Documentation
¶
Overview ¶
Package certs contains logic for interacting with self-signed certificates and ensuring they are trusted by the operating system in use.
Index ¶
Constants ¶
This section is empty.
Variables ¶
var ErrNotFound = errors.New("certificate not found")
ErrNotFound is returned when a certificate is not found.
Functions ¶
func Add ¶
func Add(c Certificate, privKeyPem []byte) error
Add adds a certificate to the store. If a private key is provided, it will be used stored alongside the certificate and returned by Get in future calls.
Types ¶
type Archive ¶
type Archive struct {
// contains filtered or unexported fields
}
Archive is an archive of certificates. An archive is currently only used for storing CA (certificate authority) certificates. These are special certificates with the CA flag set to true.
An archive can be exported to a file and imported from a file. When an archive is exported, it is a gzip compressed tar archive containing all certificates in the archive in a flat structure based on the certificate's DevenvName.
func NewArchive ¶
func NewArchive() *Archive
NewArchive creates a new archive suitable for storing certificates.
func (*Archive) Export ¶
Export exports the archive to a file. If the provided file path exists, it will be overwritten. Output file is a gzip compressed tar archive containing all certificates in the archive.
func (*Archive) List ¶
func (a *Archive) List() []Certificate
List lists all certificates in the archive.
type CertMetadata ¶
type CertMetadata struct {
// MacOSSHAHash is a SHA hash of the certificate data as reported by
// the macOS keychain.
MacOSSHAHash string
}
CertMetadata is OS specific metadata about a certificate.
Only populated by List().
type Certificate ¶
type Certificate struct {
// DevenvName is the name of the devenv that this certificate is
// associated with.
DevenvName string
// Email is the email of the user that this certificate is associated
// with as well as the creator of the devenv.
Email string
// Data is the PEM encoded certificate data for this certificate.
Data []byte
// contains filtered or unexported fields
}
Certificate is a certificate in the root certificate store.
func Generate ¶
func Generate(opts GenerateOptions) (Certificate, []byte, error)
Generate generates a new self-signed certificate for the provided devenv name and email address. The private key is retrievable through Get.
func Get ¶
func Get(devenvName string) (Certificate, []byte, error)
Get returns the certificate for a given devenv.
func UnmarshalCertificate ¶
func UnmarshalCertificate(data []byte) (c Certificate, rest []byte, err error)
UnmarshalCertificate unmarshals a certificate from PEM encoded data. The rest of the data is returned as the second return value.
If no certificate is found, the error ErrNotFound is returned.
type GenerateOptions ¶
type GenerateOptions struct {
// DevenvName is the name of the devenv that this certificate is
// associated with.
DevenvName string
// Email is the email of the user that this certificate is associated
// with as well as the creator of the devenv.
Email string
// Days is the number of days that the certificate should be valid
// for.
//
// Defaults to 3650 (10 years) when not provided or set to 0.
Days int
// contains filtered or unexported fields
}
GenerateOptions are options for generating a new self-signed certificate.
type NSSDB ¶
type NSSDB struct {
// contains filtered or unexported fields
}
NSSDB is a Mozilla Network Security Services DB that contains CA certificates.
Note: Only to the certs8 and certs9 databases are supported. Other shared NSS databases such as key*.db are not supported.
func MustNewDefaultNSSDB ¶
func MustNewDefaultNSSDB() *NSSDB
MustNewDefaultNSSDB creates a new NSSDB instance with the default DB paths. This panics if an error occurs.
func NewDefaultNSSDB ¶
NewDefaultNSSDB creates a new NSSDB instance with the default DB paths.
func (*NSSDB) Add ¶
func (n *NSSDB) Add(c Certificate) error
Add adds a certificate to the NSSDB. This returns an error only if the certificate was unable to be added. If it already exists, it will return nil.
func (*NSSDB) Delete ¶
func (n *NSSDB) Delete(c Certificate) error
Delete deletes a certificate from the NSSDB. This returns an error only if the certificate was unable to be deleted. If it does not exist, it will return nil.
type Store ¶
type Store interface {
// List lists all certificates in the store.
List() ([]Certificate, error)
// Delete deletes a certificate from the store.
// Should not return an error if the certificate does not exist.
Delete(devenvName string) error
// Add adds a certificate to the store. If a private key is
// provided, it will be used stored alongside the certificate
// and returned by Get in future calls.
Add(c Certificate, privKeyPem []byte) error
// Generate generates a new self-signed certificate for the
// provided devenv name and email address. The private key
// is retrievable through Get.
Generate(opts GenerateOptions) (Certificate, []byte, error)
// Get returns the certificate for a given devenv.
Get(devenvName string) (Certificate, []byte, error)
}
Store implements a certificate storage interface for interacting with a host operating system's certificate store.
Source Files