certkitetcd

package

v0.0.0-...-b8d9ce6 Latest Latest Go to latest Published: May 2, 2024 License: MPL-2.0 Imports: 27 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/luisfurquim/stonelizard

Documentation ¶

Index ¶

Variables
type CertKit
- func New(srvsubject, casubject pkix.Name, host, email string) (*CertKit, error)
- func NewFromCK(path string) (*CertKit, error)
type CertkitG
type UserDB

Constants ¶

This section is empty.

Variables ¶

View Source

var CaTime time.Duration = 365 * 24 * 20 * time.Hour

View Source

var ClientTime time.Duration = 3650 * 24 * time.Hour

View Source

var ErrorBadEtcdHandler = errors.New("Bad etcd handler provided")

View Source

var ErrorBadEtcdKey = errors.New("Bad etcd key provided")

View Source

var ErrorBadPEMBlock = errors.New("Bad PEM block")

View Source

var ErrorCertsMustHaveKeys = errors.New("Either provide both certificate and key or none of them")

View Source

var ErrorNoEtcdHandler = errors.New("No etcd handler provided")

View Source

var ErrorNoEtcdKey = errors.New("No etcd key provided")

View Source

var ErrorUnauthorized = errors.New("Unauthorized access attempt")

View Source

var ErrorValidDate = errors.New("Failed certificate has expired or not yet valid date")

View Source

var ServerTime time.Duration = 365 * 24 * time.Hour

Functions ¶

This section is empty.

Types ¶

type CertKit ¶

type CertKit struct {
	Etcdcli                  etcd.Client
	Etcdkey                  string
	Path                     string
	ServerCertPem, CACertPem []byte
	ServerCert, CACert       *x509.Certificate
	ServerKeyPem, CAKeyPem   []byte
	ServerKey, CAKey         *rsa.PrivateKey
	CACRL                    []byte
	CertPool                 *x509.CertPool
	UserCerts                map[string]*UserDB
	PendingCerts             map[string]*UserDB
	ServerX509KeyPair        tls.Certificate
	// contains filtered or unexported fields
}

func New ¶

func New(srvsubject, casubject pkix.Name, host, email string) (*CertKit, error)

func NewFromCK ¶

func NewFromCK(path string) (*CertKit, error)

func (*CertKit) AddUserData ¶

func (ck *CertKit) AddUserData(usrKey string, ClientCert *x509.Certificate) error

func (*CertKit) Authorize ¶

func (ck *CertKit) Authorize(path string, parms map[string]interface{}, RemoteAddr string, TLS *tls.ConnectionState, SavePending func(interface{}) error) (httpstat int, data interface{}, err error)

func (*CertKit) Delete ¶

func (ck *CertKit) Delete(tree, id string) error

Remove a user certificate from the trusted subtree (so, rejecting this user accesses)

func (*CertKit) Drop ¶

func (ck *CertKit) Drop(id string) error

Remove a user certificate from the trusted subtree (so, rejecting this user accesses)

func (*CertKit) GenerateCA ¶

func (crtkit *CertKit) GenerateCA(subject pkix.Name, host, email string, listenport ...string) error

func (*CertKit) GenerateClient ¶

func (crtkit *CertKit) GenerateClient(subject pkix.Name, email, password string) ([]byte, []byte, error)

func (*CertKit) GenerateClientParsed ¶

func (crtkit *CertKit) GenerateClientParsed(subject pkix.Name, email, password string) (*x509.Certificate, *rsa.PrivateKey, []byte, error)

func (*CertKit) GenerateServer ¶

func (crtkit *CertKit) GenerateServer(subject pkix.Name, host, email string, NotBefore ...time.Time) error

func (*CertKit) GetCACert ¶

func (ck *CertKit) GetCACert() *x509.Certificate

func (*CertKit) GetCAKey ¶

func (ck *CertKit) GetCAKey() *rsa.PrivateKey

func (*CertKit) GetCertPool ¶

func (ck *CertKit) GetCertPool() *x509.CertPool

func (*CertKit) GetDNSNames ¶

func (ck *CertKit) GetDNSNames() []string

func (*CertKit) GetPending ¶

func (ck *CertKit) GetPending() (map[string]interface{}, error)

