store

package
v0.22.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Sep 3, 2021 License: Apache-2.0 Imports: 14 Imported by: 0

Documentation

Overview

Package store provides different methods to store a Public Key Infrastructure.

Index

Constants

View Source
const (
	LocalCertsDir = "certs"
	LocalKeysDir  = "keys"
	LocalCrlsDir  = "crls"
)

Predifined directory names.

Variables

This section is empty.

Functions

func InitCADir

func InitCADir(path string) error

InitCADir creates the basic structure of a CA subdirectory.

|- crlnumber
|- index.txt
|- index.txt.attr
|- serial
|- certs/
  |- ca.cert
  |- name.cert
|- keys/
  |- ca.key
  |- name.key

Types

type Local

type Local struct {
	Root string
}

Local lets us store a Certificate Authority on the local filesystem.

The structure used makes it compatible with openssl.

func (*Local) Add

func (l *Local) Add(caName, name string, isCa bool, key, cert []byte) error

Add adds the given bundle to the local filesystem.

func (*Local) AddCSR

func (l *Local) AddCSR(caName, name string, isCa bool, key, cert []byte) error

Add adds the given csr to the local filesystem.

func (*Local) AddKey

func (l *Local) AddKey(caName string, name string, key []byte) error

Add adds the given key to the local filesystem.

func (*Local) Chain

func (l *Local) Chain(caName, name string) error

Chain concats an intermediate cert and a newly signed certificate bundle and adds the chained cert to the store.

func (*Local) Exists

func (l *Local) Exists(caName, name string) bool

Exists checks if a certificate or private key already exist on the local filesystem for a given name.

func (*Local) Fetch

func (l *Local) Fetch(caName, name string) ([]byte, []byte, error)

Fetch fetchs the private key and certificate for a given name signed by caName.

func (*Local) FetchKeyBytes

func (l *Local) FetchKeyBytes(caName, name string) ([]byte, error)

Fetch fetchs the private key and certificate for a given name signed by caName.

func (*Local) Revoked

func (l *Local) Revoked(caName string) ([]pkix.RevokedCertificate, error)

Revoked returns a list of revoked certificates.

func (*Local) Update

func (l *Local) Update(caName string, sn *big.Int, st certificate.State) error

Update updates the state of a given certificate in the index.txt.

type Store

type Store interface {
	// Add adds a newly signed certificate bundle to the store.
	//
	// Args:
	//  The CA name, if the certificate was signed with an intermediate CA.
	//  The certificate bundle name.
	//  Is the bundle to add an intermediate CA.
	//  The raw private key.
	//  The raw certificate.
	//
	// Returns an error if it failed to store the bundle.
	Add(string, string, bool, []byte, []byte) error

	// Chain concats an intermediate cert and a newly signed certificate bundle and adds the chained cert to the store.
	//
	// Args:
	//  The intermediate CA name.
	//  The certificate bundle name.
	//
	// Returns an error if it failed to store the bundle.
	Chain(string, string) error

	// AddCSR adds a CSR to the store.
	//
	// Args:
	//  The CA name, if the certificate was signed with an intermediate CA.
	//  The CSR bundle name.
	//  Is the bundle to add an intermediate CA.
	//  The raw private key.
	//  The raw certificate.
	//
	// Returns an error if it failed to store the bundle.
	AddCSR(string, string, bool, []byte, []byte) error

	// Add adds a new private key to the store.
	//
	// Args:
	//  The intermediate CA name
	//  The Key name
	//  The raw private key.
	//
	// Returns an error if it failed to store the bundle.
	AddKey(string, string, []byte) error

	// Fetch fetches a certificate bundle from the store.
	//
	// Args:
	//   The CA name, if the certificate was signed with an intermediate CA.
	//   The name of the certificate bundle.
	//
	// Returns the raw private key and certificate respectively or an error.
	Fetch(string, string) ([]byte, []byte, error)

	// FetchKeyBytes fetches the private key of a certificate bundle from the store.
	//
	// Args:
	//   The CA name, if the certificate was signed with an intermediate CA.
	//   The name of the certificate bundle.
	//
	// Returns the raw private key or an error.
	FetchKeyBytes(string, string) ([]byte, error)

	// Update updates the state of a certificate. (Valid, Revoked, Expired)
	//
	// Args:
	//   The CA name, if the certificate was signed with an intermediate CA.
	//   The serial of the certificate to update.
	//   The new state.
	//
	// Returns an error if the update failed.
	Update(string, *big.Int, certificate.State) error

	// Revoked returns a list of revoked certificates for a given CA.
	//
	// Args:
	//   The CA name, if it is for an intermediate CA.
	//
	// Returns a list of revoked certificate or an error.
	Revoked(string) ([]pkix.RevokedCertificate, error)
}

Store reprents a way to store a Certificate Authority.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL