README
¶
certs
X.509 certificate generation and management code.
Documentation
¶
Index ¶
- Constants
- Variables
- func GenerateCertificateAuthority(caType string, commonName string) (*x509.Certificate, *ecdsa.PrivateKey)
- func GenerateECCCertificate(caType string, commonName string, isCA bool, isClient bool) ([]byte, []byte)
- func GenerateRSACertificate(caType string, commonName string, isCA bool, isClient bool) ([]byte, []byte)
- func GenerateWGKeys(isPeer bool, wgPeerTunIP string) (string, string, error)
- func GetACMEDir() string
- func GetACMEManager(domain string) *autocert.Manager
- func GetCertificate(caType string, keyType string, commonName string) ([]byte, []byte, error)
- func GetCertificateAuthority(caType string) (*x509.Certificate, *ecdsa.PrivateKey, error)
- func GetCertificateAuthorityPEM(caType string) ([]byte, []byte, error)
- func GetECCCertificate(caType string, commonName string) ([]byte, []byte, error)
- func GetRSACertificate(caType string, commonName string) ([]byte, []byte, error)
- func GetWGPeers() (map[string]string, error)
- func GetWGServerKeys() (string, string, error)
- func HTTPSGenerateRSACertificate(host string) ([]byte, []byte, error)
- func ImplantGenerateWGKeys(wgPeerTunIP string) (string, string, error)
- func MtlsC2ImplantGenerateECCCertificate(name string) ([]byte, []byte, error)
- func MtlsC2ServerGenerateECCCertificate(host string) ([]byte, []byte, error)
- func OperatorClientGenerateCertificate(operator string) ([]byte, []byte, error)
- func OperatorClientGetCertificate(operator string) ([]byte, []byte, error)
- func OperatorClientListCertificates() []*x509.Certificate
- func OperatorClientRemoveCertificate(operator string) error
- func OperatorServerGenerateCertificate(hostname string) ([]byte, []byte, error)
- func OperatorServerGetCertificate(hostname string) ([]byte, []byte, error)
- func RemoveCertificate(caType string, keyType string, commonName string) error
- func SaveCertificateAuthority(caType string, cert []byte, key []byte)
- func SetupCAs()
- func SetupWGKeys()
Constants ¶
const ( // RSAKeySize - Default size of RSA keys in bits RSAKeySize = 2048 // This is plenty 4096 is overkill // ECCKey - Namespace for ECC keys ECCKey = "ecc" // RSAKey - Namespace for RSA keys RSAKey = "rsa" )
const ( // MtlsImplantCA - Directory containing HTTPS server certificates MtlsImplantCA = "mtls-implant" MtlsServerCA = "mtls-server" )
const (
// ACMEDirName - Name of dir to store ACME certs
ACMEDirName = "acme"
)
const (
// HTTPSCA - Directory containing operator certificates
HTTPSCA = "https"
)
const (
// OperatorCA - Directory containing operator certificates
OperatorCA = "operator"
)
Variables ¶
var ( ErrWGPeerDoesNotExist = errors.New("wg peer does not exist") ErrWGServerKeysDoNotExist = errors.New("wg server keys do not exist") )
var ( // ErrCertDoesNotExist - Returned if a GetCertificate() is called for a cert/cn that does not exist ErrCertDoesNotExist = errors.New("Certificate does not exist") )
Functions ¶
func GenerateCertificateAuthority ¶
func GenerateCertificateAuthority(caType string, commonName string) (*x509.Certificate, *ecdsa.PrivateKey)
GenerateCertificateAuthority - Creates a new CA cert for a given type
func GenerateECCCertificate ¶
func GenerateECCCertificate(caType string, commonName string, isCA bool, isClient bool) ([]byte, []byte)
GenerateECCCertificate - Generate a TLS certificate with the given parameters We choose some reasonable defaults like Curve, Key Size, ValidFor, etc. Returns two strings `cert` and `key` (PEM Encoded).
func GenerateRSACertificate ¶
func GenerateRSACertificate(caType string, commonName string, isCA bool, isClient bool) ([]byte, []byte)
GenerateRSACertificate - Generates a 2048 bit RSA Certificate
func GenerateWGKeys ¶ added in v1.4.9
GenerateWGKeys - Generates and saves new wg keys
func GetACMEManager ¶
GetACMEManager - Get an ACME cert/tls config with the certs
func GetCertificate ¶
GetCertificate - Get the PEM encoded certificate & key for a host
func GetCertificateAuthority ¶
func GetCertificateAuthority(caType string) (*x509.Certificate, *ecdsa.PrivateKey, error)
GetCertificateAuthority - Get the current CA certificate
func GetCertificateAuthorityPEM ¶
GetCertificateAuthorityPEM - Get PEM encoded CA cert/key
func GetECCCertificate ¶
GetECCCertificate - Get an ECC certificate
func GetRSACertificate ¶
GetRSACertificate - Get an RSA certificate
func GetWGPeers ¶ added in v1.4.9
GetWGSPeers - Get a map of Pubkey:TunIP for existing wg peers
func GetWGServerKeys ¶ added in v1.4.9
GetWGServerKeys - Get existing wg server keys
func HTTPSGenerateRSACertificate ¶
HTTPSGenerateRSACertificate - Generate a server certificate signed with a given CA
func ImplantGenerateWGKeys ¶ added in v1.4.9
ImplantGenerateWGKeys - Generate WG keys for implant
func MtlsC2ImplantGenerateECCCertificate ¶ added in v1.5.0
MtlsC2ImplantGenerateECCCertificate - Generate a server certificate signed with a given CA
func MtlsC2ServerGenerateECCCertificate ¶ added in v1.5.0
MtlsC2ServerGenerateECCCertificate - Generate a server certificate signed with a given CA
func OperatorClientGenerateCertificate ¶
OperatorClientGenerateCertificate - Generate a certificate signed with a given CA
func OperatorClientGetCertificate ¶
OperatorClientGetCertificate - Helper function to fetch a client cert
func OperatorClientListCertificates ¶
func OperatorClientListCertificates() []*x509.Certificate
OperatorClientListCertificates - Get all client certificates
func OperatorClientRemoveCertificate ¶
OperatorClientRemoveCertificate - Helper function to remove a client cert
func OperatorServerGenerateCertificate ¶
OperatorServerGenerateCertificate - Generate a certificate signed with a given CA
func OperatorServerGetCertificate ¶
OperatorServerGetCertificate - Helper function to fetch a server cert
func RemoveCertificate ¶
RemoveCertificate - Remove a certificate from the cert store
func SaveCertificateAuthority ¶
SaveCertificateAuthority - Save the certificate and the key to the filesystem doesn't return an error because errors are fatal. If we can't generate CAs, then we can't secure communication and we should die a horrible death.
Types ¶
This section is empty.
Source Files