Documentation
¶
Index ¶
- Variables
- func DecodeCSR(bytes []byte) (*x509.CertificateRequest, error)
- func DecodePEM(bytes []byte) (*x509.Certificate, error)
- func DecodePEMChain(bytes []byte) ([]*x509.Certificate, error)
- func EncodeCSR(csr []byte) ([]byte, error)
- func EncodePEM(derCert []byte) ([]byte, error)
- func KeyAttributesFromCertificate(certificate *x509.Certificate) (*keystore.KeyAttributes, error)
- func ParseCertificateID(certificate *x509.Certificate, partition *Partition) ([]byte, error)
- func ParseCertificateRequestKeyStoreType(csr *x509.CertificateRequest) (keystore.StoreType, error)
- func ParseCertificateRequestPermanentIdentifier(csr *x509.CertificateRequest) (string, error)
- func ParseCertificateRequestPlatformModel(csr *x509.CertificateRequest) (string, error)
- func ParseCertificateRequestPlatformSerial(csr *x509.CertificateRequest) (string, error)
- func ParseCertificateRequestTPMFIPS1402(csr *x509.CertificateRequest) (bool, error)
- func ParseCertificateRequestTPMFirmwareVersion(csr *x509.CertificateRequest) (string, error)
- func ParseCertificateRequestTPMManufacturer(csr *x509.CertificateRequest) (string, error)
- func ParseCertificateRequestTPMModel(csr *x509.CertificateRequest) (string, error)
- func ParseCertificateRequestTPMVersion(csr *x509.CertificateRequest) (string, error)
- func ParseKeyStoreType(certificate *x509.Certificate) (keystore.StoreType, error)
- func ParseKeyType(certificate *x509.Certificate) (keystore.KeyType, error)
- func ParseXSignedCertificateID(issuerCN string, certificate *x509.Certificate, partition *Partition) ([]byte, error)
- func ToString(certificate *x509.Certificate) string
- type BlobStoreBackend
- type CertStore
- func (cs *CertStore) CRLs(certificate *x509.Certificate) ([]*x509.RevocationList, error)
- func (cs *CertStore) Get(keyAttrs *keystore.KeyAttributes) (*x509.Certificate, error)
- func (cs *CertStore) GetXSigned(issuerCN string, keyAttrs *keystore.KeyAttributes) (*x509.Certificate, error)
- func (cs *CertStore) HasCRL(keyAttrs *keystore.KeyAttributes) bool
- func (cs *CertStore) ImportCRL(cn string, crlDER []byte) error
- func (cs *CertStore) ImportCertificate(certificate *x509.Certificate) error
- func (cs *CertStore) ImportXSignedCertificate(issuerCN string, certificate *x509.Certificate) error
- func (cs *CertStore) IsRevoked(certificate *x509.Certificate, issuerCert *x509.Certificate) error
- func (cs *CertStore) IsRevokedAtDistributionPoints(certificate *x509.Certificate) error
- func (cs *CertStore) Issued(cn string) bool
- func (cs *CertStore) Revoke(certificate *x509.Certificate, issuerCert *x509.Certificate, ...) error
- func (cs *CertStore) Save(certificate *x509.Certificate, partition Partition) error
- type CertificateBackend
- type CertificateStorer
- type FSExtension
- type Partition
Constants ¶
This section is empty.