List certificates from the pending subtree

func (*CertKit) GetServerCert ¶

func (ck *CertKit) GetServerCert() *x509.Certificate

func (*CertKit) GetServerKey ¶

func (ck *CertKit) GetServerKey() *rsa.PrivateKey

func (*CertKit) GetServerX509KeyPair ¶

func (ck *CertKit) GetServerX509KeyPair() tls.Certificate

func (*CertKit) GetTLSConfig ¶

func (ck *CertKit) GetTLSConfig(Access uint8) (*tls.Config, error)

func (ck *CertKit) GetTLSConfig(AuthRequired bool) (*tls.Config, error) {

func (*CertKit) GetTrusted ¶

func (ck *CertKit) GetTrusted() (map[string]interface{}, error)

List certificates from the trusted subtree

func (*CertKit) LoadUserData ¶

func (ck *CertKit) LoadUserData() error

func (CertKit) ReadCRL ¶

func (crtkit CertKit) ReadCRL(fname string) ([]byte, error)

Load in memory the Certificate Revogation List from the PemPath field of Service struct

func (CertKit) ReadCertFromReader ¶

func (crtkit CertKit) ReadCertFromReader(r io.Reader) (*x509.Certificate, []byte, error)

Load in memory and decodes the certificate from the reader

func (CertKit) ReadCertificate ¶

func (crtkit CertKit) ReadCertificate(fname string) (*x509.Certificate, []byte, error)

Open certificate file and call the reader

func (CertKit) ReadDecryptRsaPrivKey ¶

func (crtkit CertKit) ReadDecryptRsaPrivKey(fname string) (*rsa.PrivateKey, []byte, error)

func (CertKit) ReadDecryptRsaPrivKeyFromReader ¶

func (crtkit CertKit) ReadDecryptRsaPrivKeyFromReader(r io.Reader) (*rsa.PrivateKey, []byte, error)

func (CertKit) ReadRsaPrivKey ¶

func (crtkit CertKit) ReadRsaPrivKey(fname string) (*rsa.PrivateKey, []byte, error)

func (CertKit) ReadRsaPrivKeyFromReader ¶

func (crtkit CertKit) ReadRsaPrivKeyFromReader(r io.Reader) (*rsa.PrivateKey, []byte, error)

func (*CertKit) Reject ¶

func (ck *CertKit) Reject(id string) error

Remove a user certificate from the pending subtree (so, rejecting this user accesses)

func (*CertKit) SavePending ¶

func (ck *CertKit) SavePending(cert *x509.Certificate) error

Stores the certificate in the authorization pending subtree

func (CertKit) ServeHTTP ¶

func (svc CertKit) ServeHTTP(w http.ResponseWriter, r *http.Request)

func (*CertKit) SetCAYearValidity ¶

func (ck *CertKit) SetCAYearValidity(notBefore time.Time, validityCACert int)

func (*CertKit) SetClientYearValidity ¶

func (ck *CertKit) SetClientYearValidity(notBefore time.Time, validityClientCert int)

func (*CertKit) SetServerYearValidity ¶

func (ck *CertKit) SetServerYearValidity(notBefore time.Time, validityServerCert int)

func (*CertKit) Setup ¶

func (ck *CertKit) Setup(udata map[string]interface{}) error

func (*CertKit) StartCRLServer ¶

func (ck *CertKit) StartCRLServer(listenAddress string, listener *stonelizard.StoppableListener) error

func (*CertKit) Trust ¶

func (ck *CertKit) Trust(id string) error

Transfer a user certificate from the pending subtree to the trusted subtree (so, enabling this user accesses)

func (*CertKit) UpdNotAfter ¶

func (crtkit *CertKit) UpdNotAfter()

type CertkitG ¶

type CertkitG struct {
	Generator goose.Alert `json:"Generator"`
	Loader    goose.Alert `json:"Loader"`
	Serve     goose.Alert `json:"Serve"`
	Auth      goose.Alert `json:"Auth"`
}

var Goose CertkitG

type UserDB ¶

type UserDB struct {
	Cert *x509.Certificate
}

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL