csrprov

package

v0.8.0 Latest Latest Go to latest Published: Jun 24, 2021 License: Apache-2.0 Imports: 20 Imported by: 1

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/go-phorce/dolly

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
func MakeCAPolicy(req *CertificateRequest) (*config.Signing, error)
func NewLocalCASignerFromFile(c *cryptoprov.Crypto, caFile, caKeyFile string, policy *config.Signing) (*local.Signer, crypto.Signer, error)
func NewLocalCASignerFromPEM(c *cryptoprov.Crypto, ca, caKey []byte, policy *config.Signing) (*local.Signer, crypto.Signer, error)
func ParseCaFiles(caFile, caKeyFile string) (cakey []byte, parsedCa *x509.Certificate, err error)
func SigAlgo(algo string, size int) x509.SignatureAlgorithm
func ValidateCSR(req *CertificateRequest) error
type CAConfig
- func (c *CAConfig) ConvertToCFSSL() *csr.CAConfig
- func (c *CAConfig) CopyToCFSSL(d *csr.CAConfig)
type CertificateRequest
- func (cr *CertificateRequest) Name() pkix.Name
type KeyPurpose
type KeyRequest
- func NewKeyRequest(prov cryptoprov.Provider, label, algo string, keySize int, purpose KeyPurpose) KeyRequest
type Provider
- func New(provider cryptoprov.Provider) *Provider
type X509Name
- func (c *X509Name) ConvertToCFSSL() *csr.Name
- func (c *X509Name) CopyToCFSSL(d *csr.Name)

Constants ¶

View Source

const (
	// CurveP256 specifies curve P-256 for ESDCA
	CurveP256 = 256

	// CurveP384 specifies curve P-384 for ESDCA
	CurveP384 = 384

	// CurveP521 specifies curve P-521 for ESDCA
	CurveP521 = 521
)

Variables ¶

This section is empty.

Functions ¶

func MakeCAPolicy ¶

func MakeCAPolicy(req *CertificateRequest) (*config.Signing, error)

MakeCAPolicy make CA policy from the given certificate request

func NewLocalCASignerFromFile ¶

func NewLocalCASignerFromFile(c *cryptoprov.Crypto, caFile, caKeyFile string, policy *config.Signing) (*local.Signer, crypto.Signer, error)

NewLocalCASignerFromFile generates a new local signer from a caFile and a caKey file, both PEM encoded or caKey contains PKCS#11 Uri

func NewLocalCASignerFromPEM ¶

func NewLocalCASignerFromPEM(c *cryptoprov.Crypto, ca, caKey []byte, policy *config.Signing) (*local.Signer, crypto.Signer, error)

NewLocalCASignerFromPEM generates a new local signer from PEM encoded blocks, or caKey contains PKCS#11 Uri

func SigAlgo ¶

func SigAlgo(algo string, size int) x509.SignatureAlgorithm

SigAlgo returns signature algorithm for the given algorithm name and key size TODO: use oid pkg

func ValidateCSR ¶

func ValidateCSR(req *CertificateRequest) error

ValidateCSR contains the default validation logic for certificate authority certificates. The only requirement here is that the certificate have a non-empty subject field.

Types ¶

type CAConfig ¶

type CAConfig struct {
	PathLength  int    `json:"pathlen" yaml:"pathlen"`
	PathLenZero bool   `json:"pathlenzero" yaml:"pathlenzero"`
	Expiry      string `json:"expiry" yaml:"expiry"`
	Backdate    string `json:"backdate" yaml:"backdate"`
}

CAConfig is a section used in the requests initialising a new CA.

func (*CAConfig) ConvertToCFSSL ¶

func (c *CAConfig) ConvertToCFSSL() *csr.CAConfig

ConvertToCFSSL converts to CFSSL type

func (*CAConfig) CopyToCFSSL ¶

func (c *CAConfig) CopyToCFSSL(d *csr.CAConfig)

CopyToCFSSL copies to CFSSL type

type CertificateRequest ¶

type CertificateRequest struct {
	CN           string
	Names        []X509Name `json:"names" yaml:"names"`
	Hosts        []string   `json:"hosts" yaml:"hosts"`
	KeyRequest   KeyRequest `json:"key,omitempty" yaml:"key,omitempty"`
	CA           *CAConfig  `json:"ca,omitempty" yaml:"ca,omitempty"`
	SerialNumber string     `json:"serialnumber,omitempty" yaml:"serialnumber,omitempty"`
}

A CertificateRequest encapsulates the API interface to the certificate request functionality.

func (*CertificateRequest) Name ¶

func (cr *CertificateRequest) Name() pkix.Name

Name returns the PKIX name for the request.

type KeyPurpose ¶

type KeyPurpose int

KeyPurpose declares the purpose for keys

const (
	// Undefined purpose of key
	Undefined KeyPurpose = 0
	// Signing specifies the purpose of key to be used in signing/verification operations
	Signing KeyPurpose = 1
	// Encryption specifies the purpose of key to be used in encryption/decryption operations
	Encryption KeyPurpose = 2
)

type KeyRequest ¶

type KeyRequest interface {
	Algo() string
	Label() string
	Size() int
	Generate() (crypto.PrivateKey, error)
	SigAlgo() x509.SignatureAlgorithm
	Purpose() int
}

KeyRequest contains the algorithm and key size for a new private key.

func NewKeyRequest ¶

func NewKeyRequest(prov cryptoprov.Provider, label, algo string, keySize int, purpose KeyPurpose) KeyRequest

NewKeyRequest returns KeyRequest from given parameters

type Provider ¶

type Provider struct {
	// contains filtered or unexported fields
}

Provider extends cryptoprov.Crypto functionality to support CSP procesing and certificate signing

func New ¶

func New(provider cryptoprov.Provider) *Provider

New returns an instance of CSR provider

func (*Provider) NewKeyRequest ¶

func (c *Provider) NewKeyRequest(label, algo string, keySize int, purpose KeyPurpose) KeyRequest

NewKeyRequest returns KeyRequest from given parameters

func (*Provider) NewRoot ¶

func (c *Provider) NewRoot(req *CertificateRequest) (cert, csrPEM, key []byte, err error)

NewRoot creates a new root certificate from the certificate request.

func (*Provider) NewSigningCertificateRequest ¶

func (c *Provider) NewSigningCertificateRequest(
	keyLabel, algo string, keySize int,
	CN string,
	names []X509Name,
	hosts []string,
) *CertificateRequest

NewSigningCertificateRequest creates new request for signing certificate

func (*Provider) ParseCsrRequest ¶

func (c *Provider) ParseCsrRequest(req *CertificateRequest) (csr []byte, priv crypto.PrivateKey, keyID string, err error)

ParseCsrRequest takes a certificate request and generates a key and CSR from it. It does no validation -- caveat emptor. It will, however, fail if the key request is not valid (i.e., an unsupported curve or RSA key size). The lack of validation was specifically chosen to allow the end user to define a policy and validate the request appropriately before calling this function.

func (*Provider) ProcessCsrRequest ¶

func (c *Provider) ProcessCsrRequest(req *CertificateRequest) (csrPEM, key []byte, keyID string, pub crypto.PublicKey, err error)

ProcessCsrRequest takes a certificate request and generates a key and CSR from it.

type X509Name ¶

type X509Name struct {
	C            string // Country
	ST           string // State
	L            string // Locality
	O            string // OrganisationName
	OU           string // OrganisationalUnitName
	SerialNumber string
}

X509Name contains the SubjectInfo fields.

func (*X509Name) ConvertToCFSSL ¶

func (c *X509Name) ConvertToCFSSL() *csr.Name