Variables ¶
View Source
var ( ErrFileAlreadyExists = errors.New("store/x509: file already exists") ErrMissingDistributionPointURL = errors.New("store/x509: missing distribution point URL") Partitions = []Partition{ PARTITION_ROOT, PARTITION_TRUSTED_ROOT, PARTITION_TRUSTED_INTERMEDIATE, PARTITION_ISSUED, PARTITION_CRL, } PARTITION_ROOT Partition = "" PARTITION_TRUSTED_ROOT Partition = "trusted-root" PARTITION_TRUSTED_INTERMEDIATE Partition = "trusted-intermediate" PARTITION_ISSUED Partition = "issued" PARTITION_CRL Partition = "crl" FSEXT_CA_BUNDLE_PEM FSExtension = ".bundle.crt" FSEXT_CSR FSExtension = ".csr" FSEXT_PEM FSExtension = ".crt" FSEXT_DER FSExtension = ".cer" FSEXT_CRL FSExtension = ".crl" )
View Source
var ( ErrTrustExists = errors.New("store/x509: certificate already trusted") ErrInvalidPartition = errors.New("store/x509: invalid file system partition") ErrInvalidType = errors.New("store/x509: invalid type") ErrInvalidAlgorithm = errors.New("store/x509: invalid algorithm") ErrInvalidEncodingPEM = errors.New("store/x509: invalid PEM encoding") ErrInvalidPassword = errors.New("store/x509: invalid password") ErrExpiredCRL = errors.New("store/x509: certificate revocation list expired") ErrCRLNotFound = errors.New("store/x509: certificate revocation list not found") ErrCertNotFound = errors.New("store/x509: certificate not found") ErrCertInvalid = errors.New("store/x509: certificate invalid") ErrCertRevoked = errors.New("store/x509: certificate revoked") ErrInvalidAttributes = errors.New("store/x509: invalid x509 attributes") ErrInvalidIssuingURL = errors.New("store/x509: invalid issuing URL") ErrInvalidPlatformModel = errors.New("store/x509: invalid platform model") ErrInvalidPlatformSerial = errors.New("store/x509: invalid platform serial") ErrInvalidSerialNumber = errors.New("store/x509: invalid serial number") ErrInvalidCertificateAttributes = errors.New("store/x509: invalid certificate attributes") ErrInvalidTPMManufacturer = errors.New("store/x509: invalid TPM manufacturer OID") ErrInvalidTPMModel = errors.New("store/x509: invalid TPM model OID") ErrInvalidTPMVersion = errors.New("store/x509: invalid TPM version OID") ErrInvalidTPMFirmwareVersion = errors.New("store/x509: invalid TPM firmware version OID") ErrInvalidFIPS1402 = errors.New("store/x509: invalid FIPS 140-2 OID") )
Functions ¶
func DecodeCSR ¶
func DecodeCSR(bytes []byte) (*x509.CertificateRequest, error)
Decodes CSR bytes to x509.CertificateRequest
func DecodePEM ¶
func DecodePEM(bytes []byte) (*x509.Certificate, error)
Decodes PEM bytes to *x509.Certificate
func DecodePEMChain ¶
func DecodePEMChain(bytes []byte) ([]*x509.Certificate, error)
Decodes a PEM certificate chain
func KeyAttributesFromCertificate ¶
func KeyAttributesFromCertificate(certificate *x509.Certificate) (*keystore.KeyAttributes, error)
func ParseCertificateID ¶
func ParseCertificateID(certificate *x509.Certificate, partition *Partition) ([]byte, error)
func ParseCertificateRequestKeyStoreType ¶
func ParseCertificateRequestKeyStoreType(csr *x509.CertificateRequest) (keystore.StoreType, error)
func ParseCertificateRequestPermanentIdentifier ¶
func ParseCertificateRequestPermanentIdentifier(csr *x509.CertificateRequest) (string, error)
func ParseCertificateRequestPlatformModel ¶
func ParseCertificateRequestPlatformModel(csr *x509.CertificateRequest) (string, error)
func ParseCertificateRequestPlatformSerial ¶
func ParseCertificateRequestPlatformSerial(csr *x509.CertificateRequest) (string, error)
func ParseCertificateRequestTPMFIPS1402 ¶
func ParseCertificateRequestTPMFIPS1402(csr *x509.CertificateRequest) (bool, error)
func ParseCertificateRequestTPMFirmwareVersion ¶
func ParseCertificateRequestTPMFirmwareVersion(csr *x509.CertificateRequest) (string, error)
func ParseCertificateRequestTPMManufacturer ¶
func ParseCertificateRequestTPMManufacturer(csr *x509.CertificateRequest) (string, error)
func ParseCertificateRequestTPMModel ¶
func ParseCertificateRequestTPMModel(csr *x509.CertificateRequest) (string, error)
func ParseCertificateRequestTPMVersion ¶
func ParseCertificateRequestTPMVersion(csr *x509.CertificateRequest) (string, error)
func ParseKeyStoreType ¶
func ParseKeyStoreType(certificate *x509.Certificate) (keystore.StoreType, error)
func ParseKeyType ¶
func ParseKeyType(certificate *x509.Certificate) (keystore.KeyType, error)
func ToString ¶
func ToString(certificate *x509.Certificate) string
Types ¶
type BlobStoreBackend ¶
type BlobStoreBackend struct {
CertificateBackend
// contains filtered or unexported fields
}
func (*BlobStoreBackend) DeleteCertificate ¶
func (bse *BlobStoreBackend) DeleteCertificate(id []byte) error
func (*BlobStoreBackend) Get ¶
func (bse *BlobStoreBackend) Get(id []byte) (*x509.Certificate, error)
func (*BlobStoreBackend) ImportCertificate ¶
func (bse *BlobStoreBackend) ImportCertificate( id []byte, certificate *x509.Certificate) error
type CertStore ¶
type CertStore struct {
CertificateStorer
// contains filtered or unexported fields
}
func (*CertStore) CRLs ¶
func (cs *CertStore) CRLs(certificate *x509.Certificate) ([]*x509.RevocationList, error)
Loads and parse all Distribution Certificate Revocation Lists in the provided certificate using the 3rd party CRL partition
func (*CertStore) Get ¶
func (cs *CertStore) Get(keyAttrs *keystore.KeyAttributes) (*x509.Certificate, error)
Retrieves an x509 certificate from the certificate store.
