Documentation
¶
Overview ¶
Package certpool provides a x509 Certificates store from ground up
Index ¶
- Constants
- type Bundler
- type CertPool
- func (s *CertPool) AddCert(cert *x509.Certificate) bool
- func (s *CertPool) AppendCertsFromPEM(b []byte) bool
- func (pool *CertPool) Bundle(cert *x509.Certificate, key x509utils.PrivateKey, roots x509utils.CertPooler) (*tls.Certificate, error)
- func (s *CertPool) Certs() []*x509.Certificate
- func (s *CertPool) Clone() x509utils.CertPooler
- func (s *CertPool) Copy(out *CertPool) *CertPool
- func (s *CertPool) Count() int
- func (s *CertPool) Delete(_ context.Context, name string) error
- func (s *CertPool) DeleteCert(_ context.Context, cert *x509.Certificate) error
- func (s *CertPool) Equal(x x509utils.CertPooler) bool
- func (s *CertPool) Export() *x509.CertPool
- func (s *CertPool) ForEach(ctx context.Context, fn x509utils.StoreIterFunc) error
- func (s *CertPool) Get(_ context.Context, name string) (*x509.Certificate, error)
- func (s *CertPool) IsCA() bool
- func (s *CertPool) Minus(x x509utils.CertPooler) x509utils.CertPooler
- func (s *CertPool) Plus(x x509utils.CertPooler) x509utils.CertPooler
- func (s *CertPool) Put(_ context.Context, name string, cert *x509.Certificate) error
- func (s *CertPool) Reset()
- type Hash
- type PoolBuffer
- func (pb *PoolBuffer) Add(data ...string) error
- func (pb *PoolBuffer) AddCert(fn string, cert *x509.Certificate) error
- func (pb *PoolBuffer) AddKey(fn string, pk x509utils.PrivateKey) error
- func (pb *PoolBuffer) Bundle(cert *x509.Certificate, key x509utils.PrivateKey, roots x509utils.CertPooler) (*tls.Certificate, error)
- func (pb *PoolBuffer) Certificates(base x509utils.CertPooler) ([]*tls.Certificate, error)
- func (pb *PoolBuffer) CopyPool(out *CertPool) *CertPool
- func (pb *PoolBuffer) Count() int
- func (pb *PoolBuffer) Export() *x509.CertPool
- func (pb *PoolBuffer) Keys() []x509utils.PrivateKey
- func (pb *PoolBuffer) NewBundler(roots x509utils.CertPooler) (*Bundler, error)
- func (pb *PoolBuffer) Pool() *CertPool
- func (pb *PoolBuffer) Reset()
- func (pb *PoolBuffer) SetLogger(logger slog.Logger)
Constants ¶
const (
// HashSize is the number of bytes of HashCert's output
HashSize = 32
)
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Bundler ¶
type Bundler struct {
Roots x509utils.CertPooler
Inter x509utils.CertPooler
}
Bundler uses two CertPoolers to bundler keys and certificates
func (*Bundler) Bundle ¶
func (b *Bundler) Bundle(cert *x509.Certificate, key x509utils.PrivateKey) ( *tls.Certificate, error)
Bundle bundles a key and a certificate into a *tls.Certificate
type CertPool ¶
type CertPool struct {
// contains filtered or unexported fields
}
CertPool represents a collection of CA Certificates
func SystemCertPool ¶
SystemCertPool returns a Pool populated with the system's valid CA certificates
func (*CertPool) AddCert ¶
func (s *CertPool) AddCert(cert *x509.Certificate) bool
AddCert adds parsed CA certificates to the CertPool
func (*CertPool) AppendCertsFromPEM ¶
AppendCertsFromPEM adds certificates to the Pool from a PEM encoded blob, and returns true if a new Certificate was effectivelt added
func (*CertPool) Bundle ¶
func (pool *CertPool) Bundle(cert *x509.Certificate, key x509utils.PrivateKey, roots x509utils.CertPooler) (*tls.Certificate, error)
Bundle verifies a leaf x509.Certificate and return a tls.Certificate
func (*CertPool) Certs ¶
func (s *CertPool) Certs() []*x509.Certificate
Certs returns an array of all certificates in the CertPool
func (*CertPool) Clone ¶
func (s *CertPool) Clone() x509utils.CertPooler
Clone creates a copy of the CertPool
func (*CertPool) DeleteCert ¶
DeleteCert removes a given certificate
func (*CertPool) Equal ¶
func (s *CertPool) Equal(x x509utils.CertPooler) bool
Equal checks if another CertPooler is equal to this one
func (*CertPool) Export ¶
Export produces a standard *x509.CertPool containing the same CA certificates
func (*CertPool) Minus ¶
func (s *CertPool) Minus(x x509utils.CertPooler) x509utils.CertPooler
Minus produces a new CertPool without any certificate on the given Pool
func (*CertPool) Plus ¶
func (s *CertPool) Plus(x x509utils.CertPooler) x509utils.CertPooler
Plus produces a new CertPool with all certificate on the given Pool
type Hash ¶
Hash is a blake3.Sum256 representation of a DER encoded certificate
func HashCert ¶
func HashCert(cert *x509.Certificate) Hash
HashCert produces a blake3 unkeyed digest of the DER representation of a Certificate
type PoolBuffer ¶
type PoolBuffer struct {
// contains filtered or unexported fields
}
PoolBuffer is a CertPool in the making
func (*PoolBuffer) Add ¶
func (pb *PoolBuffer) Add(data ...string) error
Add loads private keys and certificates from PEM files, directories, and direct text
func (*PoolBuffer) AddCert ¶
func (pb *PoolBuffer) AddCert(fn string, cert *x509.Certificate) error
AddCert adds a Certificate to the PoolBuffer
func (*PoolBuffer) AddKey ¶
func (pb *PoolBuffer) AddKey(fn string, pk x509utils.PrivateKey) error
AddKey adds a PrivateKey to the PoolBuffer
func (*PoolBuffer) Bundle ¶
func (pb *PoolBuffer) Bundle(cert *x509.Certificate, key x509utils.PrivateKey, roots x509utils.CertPooler) (*tls.Certificate, error)
Bundle verifies a leaf x509.Certificate and return a tls.Certificate
func (*PoolBuffer) Certificates ¶
func (pb *PoolBuffer) Certificates(base x509utils.CertPooler) ([]*tls.Certificate, error)
Certificates exports all the Certificates it contains bundled considering a given base
func (*PoolBuffer) CopyPool ¶ added in v0.5.6
func (pb *PoolBuffer) CopyPool(out *CertPool) *CertPool
CopyPool copies the CA certificates into the given CertPool
func (*PoolBuffer) Count ¶
func (pb *PoolBuffer) Count() int
Count returns how many certificates are in the buffer
func (*PoolBuffer) Export ¶
func (pb *PoolBuffer) Export() *x509.CertPool
Export returns a new x509.CertPool with the CA certificates
func (*PoolBuffer) Keys ¶ added in v0.5.2
func (pb *PoolBuffer) Keys() []x509utils.PrivateKey
Keys returns an array of all stored Private Keys
func (*PoolBuffer) NewBundler ¶
func (pb *PoolBuffer) NewBundler(roots x509utils.CertPooler) (*Bundler, error)
NewBundler creates a Bundler using the known CAs and provided roots. If no base is given, system certs will be used instead.
func (*PoolBuffer) Pool ¶
func (pb *PoolBuffer) Pool() *CertPool
Pool returns a new CertPool with the CA certificates
func (*PoolBuffer) Reset ¶
func (pb *PoolBuffer) Reset()
Reset makes the PoolBuffer go back to its initial state, empty
func (*PoolBuffer) SetLogger ¶
func (pb *PoolBuffer) SetLogger(logger slog.Logger)
SetLogger binds a slog.Logger to the buffer
Source Files