config

Documentation

Overview

Package config contains the configuration logic for CF-SSL.

Index

• Variables
• type Config
  • func LoadFile(path string) *Config
  • func (c *Config) Valid() bool
• type Signing
  • func (s *Signing) Valid() bool
• type SigningProfile
  • func DefaultConfig() *SigningProfile
  • func (p *SigningProfile) Usages() (ku x509.KeyUsage, eku []x509.ExtKeyUsage, unk []string)

Variables

var ExtKeyUsage = map[string]x509.ExtKeyUsage{
	"any":              x509.ExtKeyUsageAny,
	"server auth":      x509.ExtKeyUsageServerAuth,
	"client auth":      x509.ExtKeyUsageClientAuth,
	"code signing":     x509.ExtKeyUsageCodeSigning,
	"email protection": x509.ExtKeyUsageEmailProtection,
	"s/mime":           x509.ExtKeyUsageEmailProtection,
	"ipsec end system": x509.ExtKeyUsageIPSECEndSystem,
	"ipsec tunnel":     x509.ExtKeyUsageIPSECTunnel,
	"ipsec user":       x509.ExtKeyUsageIPSECUser,
	"timestamping":     x509.ExtKeyUsageTimeStamping,
	"ocsp signing":     x509.ExtKeyUsageOCSPSigning,
	"microsoft sgc":    x509.ExtKeyUsageMicrosoftServerGatedCrypto,
	"netscape sgc":     x509.ExtKeyUsageNetscapeServerGatedCrypto,
}

ExtKeyUsage contains a mapping of string names to extended key usages.

var KeyUsage = map[string]x509.KeyUsage{
	"signing":             x509.KeyUsageDigitalSignature,
	"digital signature":   x509.KeyUsageDigitalSignature,
	"content committment": x509.KeyUsageContentCommitment,
	"key encipherment":    x509.KeyUsageKeyEncipherment,
	"data encipherment":   x509.KeyUsageDataEncipherment,
	"cert sign":           x509.KeyUsageCertSign,
	"crl sign":            x509.KeyUsageCRLSign,
	"encipher only":       x509.KeyUsageEncipherOnly,
	"decipher only":       x509.KeyUsageDecipherOnly,
}

KeyUsage contains a mapping of string names to key usages.

Types

type Config

type Config struct {
	Signing *Signing `json:"signing"`
}

Config stores configuration information for the CA.

func LoadFile

func LoadFile(path string) *Config

LoadFile attempts to load the configuration file stored at the path and returns the configuration. On error, it returns nil.

func (*Config) Valid

func (c *Config) Valid() bool

Valid ensures that Config is a valid configuration. It should be called immediately after parsing a configuration file.

type Signing

type Signing struct {
	Profiles map[string]*SigningProfile `json:"profiles"`
	Default  *SigningProfile            `json:"default"`
}

Signing codifies the signature configuration policy for a CA.

func (*Signing) Valid

func (s *Signing) Valid() bool

Signing specifically validates the signature policies.

type SigningProfile

type SigningProfile struct {
	Usage        []string `json:"usages"`
	IssuerURL    []string `json:"issuer_urls"`
	OCSP         string   `json:"ocsp_url"`
	CRL          string   `json:"crl_url"`
	ExpiryString string   `json:"expiry"`
	CA           bool     `json:"is_ca"`
	Expiry       time.Duration
}

A SigningProfile stores information that the CA needs to store signature policy.

func DefaultConfig

func DefaultConfig() *SigningProfile

DefaultConfig returns a default configuration specifying basic key usage and a 1 year expiration time. The key usages chosen are signing, key encipherment, client auth and server auth.

func (*SigningProfile) Usages

func (p *SigningProfile) Usages() (ku x509.KeyUsage, eku []x509.ExtKeyUsage, unk []string)

Usages parses the list of key uses in the profile, translating them to a list of X.509 key usages and extended key usages. The unknown uses are collected into a slice that is also returned.