certs

package
v1.0.6 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jul 15, 2024 License: GPL-3.0 Imports: 32 Imported by: 0

README

certs

X.509 certificate generation and management code.

Documentation

Index

Constants

View Source
const (
	// ECCKey - Namespace for ECC keys
	ECCKey = "ecc"

	// RSAKey - Namespace for RSA keys
	RSAKey = "rsa"
)
View Source
const (
	// MtlsImplantCA - Directory containing HTTPS server certificates
	MtlsImplantCA = "Microsoft-Imp-Auth-Cert"
	MtlsServerCA  = "Microsoft-Server-Auth-Cert"
)
View Source
const (
	// ACMEDirName - Name of dir to store ACME certs
	ACMEDirName = "acme"
)
View Source
const (
	// HTTPSCA - Directory containing operator certificates
	HTTPSCA = "https"
)
View Source
const (
	// OperatorCA - Directory containing operator certificates
	OperatorCA = "SSH-Auth-Cert"
)

Variables

View Source
var (
	ErrWGPeerDoesNotExist     = errors.New("wg peer does not exist")
	ErrWGServerKeysDoNotExist = errors.New("wg server keys do not exist")
)
View Source
var (

	// ErrCertDoesNotExist - Returned if a GetCertificate() is called for a cert/cn that does not exist
	ErrCertDoesNotExist = errors.New("Certificate does not exist")
)
View Source
var (
	// TLSKeyLogger - File descriptor for logging TLS keys
	TLSKeyLogger = newKeyLogger()
)

Functions

func GenerateCertificateAuthority

func GenerateCertificateAuthority(caType string, commonName string) (*x509.Certificate, *ecdsa.PrivateKey)

GenerateCertificateAuthority - Creates a new CA cert for a given type

func GenerateECCCertificate

func GenerateECCCertificate(caType string, commonName string, isCA bool, isClient bool) ([]byte, []byte)

GenerateECCCertificate - Generate a TLS certificate with the given parameters We choose some reasonable defaults like Curve, Key Size, ValidFor, etc. Returns two strings `cert` and `key` (PEM Encoded).

func GenerateRSACertificate

func GenerateRSACertificate(caType string, commonName string, isCA bool, isClient bool) ([]byte, []byte)

GenerateRSACertificate - Generates an RSA Certificate

func GenerateWGKeys

func GenerateWGKeys(isPeer bool, wgPeerTunIP string) (string, string, error)

GenerateWGKeys - Generates and saves new wg keys

func GetACMEDir

func GetACMEDir() string

GetACMEDir - Dir to store ACME certs

func GetACMEManager

func GetACMEManager(domain string) *autocert.Manager

GetACMEManager - Get an ACME cert/tls config with the certs

func GetCertificate

func GetCertificate(caType string, keyType string, commonName string) ([]byte, []byte, error)

GetCertificate - Get the PEM encoded certificate & key for a host

func GetCertificateAuthority

func GetCertificateAuthority(caType string) (*x509.Certificate, *ecdsa.PrivateKey, error)

GetCertificateAuthority - Get the current CA certificate

func GetCertificateAuthorityPEM

func GetCertificateAuthorityPEM(caType string) ([]byte, []byte, error)

GetCertificateAuthorityPEM - Get PEM encoded CA cert/key

func GetECCCertificate

func GetECCCertificate(caType string, commonName string) ([]byte, []byte, error)

GetECCCertificate - Get an ECC certificate

func GetRSACertificate

func GetRSACertificate(caType string, commonName string) ([]byte, []byte, error)

GetRSACertificate - Get an RSA certificate

func GetWGPeers

func GetWGPeers() (map[string]string, error)

GetWGSPeers - Get a map of Pubkey:TunIP for existing wg peers

func GetWGServerKeys

func GetWGServerKeys() (string, string, error)

GetWGServerKeys - Get existing wg server keys

func HTTPSGenerateRSACertificate

func HTTPSGenerateRSACertificate(host string) ([]byte, []byte, error)

HTTPSGenerateRSACertificate - Generate a server certificate signed with a given CA

func ImplantGenerateWGKeys

func ImplantGenerateWGKeys(wgPeerTunIP string) (string, string, error)

ImplantGenerateWGKeys - Generate WG keys for implant

func MtlsC2ImplantGenerateECCCertificate

func MtlsC2ImplantGenerateECCCertificate(name string) ([]byte, []byte, error)

MtlsC2ImplantGenerateECCCertificate - Generate a server certificate signed with a given CA

func MtlsC2ServerGenerateECCCertificate

func MtlsC2ServerGenerateECCCertificate(host string) ([]byte, []byte, error)

MtlsC2ServerGenerateECCCertificate - Generate a server certificate signed with a given CA

func OperatorClientGenerateCertificate

func OperatorClientGenerateCertificate(operator string) ([]byte, []byte, error)

OperatorClientGenerateCertificate - Generate a certificate signed with a given CA

func OperatorClientGetCertificate

func OperatorClientGetCertificate(operator string) ([]byte, []byte, error)

OperatorClientGetCertificate - Helper function to fetch a client cert

func OperatorClientListCertificates

func OperatorClientListCertificates() []*x509.Certificate

OperatorClientListCertificates - Get all client certificates

func OperatorClientRemoveCertificate

func OperatorClientRemoveCertificate(operator string) error

OperatorClientRemoveCertificate - Helper function to remove a client cert

func OperatorServerGenerateCertificate

func OperatorServerGenerateCertificate(hostname string) ([]byte, []byte, error)

OperatorServerGenerateCertificate - Generate a certificate signed with a given CA

func OperatorServerGetCertificate

func OperatorServerGetCertificate(hostname string) ([]byte, []byte, error)

OperatorServerGetCertificate - Helper function to fetch a server cert

func RemoveCertificate

func RemoveCertificate(caType string, keyType string, commonName string) error

RemoveCertificate - Remove a certificate from the cert store

func SaveCertificateAuthority

func SaveCertificateAuthority(caType string, cert []byte, key []byte)

SaveCertificateAuthority - Save the certificate and the key to the filesystem doesn't return an error because errors are fatal. If we can't generate CAs, then we can't secure communication and we should die a horrible death.

func SetupCAs

func SetupCAs()

SetupCAs - Creates directories for certs

func SetupWGKeys

func SetupWGKeys()

SetupWGKeys - Setup server keys

Types

This section is empty.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL