tinyca

Documentation

Overview

Package tinyca implements a Certificate Authority that issues certificates for client authentication.

Index

• type CA
  • func New(cert *bifrost.Certificate, key *ecdsa.PrivateKey, dur time.Duration) (*CA, error)
  • func (ca CA) IssueCertificate(asn1Data []byte, keyUsage x509.KeyUsage, extKeyUsage []x509.ExtKeyUsage) ([]byte, error)
  • func (ca CA) ServeHTTP(w http.ResponseWriter, r *http.Request)

Types

type CA

type CA struct {
	// contains filtered or unexported fields
}

CA is a simple Certificate Authority. The only supported operation is to issue client certificates. Client certificates are signed by the configured root certificate and private key.

func New

func New(cert *bifrost.Certificate, key *ecdsa.PrivateKey, dur time.Duration) (*CA, error)

New returns a new CA. The CA issues certificates for the given namespace.

func (CA) IssueCertificate

func (ca CA) IssueCertificate(
	asn1Data []byte,
	keyUsage x509.KeyUsage,
	extKeyUsage []x509.ExtKeyUsage,
) ([]byte, error)

IssueCertificate issues a client certificate for a certificate request. The certificate is issued with the Subject Common Name set to the UUID of the client public key and the Subject Organization set to the identity namespace UUID.

func (CA) ServeHTTP

func (ca CA) ServeHTTP(w http.ResponseWriter, r *http.Request)

ServeHTTP issues a certificate if a valid certificate request is read from the request.

Requests carrying a content-type of "text/plain" should have a PEM encoded certificate request. Requests carrying a content-type of "application/octet-stream" should submit the ASN.1 DER encoded form instead.