certkitetcd

package

v0.0.0-...-4fca628 Latest Latest Go to latest Published: Sep 5, 2024 License: MPL-2.0 Imports: 27 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/luisfurquim/stonelizard

Documentation ¶

Index ¶

Variables
type CertKit
- func New(srvsubject, casubject pkix.Name, host, email string) (*CertKit, error)
- func NewFromCK(path string) (*CertKit, error)
type CertkitG
type UserDB

Constants ¶

This section is empty.

Variables ¶

View Source

var CaTime time.Duration = 365 * 24 * 20 * time.Hour

View Source

var ClientTime time.Duration = 3650 * 24 * time.Hour

View Source

var ErrorBadEtcdHandler = errors.New("Bad etcd handler provided")

View Source

var ErrorBadEtcdKey = errors.New("Bad etcd key provided")

View Source

var ErrorBadPEMBlock = errors.New("Bad PEM block")

View Source

var ErrorCertsMustHaveKeys = errors.New("Either provide both certificate and key or none of them")

View Source

var ErrorNoEtcdHandler = errors.New("No etcd handler provided")

View Source

var ErrorNoEtcdKey = errors.New("No etcd key provided")

View Source

var ErrorUnauthorized = errors.New("Unauthorized access attempt")

View Source

var ErrorValidDate = errors.New("Failed certificate has expired or not yet valid date")

View Source

var ServerTime time.Duration = 365 * 24 * time.Hour

Functions ¶

This section is empty.

Types ¶

type CertKit ¶

type CertKit struct {
	Etcdcli                  etcd.Client
	Etcdkey                  string
	Path                     string
	ServerCertPem, CACertPem []byte
	ServerCert, CACert       *x509.Certificate
	ServerKeyPem, CAKeyPem   []byte
	ServerKey, CAKey         *rsa.PrivateKey
	CACRL                    []byte
	CertPool                 *x509.CertPool
	UserCerts                map[string]*UserDB
	PendingCerts             map[string]*UserDB
	ServerX509KeyPair        tls.Certificate
	// contains filtered or unexported fields
}

func New ¶

func New(srvsubject, casubject pkix.Name, host, email string) (*CertKit, error)

func NewFromCK ¶

func NewFromCK(path string) (*CertKit, error)

func (*CertKit) AddUserData ¶

func (ck *CertKit) AddUserData(usrKey string, ClientCert *x509.Certificate) error

func (*CertKit) Authorize ¶

func (ck *CertKit) Authorize(path string, parms map[string]interface{}, RemoteAddr string, TLS *tls.ConnectionState, SavePending func(interface{}) error) (httpstat int, data interface{}, err error)

func (*CertKit) Delete ¶

func (ck *CertKit) Delete(tree, id string) error

Remove a user certificate from the trusted subtree (so, rejecting this user accesses)

func (*CertKit) Drop ¶

func (ck *CertKit) Drop(id string) error

Remove a user certificate from the trusted subtree (so, rejecting this user accesses)

func (*CertKit) GenerateCA ¶

func (crtkit *CertKit) GenerateCA(subject pkix.Name, host, email string, listenport ...string) error

func (*CertKit) GenerateClient ¶

func (crtkit *CertKit) GenerateClient(subject pkix.Name, email, password string) ([]byte, []byte, error)

func (*CertKit) GenerateClientParsed ¶

func (crtkit *CertKit) GenerateClientParsed(subject pkix.Name, email, password string) (*x509.Certificate, *rsa.PrivateKey, []byte, error)

func (*CertKit) GenerateServer ¶

func (crtkit *CertKit) GenerateServer(subject pkix.Name, host, email string, NotBefore ...time.Time) error

func (*CertKit) GetCACert ¶

func (ck *CertKit) GetCACert() *x509.Certificate

func (*CertKit) GetCAKey ¶

func (ck *CertKit) GetCAKey() *rsa.PrivateKey

func (*CertKit) GetCertPool ¶

func (ck *CertKit) GetCertPool() *x509.CertPool

func (*CertKit) GetDNSNames ¶

func (ck *CertKit) GetDNSNames() []string

func (*CertKit) GetPending ¶

func (ck *CertKit) GetPending() (map[string]interface{}, error)

List certificates from the pending subtree

func (*CertKit) GetServerCert ¶

func (ck *CertKit) GetServerCert() *x509.Certificate

func (*CertKit) GetServerKey ¶

func (ck *CertKit) GetServerKey() *rsa.PrivateKey

func (*CertKit) GetServerX509KeyPair ¶

func (ck *CertKit) GetServerX509KeyPair() tls.Certificate

func (*CertKit) GetTLSConfig ¶

func (ck *CertKit) GetTLSConfig(Access uint8) (*tls.Config, error)

func (ck *CertKit) GetTLSConfig(AuthRequired bool) (*tls.Config, error) {

func (*CertKit) GetTrusted ¶

func (ck *CertKit) GetTrusted() (map[string]interface{}, error)

List certificates from the trusted subtree

func (*CertKit) LoadUserData ¶

func (ck *CertKit) LoadUserData() error

func (CertKit) ReadCRL ¶

func (crtkit CertKit) ReadCRL(fname string) ([]byte, error)

Load in memory the Certificate Revogation List from the PemPath field of Service struct

func (CertKit) ReadCertFromReader ¶

func (crtkit CertKit) ReadCertFromReader(r io.Reader) (*x509.Certificate, []byte, error)

Load in memory and decodes the certificate from the reader

func (CertKit) ReadCertificate ¶

func (crtkit CertKit) ReadCertificate(fname string) (*x509.Certificate, []byte, error)

Open certificate file and call the reader

func (CertKit) ReadDecryptRsaPrivKey ¶

func (crtkit CertKit) ReadDecryptRsaPrivKey(fname string) (*rsa.PrivateKey, []byte, error)

func (CertKit) ReadDecryptRsaPrivKeyFromReader ¶

func (crtkit CertKit) ReadDecryptRsaPrivKeyFromReader(r io.Reader) (*rsa.PrivateKey, []byte, error)

func (CertKit) ReadRsaPrivKey ¶

func (crtkit CertKit) ReadRsaPrivKey(fname string) (*rsa.PrivateKey, []byte, error)

func (CertKit) ReadRsaPrivKeyFromReader ¶

func (crtkit CertKit) ReadRsaPrivKeyFromReader(r io.Reader) (*rsa.PrivateKey, []byte, error)

func (*CertKit) Reject ¶

func (ck *CertKit) Reject(id string) error

Remove a user certificate from the pending subtree (so, rejecting this user accesses)

func (*CertKit) SavePending ¶

func (ck *CertKit) SavePending(cert *x509.Certificate) error

Stores the certificate in the authorization pending subtree

func (CertKit) ServeHTTP ¶

func (svc CertKit) ServeHTTP(w http.ResponseWriter, r *http.Request)

func (*CertKit) SetCAYearValidity ¶

func (ck *CertKit) SetCAYearValidity(notBefore time.Time, validityCACert int)

func (*CertKit) SetClientYearValidity ¶

func (ck *CertKit) SetClientYearValidity(notBefore time.Time, validityClientCert int)

func (*CertKit) SetServerYearValidity ¶

func (ck *CertKit) SetServerYearValidity(notBefore time.Time, validityServerCert int)

func (*CertKit) Setup ¶

func (ck *CertKit) Setup(udata map[string]interface{}) error

func (*CertKit) StartCRLServer ¶

func (ck *CertKit) StartCRLServer(listenAddress string, listener *stonelizard.StoppableListener) error

func (*CertKit) Trust ¶

func (ck *CertKit) Trust(id string) error

Transfer a user certificate from the pending subtree to the trusted subtree (so, enabling this user accesses)

func (*CertKit) UpdNotAfter ¶

func (crtkit *CertKit) UpdNotAfter()

type CertkitG ¶

type CertkitG struct {
	Generator goose.Alert `json:"Generator"`
	Loader    goose.Alert `json:"Loader"`
	Serve     goose.Alert `json:"Serve"`
	Auth      goose.Alert `json:"Auth"`
}

var Goose CertkitG

type UserDB ¶

type UserDB struct {
	Cert *x509.Certificate
}

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL