owned

package

v0.0.0-...-49c5947 Latest Latest Go to latest Published: Apr 2, 2018 License: MIT Imports: 15 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/influx6/tlsfs

Links

Open Source Insights

Documentation ¶

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type Config ¶

type Config struct {
	// CertificatesFileSystem is the filesystem to use for storing certificate zap files
	// for given domain and users. It must be different from the file system for storing
	// user data.
	CertificatesFileSystem tlsfs.ZapFS

	// UsersFileSystem is the filesystem to use for storing user records zap files
	// for registered users. It must be different from the file system for storing
	// user data.
	UsersFileSystem tlsfs.ZapFS

	// RootFileSystem is the filesystem to use for both storing and retrieving saved
	// ca certificates and configuration files for the CustomFS CA. This filesystem
	// path must exists as a means to persist it's internal state and data files.
	RootFilesystem tlsfs.ZapFS

	// SigningLifeTime is the lifetime which all certificate must be
	// signed with, all certificate must be valid within given duration since
	// time of signing else be renewed with given duration.
	SigningLifeTime time.Duration

	// Profile specifies the profile to be used to create the root CA certificate
	// which will be used to sign all certificate requests and will be used.
	Profile certificates.CertificateAuthorityProfile

	// RootCA contains the loaded or generated CA certificate which is used for
	// all signing process for the generation of certificates.
	RootCA *certificates.CertificateAuthority
	// contains filtered or unexported fields
}

Config defines a configuration used for CustomFS.

type CustomFS ¶

type CustomFS struct {
	// contains filtered or unexported fields
}

CustomFS implements the tlsfs.TlsFS interface, providing a tls certificate acquisition, renewal and management implementation for working with Let's Encrypt CA based certificates.

func BasicFS ¶

func BasicFS(commonName string, caLifeTime time.Duration, signLifeTime time.Duration) (*CustomFS, error)

BasicFS returns a basic instance of an instance of a CustomFS.

func FromCA ¶

func FromCA(sub *x509.Certificate, key crypto.PrivateKey, signLifeTime time.Duration) (*CustomFS, error)

FromCA returns a new instance of CustomFS using the provided certificate and key has Root CA.

func NewCustomFS ¶

func NewCustomFS(config Config) (*CustomFS, error)

NewCustomFS returns a new instance of the CustomFS.

func (*CustomFS) All ¶

func (cm *CustomFS) All() ([]tlsfs.DomainAccount, error)

All returns all existing certificates within the CustomFS regardless of renewal status allowing all state preserved to caller.

func (*CustomFS) Create ¶

func (cm *CustomFS) Create(acct tlsfs.NewDomain, tos tlsfs.TOSAction) (tlsfs.TLSDomainCertificate, tlsfs.Status, error)

Create attempts to create a given TLSDomainCertificate for the giving account. If a certificate already exists for the giving accounts.Domain, then the old TLSDomainCertificate is returned if its has not pass the accepted expiration time yet of 30 days. If it has then a renewal is initiated for the certificate and if successfully will return the new TLSDomainCertificate after replacing the old one. If a renewal failed and the certificate is less than two weeks to expiry or within the 30-days expiration, then the certificate is returned with an appropriate status to indicate non-critical but important reason of failure.

func (*CustomFS) CreateCA ¶

func (cm *CustomFS) CreateCA(acct tlsfs.NewDomain, tos tlsfs.TOSAction) (tlsfs.TLSDomainCertificate, tlsfs.Status, error)

CreateCA attempts to create a given TLSDomainCertificate for the giving account containing a certificate authority and not a regular certificate. If a certificate already exists for the giving accounts.Domain, then the old TLSDomainCertificate is returned if its has not pass the accepted expiration time yet of 30 days. If it has then a renewal is initiated for the certificate and if successfully will return the new TLSDomainCertificate after replacing the old one. If a renewal failed and the certificate is less than two weeks to expiry or within the 30-days expiration, then the certificate is returned with an appropriate status to indicate non-critical but important reason of failure. NOTE: The certificate request attached to the returned TLSDomainCertificate is invalid and is a dummy, so should not be used heavily.

func (*CustomFS) CreateWithCSR ¶

func (cm *CustomFS) CreateWithCSR(req x509.CertificateRequest, tos tlsfs.TOSAction) (tlsfs.TLSDomainCertificate, tlsfs.Status, error)

CreateWithCSR attempts to returns a new tlsfs.TLSDomainCertificate for giving certificate request.

func (*CustomFS) Get ¶

func (cm *CustomFS) Get(email string, domain string) (tlsfs.TLSDomainCertificate, tlsfs.Status, error)

Get attempts to retrieve a existing certificate from the underline store, if such certificate is requiring renewal then the renewal process is called for the certificate with appropriate response returned as stated for the CustomFS.Renew method. It returns a status appropriate for the certificate returned to indicate to the caller the state and needed action if any to be done.

func (*CustomFS) GetCertificate ¶

func (cm *CustomFS) GetCertificate(email string) tlsfs.CertificateFunc

GetCertificate returns a tlsfs.GetCertificateFunc which should be assigned to a tls.Config.GetCertificate field to handle automatic loading and retrieval of tls.Certificates through this filesystem. NOTE: Your are required to provide an email which will reference the account/user who signs for these certificates generated by the returned function.

func (*CustomFS) GetUser ¶

func (cm *CustomFS) GetUser(email string) (tlsfs.Account, error)

GetUser returns an existing user account associated with the provided email.

func (*CustomFS) Renew ¶

func (cm *CustomFS) Renew(email string, domain string) (tlsfs.TLSDomainCertificate, tlsfs.Status, error)

Renew attempts to renew a existing TLSDomainCertificate for the giving domain. If a certificate does not exists exists then the operation is returned with an error. A TLSDomainCertificate is returned if its has not pass the accepted expiration time yet of 30 days. If it has then the renewal is initiated for the certificate and if successfully will return the new TLSDomainCertificate after replacing the old one. If a renewal failed and the certificate is less than two weeks to expiry or within the 30-days expiration, then the certificate is returned with an appropriate status to indicate non-critical but important reason of failure.

func (*CustomFS) Revoke ¶

func (cm *CustomFS) Revoke(email string, domain string) error

Revoke attempts to revoke the existing certificate associated with the user's email and domain. If certificate is pending renewal then it will wait until the end of the renewal before making an attempt to revoke certificate. This is a custom lightweight CA, that has no revoked db that stores certificates that have being revoked. Hence a revoke call simply removes the certificate from the filesystem and cache, which ensures no other can gain access to it, but those who had access before the call to revoke will still be able to use certificate till expiry.

func (*CustomFS) RootCA ¶

func (cm *CustomFS) RootCA() certificates.CertificateAuthority

RootCA returns the root certificate used by the giving instance.

Source Files ¶

View all Source files

owned.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL