certificates

package
v0.0.0-...-cc7cbc4 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Dec 21, 2021 License: Apache-2.0 Imports: 14 Imported by: 0

Documentation

Index

Constants

View Source
const ClientCertHeader = "X-Forwarded-Client-Cert"

Variables

This section is empty.

Functions

func GetCommonName

func GetCommonName(subject string) string

func GetCountry

func GetCountry(subject string) string

func GetLocality

func GetLocality(subject string) string

func GetOrganization

func GetOrganization(subject string) string

func GetOrganizationalUnit

func GetOrganizationalUnit(subject string) string

func GetProvince

func GetProvince(subject string) string

Types

type CSRSubject

type CSRSubject struct {
	CommonName         string
	Country            string
	Organization       string
	OrganizationalUnit string
	Locality           string
	Province           string
}

func (CSRSubject) ToString

func (s CSRSubject) ToString() string

type CertInfo

type CertInfo struct {
	Hash    string
	Subject string
}

type CertificateUtility

type CertificateUtility interface {
	LoadCert(encodedData []byte) (*x509.Certificate, apperrors.AppError)
	LoadKey(encodedData []byte) (*rsa.PrivateKey, apperrors.AppError)
	LoadCSR(encodedData []byte) (*x509.CertificateRequest, apperrors.AppError)
	CheckCSRValues(csr *x509.CertificateRequest, subject CSRSubject) apperrors.AppError
	SignCSR(caCrt *x509.Certificate, csr *x509.CertificateRequest, caKey *rsa.PrivateKey) ([]byte, apperrors.AppError)
	AddCertificateHeaderAndFooter(crtRaw []byte) []byte
}

func NewCertificateUtility

func NewCertificateUtility(certificateValidityTime time.Duration) CertificateUtility

type EncodedCertificateChain

type EncodedCertificateChain struct {
	CertificateChain  string
	ClientCertificate string
	CaCertificate     string
}

type HeaderParser

type HeaderParser interface {
	ParseCertificateHeader(r http.Request) (CertInfo, apperrors.AppError)
}

func NewHeaderParser

func NewHeaderParser(country, province, locality, organization, unit string, central bool) HeaderParser

type Service

type Service interface {
	// SignCSR takes encoded CSR, validates subject and generates Certificate based on CA stored in secret
	// returns base64 encoded certificate chain
	SignCSR(encodedCSR []byte, subject CSRSubject) (EncodedCertificateChain, apperrors.AppError)
}

func NewCertificateService

func NewCertificateService(secretRepository secrets.Repository, certUtil CertificateUtility, caSecretName, rootCACertificateSecretName types.NamespacedName) Service

type SubjectVerification

type SubjectVerification func(i CertInfo) bool

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL