Documentation ¶
Overview ¶
Package tinyca implements a Certificate Authority that issues certificates for client authentication.
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type CA ¶
type CA struct {
// contains filtered or unexported fields
}
CA is a simple Certificate Authority. The only supported operation is to issue client certificates. Client certificates are signed by the configured root certificate and private key.
func New ¶
func New(cert *bifrost.Certificate, key *ecdsa.PrivateKey, dur time.Duration) (*CA, error)
New returns a new CA. The CA issues certificates for the given namespace.
func (CA) IssueCertificate ¶
func (ca CA) IssueCertificate( asn1Data []byte, keyUsage x509.KeyUsage, extKeyUsage []x509.ExtKeyUsage, ) ([]byte, error)
IssueCertificate issues a client certificate for a certificate request. The certificate is issued with the Subject Common Name set to the UUID of the client public key and the Subject Organization set to the identity namespace UUID.
func (CA) ServeHTTP ¶
func (ca CA) ServeHTTP(w http.ResponseWriter, r *http.Request)
ServeHTTP issues a certificate if a valid certificate request is read from the request.
Requests carrying a content-type of "text/plain" should have a PEM encoded certificate request. Requests carrying a content-type of "application/octet-stream" should submit the ASN.1 DER encoded form instead.