Documentation
¶
Index ¶
Constants ¶
View Source
const DefaultIssuerBitSize = 1024
DefaultIssuerBitSize defines default bit size for issued certs.
View Source
const DefaultIssuerRootBitSize = 2048
DefaultIssuerRootBitSize defines default bit size for a self-signed root cert.
Variables ¶
View Source
var ( // DefaultIssuerRootTmpl is the default template for self-signed root CA certificate. DefaultIssuerRootTmpl = x509.Certificate{ SerialNumber: big.NewInt(1), Issuer: pkix.Name{ CommonName: "issuer.example.org", Organization: []string{"Multiproxy Issuer Org"}, }, Subject: pkix.Name{ CommonName: "root.example.org", Organization: []string{"Multiproxy Root Org"}, }, NotBefore: time.Now(), NotAfter: time.Now().Add(time.Hour * 24 * 365 * 2), IsCA: true, BasicConstraintsValid: true, OCSPServer: []string{"ocsp.example.org"}, DNSNames: []string{"root.example.org"}, SignatureAlgorithm: x509.SHA1WithRSA, KeyUsage: x509.KeyUsageCertSign, } // DefaultIssuerTmpl is the default template for issued certificates. DefaultIssuerTmpl = x509.Certificate{ SerialNumber: big.NewInt(1), Subject: pkix.Name{ Country: []string{"AQ"}, Organization: []string{"Multiproxy"}, }, KeyUsage: x509.KeyUsageDigitalSignature, ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth}, } )
Functions ¶
This section is empty.
Types ¶
type Issuer ¶
type Issuer interface {
Issue(cn string, dnsnames []string, ipaddresses []net.IP) (*tls.Certificate, error)
}
Issuer defines interface for on-flight certificate generator
type SelfSignedCA ¶
type SelfSignedCA struct { // Cert is a cert chain used to sign newly issued certs. The cert's primary usage must be x509.KeyUsageCertSign // // If nil, a self-signed cert will be generated. Cert *tls.Certificate // BitSize defines bit size for issued certificate keys generation. // // If 0, DefaultIssuerBitSize will be used. BitSize int // RootBitSize defines bit size for self-signed root certificate key generation. // // If 0, DefaultIssuerRootBitSize will be used. RootBitSize int // Tmpl is a template for issued certificates. // // If nil, DefaultIssuerTmpl will be used. Tmpl *x509.Certificate // RootTmpl is a template for self-signed root certificate. // // If nil, DefaultIssuerRootTmpl will be used. RootTmpl *x509.Certificate // Rand is a source of randomness for generated certs. // // If nil, crypto/rand.Reader will be used. Rand io.Reader // contains filtered or unexported fields }
SelfSignedCA defines an Issuer. Zero value is a valid instance.
func (*SelfSignedCA) Issue ¶
func (ca *SelfSignedCA) Issue(cn string, dnsnames []string, ipaddresses []net.IP) (*tls.Certificate, error)
Issue implements Issuer interface
Click to show internal directories.
Click to hide internal directories.