store

package
v1.1.2 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Mar 17, 2021 License: Apache-2.0 Imports: 15 Imported by: 0

Documentation

Overview

Package store provides different methods to store a Public Key Infrastructure.

Index

Constants

View Source
const (
	LocalCertsDir = "certs"
	LocalKeysDir  = "keys"
	LocalCrlsDir  = "crls"
)

Predifined directory names.

Variables

View Source
var (
	ErrDoesNotExist = errors.New("does not exist")
)

Errors.

Functions

func InitCADir

func InitCADir(path string) error

InitCADir creates the basic structure of a CA subdirectory.

|- crlnumber
|- index.txt
|- index.txt.attr
|- serial
|- certs/
  |- ca.crt
  |- name.crt
|- keys/
  |- ca.key
  |- name.key

Types

type Bolt added in v1.1.0

type Bolt struct {
	DB *bolt.DB
}

Bolt lets us store a Certificate Authority in a Bolt DB.

Certificate bundles are stored per CA bucket, and each of them has a keys bucket and a certs buckets.

func (*Bolt) Add added in v1.1.0

func (b *Bolt) Add(caName, name string, isCa bool, key, cert []byte) error

Add adds the given bundle to the database.

func (*Bolt) Fetch added in v1.1.0

func (b *Bolt) Fetch(caName, name string) ([]byte, []byte, error)

Fetch fetchs the private key and certificate for a given name signed by caName.

func (*Bolt) Revoked added in v1.1.0

func (b *Bolt) Revoked(caName string) ([]pkix.RevokedCertificate, error)

Revoked returns a list of revoked certificates.

func (*Bolt) Update added in v1.1.0

func (b *Bolt) Update(caName string, sn *big.Int, st certificate.State) error

Update updates the state of a given certificate in the index.txt.

type InMemory added in v1.1.1

type InMemory struct {
	CAs map[string]map[string][][]byte
}

func (*InMemory) Add added in v1.1.1

func (l *InMemory) Add(caName, name string, isCa bool, key, cert []byte) error

Add adds the given bundle to the in-memory store

func (*InMemory) Exists added in v1.1.1

func (l *InMemory) Exists(caName, name string) bool

func (*InMemory) Fetch added in v1.1.1

func (l *InMemory) Fetch(caName, name string) ([]byte, []byte, error)

Fetch fetchs the private key and certificate for a given name signed by caName.

func (*InMemory) Revoked added in v1.1.1

func (l *InMemory) Revoked(caName string) ([]pkix.RevokedCertificate, error)

not implemented

func (*InMemory) Update added in v1.1.1

func (l *InMemory) Update(caName string, sn *big.Int, st certificate.State) error

not implemented

type Local

type Local struct {
	Root string
}

Local lets us store a Certificate Authority on the local filesystem.

The structure used makes it compatible with openssl.

func (*Local) Add

func (l *Local) Add(caName, name string, isCa bool, key, cert []byte) error

Add adds the given bundle to the local filesystem.

func (*Local) Exists

func (l *Local) Exists(caName, name string) bool

Exists checks if a certificate or private key already exist on the local filesystem for a given name.

func (*Local) Fetch

func (l *Local) Fetch(caName, name string) ([]byte, []byte, error)

Fetch fetchs the private key and certificate for a given name signed by caName.

func (*Local) Revoked

func (l *Local) Revoked(caName string) ([]pkix.RevokedCertificate, error)

Revoked returns a list of revoked certificates.

func (*Local) Update

func (l *Local) Update(caName string, sn *big.Int, st certificate.State) error

Update updates the state of a given certificate in the index.txt.

type Store

type Store interface {
	// Add adds a newly signed certificate bundle to the store.
	//
	// Args:
	//  The CA name, if the certificate was signed with an intermediate CA.
	//  The certificate bundle name.
	//  Is the bundle to add an intermediate CA.
	//  The raw private key.
	//  The raw certificate.
	//
	// Returns an error if it failed to store the bundle.
	Add(string, string, bool, []byte, []byte) error

	// Fetch fetches a certificate bundle from the store.
	//
	// Args:
	//   The CA name, if the certificate was signed with an intermediate CA.
	//   The name of the certificate bundle.
	//
	// Returns the raw private key and certificate respectively or an error.
	Fetch(string, string) ([]byte, []byte, error)

	// Update updates the state of a certificate. (Valid, Revoked, Expired)
	//
	// Args:
	//   The CA name, if the certificate was signed with an intermediate CA.
	//   The serial of the certificate to update.
	//   The new state.
	//
	// Returns an error if the update failed.
	Update(string, *big.Int, certificate.State) error

	// Revoked returns a list of revoked certificates for a given CA.
	//
	// Args:
	//   The CA name, if it is for an intermediate CA.
	//
	// Returns a list of revoked certificate or an error.
	Revoked(string) ([]pkix.RevokedCertificate, error)
}

Store reprents a way to store a Certificate Authority.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL