Documentation ¶
Index ¶
- Variables
- func CertChainToPEM(certChain []*x509.Certificate) ([]byte, error)
- func CertToKey(cert *x509.Certificate) data.PublicKey
- func CertToPEM(cert *x509.Certificate) []byte
- func CertsToKeys(leafCerts []*x509.Certificate, intCerts map[string][]*x509.Certificate) map[string]data.PublicKey
- func ECDSAToPrivateKey(ecdsaPrivKey *ecdsa.PrivateKey) (data.PrivateKey, error)
- func ED25519ToPrivateKey(privKeyBytes []byte) (data.PrivateKey, error)
- func EncryptPrivateKey(key data.PrivateKey, role, passphrase string) ([]byte, error)
- func FilterCertsExpiredSha1(cert *x509.Certificate) bool
- func FingerprintCert(cert *x509.Certificate) (string, error)
- func GenerateECDSAKey(random io.Reader) (data.PrivateKey, error)
- func GenerateED25519Key(random io.Reader) (data.PrivateKey, error)
- func GenerateRSAKey(random io.Reader, bits int) (data.PrivateKey, error)
- func GetCertFromURL(urlStr string) (*x509.Certificate, error)
- func GetIntermediateCerts(certs []*x509.Certificate) []*x509.Certificate
- func GetLeafCerts(certs []*x509.Certificate) []*x509.Certificate
- func GetPasswdDecryptBytes(passphraseRetriever passphrase.Retriever, pemBytes []byte, name, alias string) (data.PrivateKey, string, error)
- func KeyToPEM(privKey data.PrivateKey, role string) ([]byte, error)
- func LoadCertBundleFromFile(filename string) ([]*x509.Certificate, error)
- func LoadCertBundleFromPEM(pemBytes []byte) ([]*x509.Certificate, error)
- func LoadCertFromFile(filename string) (*x509.Certificate, error)
- func LoadCertFromPEM(pemBytes []byte) (*x509.Certificate, error)
- func NewCertificate(gun string, startTime, endTime time.Time) (*x509.Certificate, error)
- func ParsePEMPrivateKey(pemBytes []byte, passphrase string) (data.PrivateKey, error)
- func ParsePEMPublicKey(pubKeyBytes []byte) (data.PublicKey, error)
- func RSAToPrivateKey(rsaPrivKey *rsa.PrivateKey) (data.PrivateKey, error)
- func ReadRoleFromPEM(pemBytes []byte) string
- func ValidateCertificate(c *x509.Certificate) error
- func Verify(s X509Store, dnsName string, certList []*x509.Certificate) error
- func X509PublicKeyID(certPubKey data.PublicKey) (string, error)
- type CertID
- type ErrAttemptsExceeded
- type ErrBadCertificateStore
- type ErrCertExists
- type ErrCertValidation
- type ErrKeyNotFound
- type ErrNoCertificatesFound
- type ErrPasswordInvalid
- type KeyFileStore
- func (s *KeyFileStore) AddKey(keyInfo KeyInfo, privKey data.PrivateKey) error
- func (s *KeyFileStore) ExportKey(keyID string) ([]byte, error)
- func (s *KeyFileStore) GetKey(name string) (data.PrivateKey, string, error)
- func (s *KeyFileStore) GetKeyInfo(keyID string) (KeyInfo, error)
- func (s *KeyFileStore) ListKeys() map[string]KeyInfo
- func (s *KeyFileStore) Name() string
- func (s *KeyFileStore) RemoveKey(keyID string) error
- type KeyInfo
- type KeyMemoryStore
- func (s *KeyMemoryStore) AddKey(keyInfo KeyInfo, privKey data.PrivateKey) error
- func (s *KeyMemoryStore) ExportKey(keyID string) ([]byte, error)
- func (s *KeyMemoryStore) GetKey(name string) (data.PrivateKey, string, error)
- func (s *KeyMemoryStore) GetKeyInfo(keyID string) (KeyInfo, error)
- func (s *KeyMemoryStore) ListKeys() map[string]KeyInfo
- func (s *KeyMemoryStore) Name() string
- func (s *KeyMemoryStore) RemoveKey(keyID string) error
- type KeyStore
- type MemoryFileStore
- type SimpleFileStore
- func (f *SimpleFileStore) Add(name string, data []byte) error
- func (f *SimpleFileStore) BaseDir() string
- func (f *SimpleFileStore) Get(name string) ([]byte, error)
- func (f *SimpleFileStore) GetPath(name string) (string, error)
- func (f *SimpleFileStore) ListFiles() []string
- func (f *SimpleFileStore) Remove(name string) error
- type Storage
- type Validator
- type ValidatorFunc
- type X509FileStore
- func (s *X509FileStore) AddCert(cert *x509.Certificate) error
- func (s *X509FileStore) AddCertFromFile(filename string) error
- func (s X509FileStore) AddCertFromPEM(pemBytes []byte) error
- func (s *X509FileStore) Empty() bool
- func (s *X509FileStore) GetCertificateByCertID(certID string) (*x509.Certificate, error)
- func (s *X509FileStore) GetCertificatePool() *x509.CertPool
- func (s *X509FileStore) GetCertificates() []*x509.Certificate
- func (s *X509FileStore) GetCertificatesByCN(cn string) ([]*x509.Certificate, error)
- func (s *X509FileStore) GetVerifyOptions(dnsName string) (x509.VerifyOptions, error)
- func (s *X509FileStore) RemoveAll() error
- func (s *X509FileStore) RemoveCert(cert *x509.Certificate) error
- type X509MemStore
- func (s *X509MemStore) AddCert(cert *x509.Certificate) error
- func (s *X509MemStore) AddCertFromFile(originFilname string) error
- func (s *X509MemStore) AddCertFromPEM(pemBytes []byte) error
- func (s *X509MemStore) GetCertificateByCertID(certID string) (*x509.Certificate, error)
- func (s *X509MemStore) GetCertificatePool() *x509.CertPool
- func (s *X509MemStore) GetCertificates() []*x509.Certificate
- func (s *X509MemStore) GetCertificatesByCN(cn string) ([]*x509.Certificate, error)
- func (s *X509MemStore) GetVerifyOptions(dnsName string) (x509.VerifyOptions, error)
- func (s *X509MemStore) RemoveAll() error
- func (s *X509MemStore) RemoveCert(cert *x509.Certificate) error
- type X509Store
Constants ¶
This section is empty.
Variables ¶
var ( // ErrPathOutsideStore indicates that the returned path would be // outside the store ErrPathOutsideStore = errors.New("path outside file store") )
Functions ¶
func CertChainToPEM ¶ added in v0.3.0
func CertChainToPEM(certChain []*x509.Certificate) ([]byte, error)
CertChainToPEM is a utility function returns a PEM encoded chain of x509 Certificates, in the order they are passed
func CertToKey ¶
func CertToKey(cert *x509.Certificate) data.PublicKey
CertToKey transforms a single input certificate into its corresponding PublicKey
func CertToPEM ¶
func CertToPEM(cert *x509.Certificate) []byte
CertToPEM is a utility function returns a PEM encoded x509 Certificate
func CertsToKeys ¶
func CertsToKeys(leafCerts []*x509.Certificate, intCerts map[string][]*x509.Certificate) map[string]data.PublicKey
CertsToKeys transforms each of the input certificate chains into its corresponding PublicKey
func ECDSAToPrivateKey ¶
func ECDSAToPrivateKey(ecdsaPrivKey *ecdsa.PrivateKey) (data.PrivateKey, error)
ECDSAToPrivateKey converts an ecdsa.Private key to a TUF data.PrivateKey type
func ED25519ToPrivateKey ¶
func ED25519ToPrivateKey(privKeyBytes []byte) (data.PrivateKey, error)
ED25519ToPrivateKey converts a serialized ED25519 key to a TUF data.PrivateKey type
func EncryptPrivateKey ¶
func EncryptPrivateKey(key data.PrivateKey, role, passphrase string) ([]byte, error)
EncryptPrivateKey returns an encrypted PEM key given a Privatekey and a passphrase
func FilterCertsExpiredSha1 ¶
func FilterCertsExpiredSha1(cert *x509.Certificate) bool
FilterCertsExpiredSha1 can be used as the filter function to cert store initializers to filter out all expired or SHA-1 certificate that we shouldn't load.
