Documentation
¶
Overview ¶
Package tinyca implements a Certificate Authority that issues certificates for client authentication.
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type CA ¶
type CA struct {
// contains filtered or unexported fields
}
CA is a simple Certificate Authority. The only supported operation is to issue client certificates. Client certificates are signed by the configured root certificate and private key.
func New ¶
func New(crt *x509.Certificate, key *ecdsa.PrivateKey, dur time.Duration) (*CA, error)
New returns a new CA. The CA issues certificates for the given namespace.
func (CA) IssueCertificate ¶
func (ca CA) IssueCertificate(csr *x509.CertificateRequest) ([]byte, error)
IssueCertificate issues a client certificate for the given CSR. The client ID is the UUID of the client public key. The CSR Subject Common Name must be set to the client ID. The certificate is issued with the Subject Common Name set to the client ID and the Subject Organization set to the identity namespace.
func (CA) ServeHTTP ¶
func (ca CA) ServeHTTP(w http.ResponseWriter, r *http.Request)
ServeHTTP issues a certificate if a valid certificate request is read from the request.
Requests carrying a content-type of "text/plain" should have a PEM encoded certificate request. Requests carrying a content-type of "application/octet-stream" should submit the ASN.1 DER encoded form instead.
Source Files