain() []*x509.Certificate
            
            	// RevocationList returns the Certificate Revocation List (CRL).
            	RevocationList() (crl []byte, list *pkix.CertificateList, err error)
            
            	// Request a Certificate.
            	Request(csr *x509.CertificateRequest, ttl time.Duration) (cert *x509.Certificate, chain []*x509.Certificate, err error)
            
            	// RequestKeyPair requests a certificate and private key pair based on
            	// the supplied certificate template.
            	RequestKeyPair(template *x509.Certificate, ttl time.Duration) (cert *x509.Certificate, chain []*x509.Certificate, key crypto.PrivateKey, err error)
            
            	// Renew a certificate previously issued by this issuer.
            	Renew(old *x509.Certificate, ttl time.Duration) (cert *x509.Certificate, chain []*x509.Certificate, err error)
            
            	// Revoke a certificate previously issued by this issuer.
            	Revoke(crt *x509.Certificate) (revoked bool, err error)
            }

              Issuer can issue certificates.

              func NewDigiCert

              func NewDigiCert(token string, product DigiCertProductFunc) Issuer

                NewDigiCert returns an issuer that uses the DigiCert API. If product is nil, DigiCertProduct will be used to determine what product to use in requesting new certificates.

                func NewLemur

                func NewLemur(api, authorityName string, options ...LemurOption) (Issuer, error)

                  NewLemur sets up a Lemur based issuer.

                  func NewStandalone

                  func NewStandalone(certFile, keyFile, crlFile string) (Issuer, error)

                    Newstandalone returns a standalone issuer, with the supplied certFile and keyFile as Certificate Authority certificate and key (PEM format). The crlFile location should be writable, so the issuer can store revoked certificates.

                    func NewVault

                    func NewVault(api, mountpoint, role string, options ...VaultOption) (Issuer, error)

                      NewVault initializes a new Vault based issuer on the specified mountpoint and role. Each role requires a separate instance.

                      type LemurOption

                      type LemurOption func(*lemur)

                        LemurOption is an option for NewLemur.

                        func LemurAuth

                        func LemurAuth(username, password string) LemurOption

                          LemurAuth enables username/password authentication.

                          func LemurDefaultOwner

                          func LemurDefaultOwner(email string) LemurOption

                            LemurDefaultOwner defines the owner for certificates that don't have an emailAddress attribute type and value in the subject.

                            func LemurSkipVerifyTLS

                            func LemurSkipVerifyTLS() LemurOption

                              LemurSkipVerifyTLS disabled TLS verification.

                              func LemurToken

                              func LemurToken(token string) LemurOption

                                LemurToken enables token authentication.

                                type VaultOption

                                type VaultOption func(*vault)

                                  VaultOption is an option for NewVault.

                                  func VaultToken

                                  func VaultToken(token string) VaultOption

                                    VaultToken adds the Vault authentication token.

                                    Directories

                                    Path Synopsis
                                    Package pkixutil implements helpers for formatting and parsing X.509 attributes and types.
                                    Package pkixutil implements helpers for formatting and parsing X.509 attributes and types.