Documentation ¶
Index ¶
- Constants
- func BytesWithError(bytes []byte, err error) ([]byte, error)
- func CommonNamesForCertPEM(certPEM []byte) ([]string, error)
- func ExtendEmptyPoolWithKeyPairCerts(keyPairs ...KeyPair) (*x509.CertPool, error)
- func ExtendSystemPoolWithKeyPairCerts(keyPairs ...KeyPair) (*x509.CertPool, error)
- func MustBytes(contents []byte, err error) []byte
- func NewClientConfig(clientCert KeyPair, certificateAuthorities []KeyPair) (*tls.Config, error)
- func ParseCertPEM(certPem []byte) (output []*x509.Certificate, err error)
- func ReadFiles(files ...string) (data [][]byte, err error)
- type CertBundle
- func (cb CertBundle) CertPool() (*x509.CertPool, error)
- func (cb CertBundle) CommonNames() ([]string, error)
- func (cb *CertBundle) KeyPair() (output KeyPair, err error)
- func (cb *CertBundle) MustKeyPair() KeyPair
- func (cb *CertBundle) WithParent(parent *CertBundle)
- func (cb CertBundle) WriteCertPem(w io.Writer) error
- func (cb CertBundle) WriteKeyPem(w io.Writer) error
- type CertManager
- func (cm *CertManager) AddClientCert(clientCert []byte) error
- func (cm *CertManager) ClientCertUIDs() (output []string)
- func (cm *CertManager) GetConfigForClient(sni *tls.ClientHelloInfo) (config *tls.Config, _ error)
- func (cm *CertManager) HasClientCert(uid string) (has bool)
- func (cm *CertManager) RemoveClientCert(uid string) error
- func (cm *CertManager) UpdateClientCerts(clientCerts map[string][]byte) error
- func (cm *CertManager) WithClientCertPool(pool *x509.CertPool) *CertManager
- func (cm *CertManager) WithRootCAs(pool *x509.CertPool) *CertManager
- func (cm *CertManager) WithServerCertificates(certs ...tls.Certificate) *CertManager
- type KeyPair
Constants ¶
const ( BlockTypeCertificate = "CERTIFICATE" BlockTypeRSAPrivateKey = "RSA PRIVATE KEY" )
BlockTypes
const (
ErrInvalidCertPEM exception.Class = "failed to add cert to pool as pem"
)
Errors
Variables ¶
This section is empty.
Functions ¶
func BytesWithError ¶
BytesWithError returns a bytes error response with the error as an exception.
func CommonNamesForCertPEM ¶
CommonNamesForCertPEM returns the common names from a cert pair.
func ExtendEmptyPoolWithKeyPairCerts ¶
ExtendEmptyPoolWithKeyPairCerts extends an empty pool with a given set of certs.
func ExtendSystemPoolWithKeyPairCerts ¶
ExtendSystemPoolWithKeyPairCerts extends the system ca pool with a given list of ca cert key pairs.
func NewClientConfig ¶
NewClientConfig returns a new client config.
func ParseCertPEM ¶
func ParseCertPEM(certPem []byte) (output []*x509.Certificate, err error)
ParseCertPEM parses the cert portion of a cert pair.
Types ¶
type CertBundle ¶
type CertBundle struct { PrivateKey *rsa.PrivateKey PublicKey *rsa.PublicKey Certificates []x509.Certificate CertificateDERs [][]byte }
CertBundle is the packet of information for a certificate.
func CreateClient ¶
func CreateClient(commonName string, ca *CertBundle) (output CertBundle, err error)
CreateClient creates a client cert bundle associated with a given common name.
func CreateServer ¶
func CreateServer(commonName string, ca *CertBundle, alternateNames ...string) (output CertBundle, err error)
CreateServer creates a ca cert bundle.
func NewCertBundle ¶
func NewCertBundle(keyPair KeyPair) (*CertBundle, error)
NewCertBundle returns a new cert bundle from bytes.
func (CertBundle) CertPool ¶
func (cb CertBundle) CertPool() (*x509.CertPool, error)
CertPool returns the bundle as a cert pool.
func (CertBundle) CommonNames ¶
func (cb CertBundle) CommonNames() ([]string, error)
CommonNames returns the cert bundle common name(s).
func (*CertBundle) KeyPair ¶
func (cb *CertBundle) KeyPair() (output KeyPair, err error)
KeyPair returns a serialized key pair for the cert bundle.
func (*CertBundle) MustKeyPair ¶
func (cb *CertBundle) MustKeyPair() KeyPair
MustKeyPair returns a serialized version of the bundle as a key pair and panics if there is an error.
func (*CertBundle) WithParent ¶
func (cb *CertBundle) WithParent(parent *CertBundle)
WithParent adds a parent certificate to the chain.
func (CertBundle) WriteCertPem ¶
func (cb CertBundle) WriteCertPem(w io.Writer) error
WriteCertPem writes the public key portion of the cert to a given writer.
func (CertBundle) WriteKeyPem ¶
func (cb CertBundle) WriteKeyPem(w io.Writer) error
WriteKeyPem writes the certificate key as a pem.
type CertManager ¶
CertManager is a pool of client certs.
func NewCertManagerWithKeyPairs ¶
func NewCertManagerWithKeyPairs(server KeyPair, cas []KeyPair, clientPairs ...KeyPair) (*CertManager, error)
NewCertManagerWithKeyPairs returns a new cert pool from key pairs.
func (*CertManager) AddClientCert ¶
func (cm *CertManager) AddClientCert(clientCert []byte) error
AddClientCert adds a client cert to the bunde and refreshes the bundle.
func (*CertManager) ClientCertUIDs ¶
func (cm *CertManager) ClientCertUIDs() (output []string)
ClientCertUIDs returns all the client cert uids.
func (*CertManager) GetConfigForClient ¶
func (cm *CertManager) GetConfigForClient(sni *tls.ClientHelloInfo) (config *tls.Config, _ error)
GetConfigForClient gets a tls config for a given client hello.
func (*CertManager) HasClientCert ¶
func (cm *CertManager) HasClientCert(uid string) (has bool)
HasClientCert returns if the manager has a client cert.
func (*CertManager) RemoveClientCert ¶
func (cm *CertManager) RemoveClientCert(uid string) error
RemoveClientCert removes a client cert by uid.
func (*CertManager) UpdateClientCerts ¶
func (cm *CertManager) UpdateClientCerts(clientCerts map[string][]byte) error
UpdateClientCerts sets the client cert bundle fully.
func (*CertManager) WithClientCertPool ¶
func (cm *CertManager) WithClientCertPool(pool *x509.CertPool) *CertManager
WithClientCertPool sets the client ca pool.
func (*CertManager) WithRootCAs ¶
func (cm *CertManager) WithRootCAs(pool *x509.CertPool) *CertManager
WithRootCAs sets the root ca pool.
func (*CertManager) WithServerCertificates ¶
func (cm *CertManager) WithServerCertificates(certs ...tls.Certificate) *CertManager
WithServerCertificates sets the server certificates.
type KeyPair ¶
type KeyPair struct { Cert string `json:"cert,omitempty" yaml:"cert,omitempty"` CertPath string `json:"certPath,omitempty" yaml:"certPath,omitempty"` Key string `json:"key,omitempty" yaml:"key,omitempty"` KeyPath string `json:"keyPath,omitempty" yaml:"keyPath,omitempty"` }
KeyPair is an x509 pem key pair as strings.