depot

package
v0.0.7 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Mar 24, 2024 License: MIT Imports: 10 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type CACert

type CACert struct {
	// contains filtered or unexported fields
}

CACert represents a new self-signed CA certificate

func NewCACert

func NewCACert(opts ...CACertOption) *CACert

NewCACert creates a new CACert object with options

func (*CACert) SelfSign

func (c *CACert) SelfSign(rand io.Reader, pub crypto.PublicKey, priv interface{}) ([]byte, error)

SelfSign creates an x509 template based off our settings and self-signs it using priv.

type CACertOption

type CACertOption func(*CACert)

func WithCommonName

func WithCommonName(name string) CACertOption

WithCommonName specifies the CommonName on the CA template.

func WithCountry

func WithCountry(country string) CACertOption

WithCountry specifies the Country on the CA template.

func WithKeyUsage

func WithKeyUsage(usage x509.KeyUsage) CACertOption

WithKeyUsage specifies the X.509 Key Usage on the CA template.

func WithOrganization

func WithOrganization(o string) CACertOption

WithOrganization specifies the Organization on the CA template.

func WithOrganizationalUnit

func WithOrganizationalUnit(ou string) CACertOption

WithOrganizationalUnit specifies the OrganizationalUnit on the CA template.

func WithYears

func WithYears(y int) CACertOption

WithYears specifies the validity date of the CA.

type Depot

type Depot interface {
	CA(pass []byte) ([]*x509.Certificate, *rsa.PrivateKey, error)
	Put(name string, crt *x509.Certificate, challenge string, putUrl string) error
	Serial() (*big.Int, error)
	HasCN(cn string, allowTime int, cert *x509.Certificate, revokeOldCertificate bool) (bool, error)
}

Depot is a repository for managing certificates

type Option

type Option func(*Signer)

Option customizes Signer

func WithAllowRenewalDays

func WithAllowRenewalDays(r int) Option

WithAllowRenewalDays sets the allowable renewal time for existing certs

func WithCAPass

func WithCAPass(pass string) Option

WithCAPass specifies the password to use with an encrypted CA key

func WithSeverAttrs

func WithSeverAttrs() Option

func WithSignatureAlgorithm

func WithSignatureAlgorithm(a x509.SignatureAlgorithm) Option

WithSignatureAlgorithm sets the signature algorithm to be used to sign certificates. When set to a non-zero value, this would take preference over the default behaviour of matching the signing algorithm from the x509 CSR.

func WithValidityDays

func WithValidityDays(v int) Option

WithValidityDays sets the validity period new certs will use

type Signer

type Signer struct {
	// contains filtered or unexported fields
}

Signer signs x509 certificates and stores them in a Depot

func NewSigner

func NewSigner(depot Depot, opts ...Option) *Signer

NewSigner creates a new Signer

func (*Signer) SignCSR

func (s *Signer) SignCSR(m *scep.CSRReqMessage, putUrl string) (*x509.Certificate, error)

SignCSR signs a certificate using Signer's Depot CA

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL