tls

Documentation

Index

• Constants
• Variables
• func CopyCA(issuer *Issuer, path string) error
• func FileDoesNotExists(file string) bool
• func GenerateCertificate(req CertificateRequest, key crypto.PrivateKey, issuer *Issuer) error
• func GenerateOutFilesFromRequest(req CertificateRequest, issuer *Issuer)
• func GeneratePrivateKey(req CertificateRequest) (crypto.PrivateKey, error)
• func HandleCertificateRequestFile(file string)
• func LoadCertFromFile(file string) (*x509.Certificate, error)
• func LoadCertificateRequests(dir string)
• func MakeParentsDirectories(path string) bool
• func ReadDir(dir string) ([]string, error)
• func Start() funcs.Stop
• type CertificateRequest
  • func LoadCertificateRequest(path string) (CertificateRequest, error)
• type Issuer
  • func LoadIssuer(path IssuerPath) (*Issuer, error)
• type IssuerPath
• type PrivateKey

Constants

const (
	KeyOutDir              = "out.dir"
	KeyOutCert             = "out.cert"
	KeyOutKey              = "out.key"
	KeyOutCA               = "out.ca"
	KeyCommonName          = "commonName"
	KeyIsCA                = "isCA"
	KeyDuration            = "duration"
	KeyRenewBefore         = "renewBefore"
	KeyKeyUsages           = "keyUsages"
	KeyExtKeyUsages        = "extKeyUsages"
	KeyDNSNames            = "dnsNames"
	KeyIPAddresses         = "ipAddresses"
	KeyCountries           = "subject.countries"
	KeyOrganizations       = "subject.organizations"
	KeyOrganizationalUnits = "subject.organizationalUnits"
	KeyLocalities          = "subject.localities"
	KeyProvinces           = "subject.provinces"
	KeyStreetAddresses     = "subject.streetAddresses"
	KeyPostalCodes         = "subject.postalCodes"
	KeyPrivateKeyAlgorithm = "privateKey.algorithm"
	KeyPrivateKeySize      = "privateKey.size"
	KeyIssuerDir           = "issuer.dir"
	KeyIssuerPublicKey     = "issuer.publicKey"
	KeyIssuerPrivateKey    = "issuer.privateKey"
)

const (
	MinRSAKeySize = 2048
	MaxRSAKeySize = 8192
	RSA           = "rsa"
	ECDSA         = "ecdsa"
	ED25519       = "ed25519"
)

Variables

var (
	ErrOpenCertificateRequestFile = errors.New("open file")
	ErrReadCertificateRequestFile = errors.New("read file")
	ErrInvalidKeyUsages           = errors.New("invalid key usages")
	ErrInvalidExtKeyUsages        = errors.New("invalid ext key usages")
	ErrInvalidIPAddress           = errors.New("invalid ip addresses")
	ErrMissingMandatoryField      = errors.New("missing mandatory field")
)

var (
	ErrLoadIssuerKeyPair      = errors.New("load issuer key pair")
	ErrParseIssuerCertificate = errors.New("parse issuer certificate")
	ErrCreateFile             = errors.New("create file")
	ErrReadFile               = errors.New("read file")
	ErrParseCertificate       = errors.New("parse certificate")
	ErrEncode                 = errors.New("encode")
	ErrReadDir                = errors.New("read directory")
)

var (
	ErrGenerateKey                    = errors.New("generate key")
	ErrGenerateSerialNumber           = errors.New("generate serial number")
	ErrGenerateCert                   = errors.New("generate cert")
	ErrCopyCA                         = errors.New("copy CA")
	ErrRSAKeySizeTooWeak              = fmt.Errorf("RSA key size too weak, minimum is %d", MinRSAKeySize)
	ErrRSAKeySizeTooBig               = fmt.Errorf("RSA key size too big, maximum is %d", MaxRSAKeySize)
	ErrUnsupportedPrivateKeyAlgorithm = fmt.Errorf("unsupported private key algorithm")
	ErrEncodePrivateKey               = fmt.Errorf("encode private key")
	ErrUnsupportedECDSAKeySize        = errors.New("unsupported ecdsa key size")
)

var (
	ErrInvalidPEMBlock = errors.New("invalid PEM block")
)

var WritePemToFile = func(b *pem.Block, file string) error {
	pemFile, err := os.Create(file)
	if err != nil {
		return fmt.Errorf(format.WrapErrors, ErrCreateFile, err)
	}
	defer func() { _ = pemFile.Close() }()
	err = pem.Encode(pemFile, b)
	if err != nil {
		return fmt.Errorf(format.WrapErrors, ErrEncode, err)
	}
	return nil
}

Functions

func CopyCA

func CopyCA(issuer *Issuer, path string) error

func FileDoesNotExists

func FileDoesNotExists(file string) bool

func GenerateCertificate

func GenerateCertificate(req CertificateRequest, key crypto.PrivateKey, issuer *Issuer) error

func GenerateOutFilesFromRequest

func GenerateOutFilesFromRequest(req CertificateRequest, issuer *Issuer)

func GeneratePrivateKey

func GeneratePrivateKey(req CertificateRequest) (crypto.PrivateKey, error)

func HandleCertificateRequestFile

func HandleCertificateRequestFile(file string)

func LoadCertFromFile

func LoadCertFromFile(file string) (*x509.Certificate, error)

func LoadCertificateRequests

func LoadCertificateRequests(dir string)

func MakeParentsDirectories

func MakeParentsDirectories(path string) bool

func ReadDir

func ReadDir(dir string) ([]string, error)

func Start

func Start() funcs.Stop

Types

type CertificateRequest

type CertificateRequest struct {
	OutCertPath         string
	OutKeyPath          string
	OutCAPath           string
	CommonName          string
	IsCA                bool
	Countries           []string
	Organizations       []string
	OrganizationalUnits []string
	Localities          []string
	Provinces           []string
	StreetAddresses     []string
	PostalCodes         []string
	Duration            time.Duration
	RenewBefore         time.Duration
	KeyUsage            x509.KeyUsage
	ExtKeyUsage         []x509.ExtKeyUsage
	DNSNames            []string
	IPAddresses         []net.IP
	PrivateKey          PrivateKey
	IssuerPath          IssuerPath
}

func LoadCertificateRequest

func LoadCertificateRequest(path string) (CertificateRequest, error)

type Issuer

type Issuer struct {
	PublicKey  *x509.Certificate
	PrivateKey crypto.PrivateKey
}

func LoadIssuer

func LoadIssuer(path IssuerPath) (*Issuer, error)

type IssuerPath

type IssuerPath struct {
	PublicKey  string
	PrivateKey string
}

type PrivateKey

type PrivateKey struct {
	Algorithm string
	Size      int
}