README
¶
certs
X.509 certificate generation and management code.
Documentation
¶
Index ¶
- Constants
- Variables
- func RootOnlyVerifyCertificate(caCertificate string, rawCerts [][]byte) error
- type Manager
- func (c *Manager) GenerateECCCertificate(caType string, commonName string, isCA bool, isClient bool) ([]byte, []byte)
- func (c *Manager) GenerateRSACertificate(caType string, commonName string, isCA bool, isClient bool) ([]byte, []byte)
- func (c *Manager) GetCertificate(caType string, keyType string, commonName string) ([]byte, []byte, error)
- func (c *Manager) GetECCCertificate(caType string, commonName string) ([]byte, []byte, error)
- func (c *Manager) GetRSACertificate(caType string, commonName string) ([]byte, []byte, error)
- func (c *Manager) GetUsersCA() (*x509.Certificate, *ecdsa.PrivateKey, error)
- func (c *Manager) GetUsersCAPEM() ([]byte, []byte, error)
- func (c *Manager) OpenTLSKeyLogFile() *os.File
- func (c *Manager) RemoveCertificate(caType string, keyType string, commonName string) error
- func (c *Manager) SaveUsersCA(cert, key []byte)
- func (c *Manager) UserClientGenerateCertificate(user string) ([]byte, []byte, error)
- func (c *Manager) UserClientGetCertificate(user string) ([]byte, []byte, error)
- func (c *Manager) UserClientListCertificates() []*x509.Certificate
- func (c *Manager) UserClientRemoveCertificate(user string) error
- func (c *Manager) UserServerGenerateCertificate() ([]byte, []byte, error)
- func (c *Manager) UserServerGetCertificate() ([]byte, []byte, error)
Constants ¶
const ( // ECCKey - Namespace for ECC keys. ECCKey = "ecc" // RSAKey - Namespace for RSA keys. RSAKey = "rsa" )
const ( // DefaultPort is the default team.Server listening port. // Should be 31415, but... go to hell with your endless limits. DefaultPort = 31416 )
Variables ¶
var ErrCertDoesNotExist = errors.New("Certificate does not exist")
ErrCertDoesNotExist - Returned if a GetCertificate() is called for a cert/cn that does not exist.
Functions ¶
func RootOnlyVerifyCertificate ¶
RootOnlyVerifyCertificate - Go doesn't provide a method for only skipping hostname validation so we have to disable all of the certificate validation and re-implement everything. https://github.com/golang/go/issues/21971
Types ¶
type Manager ¶
type Manager struct {
// contains filtered or unexported fields
}
Manager is used to manage the certificate infrastructure for a given teamserver. Has access to a given database for storage, a logger and an abstract filesystem.
func NewManager ¶
func NewManager(filesystem *assets.FS, db *gorm.DB, logger *logrus.Entry, appName, appDir string) *Manager
NewManager initializes and returns a certificate manager for a given teamserver. The returned manager will have ensured that all certificate authorities are initialized and working, or will create them if needed. Any critical error happening at initialization time will send a log.Fatal event to the provided logger. If the latter has no modified log.ExitFunc, this will make the server panic and exit.
func (*Manager) GenerateECCCertificate ¶
func (c *Manager) GenerateECCCertificate(caType string, commonName string, isCA bool, isClient bool) ([]byte, []byte)
GenerateECCCertificate - Generate a TLS certificate with the given parameters We choose some reasonable defaults like Curve, Key Size, ValidFor, etc. Returns two strings `cert` and `key` (PEM Encoded).
func (*Manager) GenerateRSACertificate ¶
func (c *Manager) GenerateRSACertificate(caType string, commonName string, isCA bool, isClient bool) ([]byte, []byte)
GenerateRSACertificate - Generates an RSA Certificate.
func (*Manager) GetCertificate ¶
func (c *Manager) GetCertificate(caType string, keyType string, commonName string) ([]byte, []byte, error)
GetCertificate - Get the PEM encoded certificate & key for a host.
func (*Manager) GetECCCertificate ¶
GetECCCertificate - Get an ECC certificate.
func (*Manager) GetRSACertificate ¶
GetRSACertificate - Get an RSA certificate.
func (*Manager) GetUsersCA ¶
func (c *Manager) GetUsersCA() (*x509.Certificate, *ecdsa.PrivateKey, error)
GetUsersCA returns the certificate authority for teamserver users.
func (*Manager) GetUsersCAPEM ¶
GetUsersCAPEM returns the certificate authority for teamserver users, PEM-encoded.
func (*Manager) OpenTLSKeyLogFile ¶
OpenTLSKeyLogFile returns an open file to the TLS keys log file, if the environment variable SSLKEYLOGFILE is defined.
func (*Manager) RemoveCertificate ¶
RemoveCertificate - Remove a certificate from the cert store.
func (*Manager) SaveUsersCA ¶
SaveUsersCA saves a user certificate authority (may contain several users).
func (*Manager) UserClientGenerateCertificate ¶
UserClientGenerateCertificate - Generate a certificate signed with a given CA.
func (*Manager) UserClientGetCertificate ¶
UserClientGetCertificate - Helper function to fetch a client cert.
func (*Manager) UserClientListCertificates ¶
func (c *Manager) UserClientListCertificates() []*x509.Certificate
UserClientListCertificates - Get all client certificates.
func (*Manager) UserClientRemoveCertificate ¶
UserClientRemoveCertificate - Helper function to remove a client cert.
func (*Manager) UserServerGenerateCertificate ¶
UserServerGenerateCertificate - Generate a certificate signed with a given CA.
Source Files