package module
v0.1.2 Latest Latest

This package is not in the latest version of its module.

Go to latest
Published: Sep 20, 2023 License: MIT Imports: 27 Imported by: 1



Package ca provides a basic Certificate Authority



View Source
const (
	Day  = 24 * time.Hour // Day is 24 hours
	Year = 365 * Day      // Year is 365 days

	// DefaultCertificateDuration is 90 days
	DefaultCertificateDuration = 90 * Day
	// DefaultCADuration is 10 years
	DefaultCADuration = 10 * Year


This section is empty.


func RandomSerialNumber

func RandomSerialNumber() *big.Int

RandomSerialNumber generates a random serial number for a new Certificate


type CA

type CA struct {
	// contains filtered or unexported fields

CA is a basic Certificate Authority

func (*CA) CreateCertificate

func (ca *CA) CreateCertificate(tpl *x509.Certificate,
	pub crypto.PublicKey) (certPEM []byte, err error)

CreateCertificate signs a x509.Certificate returning the result PEM encoded

func (*CA) ECDSA

func (ca *CA) ECDSA() bool

ECDSA tells if certificates should be ECDSA instead of RSA

func (*CA) ED25519

func (ca *CA) ED25519() bool

ED25519 tells if certificates should be ED25519 instead of RSA

func (*CA) GenerateKey

func (ca *CA) GenerateKey() (x509utils.PrivateKey, error)

GenerateKey generates a new PrivateKey for a Server

func (*CA) GetCAPool

func (ca *CA) GetCAPool() *x509.CertPool

GetCAPool generates a CertPool only including this CA

func (*CA) GetCertificate

func (ca *CA) GetCertificate(chi *tls.ClientHelloInfo) (*tls.Certificate, error)

GetCertificate looks for the TLS certificate for a given chi.ServerName, and creates one if it doesn't

func (*CA) NewKeyCertPair

func (ca *CA) NewKeyCertPair(clientAuth bool,
	tpl *x509.Certificate) (keyPEM, certPEM []byte, err error)

NewKeyCertPair creates a new key+cert based on a given template, returning the resulting PEM encoded

func (*CA) ServeCertificate

func (ca *CA) ServeCertificate(rw http.ResponseWriter, req *http.Request)

ServeCertificate handles requests for the CA Certificate

func (*CA) WriteCert

func (ca *CA) WriteCert(w io.Writer) (int64, error)

WriteCert writes the CA's Certificate PEM encoded

func (*CA) WriteKey

func (ca *CA) WriteKey(w io.Writer) (int64, error)

WriteKey writes the CA's Private Key PEM encoded

type Config

type Config struct {
	// KeyAlgorithm specifies the algorithm to use when
	// generating a PrivateKey. Defaults to RSA.
	KeyAlgorithm KeyAlgorithm

	// Template is used to create new certificates
	Template TemplateConfig

Config describes how the CA will operate

func (*Config) GenerateKey

func (cfg *Config) GenerateKey(rootCA bool) (x509utils.PrivateKey, error)

GenerateKey generates a new PrivateKey

func (Config) LoadCA

func (cfg Config) LoadCA(key x509utils.PrivateKey, certs []*x509.Certificate) (*CA, error)

LoadCA creates a new CA using the given key and certs chain

func (Config) NewCA

func (cfg Config) NewCA(tc *TemplateConfig) (*CA, error)

NewCA generates a new self-signed CA using the provided TemplateConfig

type KeyAlgorithm

type KeyAlgorithm int

KeyAlgorithm specifies the algorithm to use when generating a Private Key

const (
	// KeyAlgorithmUnspecified is treated as if it was KeyAlgorithmRSA
	KeyAlgorithmUnspecified KeyAlgorithm = iota
	// KeyAlgorithmRSA uses RSA3072 for the CA, and 2048 for servers
	// KeyAlgorithmECDSA uses ECDSA 256 for either CA or server
	// KeyAlgorithmED25519 uses ED25519 for either CA or server

type TemplateConfig

type TemplateConfig struct {
	O  string // O is the Subject.Organizaton
	OU string // OU is the Subject.OrganizationalUnit
	CN string // CN in the Subject.CommonName

	// Duration is how long the certificate will last
	Duration time.Duration

TemplateConfig describes the details to compose a new Certificate and CertificateRequest template

func (*TemplateConfig) NewCATemplate

func (tc *TemplateConfig) NewCATemplate(skid []byte) *x509.Certificate

NewCATemplate generates the template to create a new CA, based on the information on the Issuer field.

func (*TemplateConfig) NewCSRTemplate

func (tc *TemplateConfig) NewCSRTemplate(names ...string) *x509.CertificateRequest

NewCSRTemplate creates a Certificate Request Template for a list of names. These names can be IP addresses, e-mail addresses, URIs or DNS names.

func (*TemplateConfig) NewCertificateTemplate

func (tc *TemplateConfig) NewCertificateTemplate(names ...string) *x509.Certificate

NewCertificateTemplate creates a Certificate Template for a list of names. These names can be IP addresses, e-mail addresses, URIs or DNS names.

func (*TemplateConfig) NewTemplateFromCSR

func (tc *TemplateConfig) NewTemplateFromCSR(csr *x509.CertificateRequest) *x509.Certificate

NewTemplateFromCSR prepares a x509.Certificate from a x509.CertificateRequest

func (TemplateConfig) SetDefaults

func (tc TemplateConfig) SetDefaults(target *TemplateConfig)

SetDefaults uses itself to set default values to a target TemplateConfig

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL