caddypki

Documentation

Index

• type CA
  • func (ca CA) ID() string
  • func (ca CA) IntermediateCertificate() *x509.Certificate
  • func (ca CA) IntermediateKey() interface{}
  • func (ca *CA) Provision(ctx caddy.Context, id string, log *zap.Logger) error
  • func (ca CA) RootCertificate() *x509.Certificate
  • func (ca CA) RootKey() (interface{}, error)
• type KeyPair
  • func (kp KeyPair) Load() (*x509.Certificate, interface{}, error)
• type PKI
  • func (PKI) CaddyModule() caddy.ModuleInfo
  • func (p *PKI) Provision(ctx caddy.Context) error
  • func (p *PKI) Start() error
  • func (p *PKI) Stop() error

Types

type CA

type CA struct {
	// The user-facing name of the certificate authority.
	Name string `json:"name,omitempty"`

	// The name to put in the CommonName field of the
	// root certificate.
	RootCommonName string `json:"root_common_name,omitempty"`

	// The name to put in the CommonName field of the
	// intermediate certificates.
	IntermediateCommonName string `json:"intermediate_common_name,omitempty"`

	// Whether Caddy will attempt to install the CA's root
	// into the system trust store, as well as into Java
	// and Mozilla Firefox trust stores. Default: true.
	InstallTrust *bool `json:"install_trust,omitempty"`

	Root         *KeyPair `json:"root,omitempty"`
	Intermediate *KeyPair `json:"intermediate,omitempty"`

	// Optionally configure a separate storage module associated with this
	// issuer, instead of using Caddy's global/default-configured storage.
	// This can be useful if you want to keep your signing keys in a
	// separate location from your leaf certificates.
	StorageRaw json.RawMessage `json:"storage,omitempty" caddy:"namespace=caddy.storage inline_key=module"`
	// contains filtered or unexported fields
}

CA describes a certificate authority, which consists of root/signing certificates and various settings pertaining to the issuance of certificates and trusting them.

func (CA) ID

func (ca CA) ID() string

ID returns the CA's ID, as given by the user in the config.

func (CA) IntermediateCertificate

func (ca CA) IntermediateCertificate() *x509.Certificate

IntermediateCertificate returns the CA's intermediate certificate (public key).

func (CA) IntermediateKey

func (ca CA) IntermediateKey() interface{}

IntermediateKey returns the CA's intermediate private key.

func (*CA) Provision

func (ca *CA) Provision(ctx caddy.Context, id string, log *zap.Logger) error

Provision sets up the CA.

func (CA) RootCertificate

func (ca CA) RootCertificate() *x509.Certificate

RootCertificate returns the CA's root certificate (public key).

func (CA) RootKey

func (ca CA) RootKey() (interface{}, error)

RootKey returns the CA's root private key. Since the root key is not cached in memory long-term, it needs to be loaded from storage, which could yield an error.

type KeyPair

type KeyPair struct {
	Certificate string `json:"certificate,omitempty"`
	PrivateKey  string `json:"private_key,omitempty"`
	Format      string `json:"format,omitempty"`
}

KeyPair represents a public-private key pair, where the public key is also called a certificate.

func (KeyPair) Load

func (kp KeyPair) Load() (*x509.Certificate, interface{}, error)

Load loads the certificate and key.

type PKI

type PKI struct {
	// The CAs to manage. Each CA is keyed by an ID that is used
	// to uniquely identify it from other CAs. The default CA ID
	// is "local".
	CAs map[string]*CA `json:"certificate_authorities,omitempty"`
	// contains filtered or unexported fields
}

PKI provides Public Key Infrastructure facilities for Caddy.

func (PKI) CaddyModule

func (PKI) CaddyModule() caddy.ModuleInfo

CaddyModule returns the Caddy module information.

func (*PKI) Provision

func (p *PKI) Provision(ctx caddy.Context) error

Provision sets up the configuration for the PKI app.

func (*PKI) Start

func (p *PKI) Start() error

Start starts the PKI app.

func (*PKI) Stop

func (p *PKI) Stop() error

Stop stops the PKI app.