Documentation ¶
Index ¶
- Constants
- func Apply(options []Option, cert *x509.Certificate)
- type CRLHolder
- type KeyStorage
- type Option
- type PKI
- func (p *PKI) GetCRL() (*pkix.CertificateList, error)
- func (p *PKI) GetLastCA() (*pair.X509Pair, error)
- func (p *PKI) IsRevoked(serial *big.Int) bool
- func (p *PKI) NewCa(opts ...Option) (*pair.X509Pair, error)
- func (p *PKI) NewCert(cn string, opts ...Option) (*pair.X509Pair, error)
- func (p *PKI) RevokeAllByCN(cn string) error
- func (p *PKI) RevokeOne(serial *big.Int) error
- type SerialProvider
Constants ¶
View Source
const ( PEMCertificateBlock string = "CERTIFICATE" // pem block header for x509.Certificate PEMRSAPrivateKeyBlock = "RSA PRIVATE KEY" // pem block header for rsa.PrivateKey PEMx509CRLBlock = "X509 CRL" // pem block header for CRL DefaultKeySizeBytes int = 2048 // default key size in bytes DefaultExpireYears = 99 // default expire time for certs )
Variables ¶
This section is empty.
Functions ¶
func Apply ¶
func Apply(options []Option, cert *x509.Certificate)
Types ¶
type CRLHolder ¶
type CRLHolder interface { Put([]byte) error // Put file content for crl Get() (*pkix.CertificateList, error) // Get current revoked cert list }
Certificate revocation list holder interface
type KeyStorage ¶
type KeyStorage interface { Put(pair *pair.X509Pair) error // Put new pair to KeyStorage. Overwrite if already exist. GetByCN(cn string) ([]*pair.X509Pair, error) // Get all keypairs by CN. GetLastByCn(cn string) (*pair.X509Pair, error) // Get last pair by CN. GetBySerial(serial *big.Int) (*pair.X509Pair, error) // Get one keypair by serial. DeleteByCn(cn string) error // Delete all keypairs by CN. DeleteBySerial(serial *big.Int) error // Delete one keypair by serial. GetAll() ([]*pair.X509Pair, error) // Get all keypair }
Key storage interface
type PKI ¶
type PKI struct { Storage KeyStorage // contains filtered or unexported fields }
PKI struct holder
func NewPKI ¶
func NewPKI(storage KeyStorage, sp SerialProvider, crlHolder CRLHolder, subjTemplate pkix.Name) *PKI
NewPKI PKI struct "constructor"
func (*PKI) GetCRL ¶
func (p *PKI) GetCRL() (*pkix.CertificateList, error)
GetCRL return current revoke list
func (*PKI) RevokeAllByCN ¶
RevokeAllByCN revoke all pairs with common name
type SerialProvider ¶
Serial provider interface
Click to show internal directories.
Click to hide internal directories.