Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
var ( // ErrNoBackupMade is returned if no backup of a certificate store can be found ErrNoBackupMade = errors.New("unable to make backup of store") )
Functions ¶
Types ¶
type Info ¶
Info represents high-level information about a certificate store There are no guarentees of machine parsing on this data, but it should be easily human readable.
type ListOptions ¶
type Store ¶
type Store interface {
// GetInfo returns basic information about the store
GetInfo() *Info
// List returns the currently trusted X509 certificates contained
// within the cert store
List(opts *ListOptions) ([]*x509.Certificate, error)
// Add certificate(s) into the store
Add([]*x509.Certificate) error
// Remove will distrust the certificate in the store
//
// Note: This may not actually delete the certificate, but modify
// the store such that the certificate is no longer trusted.
// This is done when possible to limit the actual deletions to
// preserve restore capabilities
Remove(whitelist.Whitelist) error
// Backup will attempt to save a backup of the certificate store
// on the local system
Backup() error
// GetLatestBackup returns the latest directory (or file) backup
// of a certificate store.
//
// If the path is non-empty the directory or file is guarenteed
// to exist.
GetLatestBackup() (string, error)
// Restore will bring the system back to it's previous state
// if a backup exists, otherwise it will attempt to bring the
// cert trust status to the system's default state
//
// Optionally, this can take a specific filepath to use as the
// restore point. This may not be supported on all stores.
//
// Note: It is strongly advised that any additional certs installed
// be verified are still properly installed and working after
// Restore() is called.
Restore(where string) error
}
Store represents a certificate store (set of x509 Certificates) and has operations on it which can mutate the underlying state (e.g. a file or directory).
func ChromeStore ¶
func ChromeStore() Store
ChromeStore returns a Google Chrome implementation of Store Docs: https://www.chromium.org/Home/chromium-security/root-ca-policy
func FirefoxStore ¶
func FirefoxStore() Store
FirefoxStore returns a Mozilla Firefox implementation of Store
func JavaStore ¶
func JavaStore() Store
JavaStore returns an implementation of Store for Java certificate stores
Docs: - https://docs.oracle.com/cd/E19830-01/819-4712/ablqw/index.html - https://www.sslshopper.com/article-most-common-java-keytool-keystore-commands.html
func NssStore ¶
func NssStore(nssType string, upstreamVersion string, suggestedDirs []cert8db, foundCert8db cert8db) Store
NssStore returns an implementation of Store for NSS certificate stores
Docs: - https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS - https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/Tools/crtutil - https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/An_overview_of_NSS_Internals - https://wiki.mozilla.org/NSS_Shared_DB - https://www.chromium.org/Home/chromium-security/root-ca-policy
func OpenSSLStore ¶
func OpenSSLStore() Store
OpenSSLStore returns an implementation of Store for OpenSSL certificate stores
Source Files