func (*CertStore) GetXSigned ¶
func (cs *CertStore) GetXSigned(issuerCN string, keyAttrs *keystore.KeyAttributes) (*x509.Certificate, error)
Retrieves an x509 certificate from the certificate store.
func (*CertStore) HasCRL ¶
func (cs *CertStore) HasCRL(keyAttrs *keystore.KeyAttributes) bool
Returns true if the requested Certificate Revocation List exists in the certificate store
func (*CertStore) ImportCertificate ¶
func (cs *CertStore) ImportCertificate(certificate *x509.Certificate) error
Imports a certificate to the certificate store
func (*CertStore) ImportXSignedCertificate ¶
func (cs *CertStore) ImportXSignedCertificate(issuerCN string, certificate *x509.Certificate) error
Imports a cross-signed certificate to the certificate store
func (*CertStore) IsRevoked ¶
func (cs *CertStore) IsRevoked( certificate *x509.Certificate, issuerCert *x509.Certificate) error
Returns true if the certificate is found in the local Certificate Authority revocation list and if its associated certificates were moved to the revoked partition.
func (*CertStore) IsRevokedAtDistributionPoints ¶
func (cs *CertStore) IsRevokedAtDistributionPoints( certificate *x509.Certificate) error
Returns true if the certificate is found in any of the imported Distrubution Point Certificate Revocation Lists.
func (*CertStore) Revoke ¶
func (cs *CertStore) Revoke( certificate *x509.Certificate, issuerCert *x509.Certificate, signer crypto.Signer) error
Adds the specified certificate to the Certicicate Authority revocation list and moves all of the related certificates to the revoked certificates directory.
type CertificateBackend ¶
type CertificateBackend interface {
ImportCertificate(id []byte, certificate *x509.Certificate) error
Get(id []byte) (*x509.Certificate, error)
DeleteCertificate(id []byte) error
}
func NewBlobStoreBackend ¶
func NewBlobStoreBackend(blobStore blob.BlobStorer) CertificateBackend
type CertificateStorer ¶
type CertificateStorer interface {
CRLs(certificate *x509.Certificate) ([]*x509.RevocationList, error)
Get(keyAttrs *keystore.KeyAttributes) (*x509.Certificate, error)
GetXSigned(issuerCN string, keyAttrs *keystore.KeyAttributes) (*x509.Certificate, error)
ImportCertificate(certificate *x509.Certificate) error
ImportXSignedCertificate(issuerCN string, certificate *x509.Certificate) error
ImportCRL(cn string, crlDER []byte) error
IsRevoked(certificate *x509.Certificate, issuerCert *x509.Certificate) error
IsRevokedAtDistributionPoints(certificate *x509.Certificate) error
Issued(cn string) bool
Revoke(certificate *x509.Certificate, issuerCert *x509.Certificate, signer crypto.Signer) error
Save(certificate *x509.Certificate, partition Partition) error
}
func NewCertificateStore ¶
func NewCertificateStore( logger *logging.Logger, blobStore blob.BlobStorer) (CertificateStorer, error)
Creates a new local file system backed x509 certificate store
type FSExtension ¶
type FSExtension string
Source Files
Click to show internal directories.
Click to hide internal directories.