Documentation ¶
Index ¶
- Constants
- Variables
- func C2ServerGenerateECCCertificate(host string) ([]byte, []byte, error)
- func C2ServerGenerateRSACertificate(host string) ([]byte, []byte, error)
- func C2ServerGetRSACertificate(host string) ([]byte, []byte, error)
- func GenerateCertificateAuthority(caType string, commonName string) (*x509.Certificate, *ecdsa.PrivateKey)
- func GenerateECCCertificate(caType string, commonName string, isCA bool, isClient bool) ([]byte, []byte)
- func GenerateRSACertificate(caType string, commonName string, isCA bool, isClient bool) ([]byte, []byte)
- func GetACMEDir() string
- func GetACMEManager(domain string) *autocert.Manager
- func GetCertificate(caType string, keyType string, commonName string) ([]byte, []byte, error)
- func GetCertificateAuthority(caType string) (*x509.Certificate, *ecdsa.PrivateKey, error)
- func GetCertificateAuthorityPEM(caType string) ([]byte, []byte, error)
- func GetECCCertificate(caType string, commonName string) ([]byte, []byte, error)
- func GetRSACertificate(caType string, commonName string) ([]byte, []byte, error)
- func HTTPSGenerateRSACertificate(host string) ([]byte, []byte, error)
- func ImplantGenerateECCCertificate(sliverName string) ([]byte, []byte, error)
- func ImplantGenerateRSACertificate(sliverName string) ([]byte, []byte, error)
- func OperatorClientGenerateCertificate(operator string) ([]byte, []byte, error)
- func OperatorClientGetCertificate(operator string) ([]byte, []byte, error)
- func OperatorClientListCertificates() []*x509.Certificate
- func OperatorClientRemoveCertificate(operator string) error
- func OperatorServerGenerateCertificate(hostname string) ([]byte, []byte, error)
- func OperatorServerGetCertificate(hostname string) ([]byte, []byte, error)
- func RemoveCertificate(caType string, keyType string, commonName string) error
- func SaveCertificateAuthority(caType string, cert []byte, key []byte)
- func SetupCAs()
Constants ¶
const ( // RSAKeySize - Default size of RSA keys in bits RSAKeySize = 2048 // This is plenty 4096 is overkill // ECCKey - Namespace for ECC keys ECCKey = "ecc" // RSAKey - Namespace for RSA keys RSAKey = "rsa" )
const (
// ACMEDirName - Name of dir to store ACME certs
ACMEDirName = "acme"
)
const (
// C2ServerCA - Directory containing HTTPS server certificates
C2ServerCA = "c2-server"
)
const (
// HTTPSCA - Directory containing operator certificates
HTTPSCA = "https"
)
const (
// ImplantCA - Directory containing sliver certificates
ImplantCA = "sliver"
)
const (
// OperatorCA - Directory containing operator certificates
OperatorCA = "operator"
)
Variables ¶
var ( // ErrCertDoesNotExist - Returned if a GetCertificate() is called for a cert/cn that does not exist ErrCertDoesNotExist = errors.New("Certificate does not exist") )
Functions ¶
func C2ServerGenerateECCCertificate ¶
C2ServerGenerateECCCertificate - Generate a server certificate signed with a given CA
func C2ServerGenerateRSACertificate ¶
C2ServerGenerateRSACertificate - Generate a server certificate signed with a given CA
func C2ServerGetRSACertificate ¶
C2ServerGetRSACertificate - Get a server certificate based on hostname
func GenerateCertificateAuthority ¶
func GenerateCertificateAuthority(caType string, commonName string) (*x509.Certificate, *ecdsa.PrivateKey)
GenerateCertificateAuthority - Creates a new CA cert for a given type
func GenerateECCCertificate ¶
func GenerateECCCertificate(caType string, commonName string, isCA bool, isClient bool) ([]byte, []byte)
GenerateECCCertificate - Generate a TLS certificate with the given parameters We choose some reasonable defaults like Curve, Key Size, ValidFor, etc. Returns two strings `cert` and `key` (PEM Encoded).
func GenerateRSACertificate ¶
func GenerateRSACertificate(caType string, commonName string, isCA bool, isClient bool) ([]byte, []byte)
GenerateRSACertificate - Generates a 2048 bit RSA Certificate
func GetACMEManager ¶
GetACMEManager - Get an ACME cert/tls config with the certs
func GetCertificate ¶
GetCertificate - Get the PEM encoded certificate & key for a host
func GetCertificateAuthority ¶
func GetCertificateAuthority(caType string) (*x509.Certificate, *ecdsa.PrivateKey, error)
GetCertificateAuthority - Get the current CA certificate
func GetCertificateAuthorityPEM ¶
GetCertificateAuthorityPEM - Get PEM encoded CA cert/key
func GetECCCertificate ¶
GetECCCertificate - Get an ECC certificate
func GetRSACertificate ¶
GetRSACertificate - Get an RSA certificate
func HTTPSGenerateRSACertificate ¶
HTTPSGenerateRSACertificate - Generate a server certificate signed with a given CA
func ImplantGenerateECCCertificate ¶
ImplantGenerateECCCertificate - Generate a certificate signed with a given CA
func ImplantGenerateRSACertificate ¶
ImplantGenerateRSACertificate - Generate a certificate signed with a given CA
func OperatorClientGenerateCertificate ¶
OperatorClientGenerateCertificate - Generate a certificate signed with a given CA
func OperatorClientGetCertificate ¶
OperatorClientGetCertificate - Helper function to fetch a client cert
func OperatorClientListCertificates ¶
func OperatorClientListCertificates() []*x509.Certificate
OperatorClientListCertificates - Get all client certificates
func OperatorClientRemoveCertificate ¶
OperatorClientRemoveCertificate - Helper function to remove a client cert
func OperatorServerGenerateCertificate ¶
OperatorServerGenerateCertificate - Generate a certificate signed with a given CA
func OperatorServerGetCertificate ¶
OperatorServerGetCertificate - Helper function to fetch a server cert
func RemoveCertificate ¶
RemoveCertificate - Remove a certificate from the cert store
func SaveCertificateAuthority ¶
SaveCertificateAuthority - Save the certificate and the key to the filesystem doesn't return an error because errors are fatal. If we can't generate CAs, then we can't secure comms and we should die a horrible death.
Types ¶
This section is empty.