func FingerprintCert ¶
func FingerprintCert(cert *x509.Certificate) (string, error)
FingerprintCert returns a TUF compliant fingerprint for a X509 Certificate
func GenerateECDSAKey ¶
func GenerateECDSAKey(random io.Reader) (data.PrivateKey, error)
GenerateECDSAKey generates an ECDSA Private key and returns a TUF PrivateKey
func GenerateED25519Key ¶
func GenerateED25519Key(random io.Reader) (data.PrivateKey, error)
GenerateED25519Key generates an ED25519 private key and returns a TUF PrivateKey. The serialization format we use is just the public key bytes followed by the private key bytes
func GenerateRSAKey ¶
GenerateRSAKey generates an RSA private key and returns a TUF PrivateKey
func GetCertFromURL ¶
func GetCertFromURL(urlStr string) (*x509.Certificate, error)
GetCertFromURL tries to get a X509 certificate given a HTTPS URL
func GetIntermediateCerts ¶
func GetIntermediateCerts(certs []*x509.Certificate) []*x509.Certificate
GetIntermediateCerts parses a list of x509 Certificates and returns all of the ones marked as a CA, to be used as intermediates
func GetLeafCerts ¶
func GetLeafCerts(certs []*x509.Certificate) []*x509.Certificate
GetLeafCerts parses a list of x509 Certificates and returns all of them that aren't CA
func GetPasswdDecryptBytes ¶
func GetPasswdDecryptBytes(passphraseRetriever passphrase.Retriever, pemBytes []byte, name, alias string) (data.PrivateKey, string, error)
GetPasswdDecryptBytes gets the password to decrypt the given pem bytes. Returns the password and private key
func KeyToPEM ¶
func KeyToPEM(privKey data.PrivateKey, role string) ([]byte, error)
KeyToPEM returns a PEM encoded key from a Private Key
func LoadCertBundleFromFile ¶
func LoadCertBundleFromFile(filename string) ([]*x509.Certificate, error)
LoadCertBundleFromFile loads certificates from the []byte provided. The data is expected to be PEM Encoded and contain one of more certificates with PEM type "CERTIFICATE"
func LoadCertBundleFromPEM ¶
func LoadCertBundleFromPEM(pemBytes []byte) ([]*x509.Certificate, error)
LoadCertBundleFromPEM loads certificates from the []byte provided. The data is expected to be PEM Encoded and contain one of more certificates with PEM type "CERTIFICATE"
func LoadCertFromFile ¶
func LoadCertFromFile(filename string) (*x509.Certificate, error)
LoadCertFromFile loads the first certificate from the file provided. The data is expected to be PEM Encoded and contain one of more certificates with PEM type "CERTIFICATE"
func LoadCertFromPEM ¶
func LoadCertFromPEM(pemBytes []byte) (*x509.Certificate, error)
LoadCertFromPEM returns the first certificate found in a bunch of bytes or error if nothing is found. Taken from https://golang.org/src/crypto/x509/cert_pool.go#L85.
func NewCertificate ¶
NewCertificate returns an X509 Certificate following a template, given a GUN and validity interval.
func ParsePEMPrivateKey ¶
func ParsePEMPrivateKey(pemBytes []byte, passphrase string) (data.PrivateKey, error)
ParsePEMPrivateKey returns a data.PrivateKey from a PEM encoded private key. It only supports RSA (PKCS#1) and attempts to decrypt using the passphrase, if encrypted.
func ParsePEMPublicKey ¶
ParsePEMPublicKey returns a data.PublicKey from a PEM encoded public key or certificate.
func RSAToPrivateKey ¶
func RSAToPrivateKey(rsaPrivKey *rsa.PrivateKey) (data.PrivateKey, error)
RSAToPrivateKey converts an rsa.Private key to a TUF data.PrivateKey type
func ReadRoleFromPEM ¶
ReadRoleFromPEM returns the value from the role PEM header, if it exists
func ValidateCertificate ¶
func ValidateCertificate(c *x509.Certificate) error
ValidateCertificate returns an error if the certificate is not valid for notary Currently this is only a time expiry check, and ensuring the public key has a large enough modulus if RSA
func Verify ¶
func Verify(s X509Store, dnsName string, certList []*x509.Certificate) error
Verify operates on an X509Store and validates the existence of a chain of trust between a leafCertificate and a CA present inside of the X509 Store. It requires at least two certificates in certList, a leaf Certificate and an intermediate CA certificate.
Types ¶
type ErrAttemptsExceeded ¶
type ErrAttemptsExceeded struct{}
ErrAttemptsExceeded is returned when too many attempts have been made to decrypt a key
func (ErrAttemptsExceeded) Error ¶
func (err ErrAttemptsExceeded) Error() string
ErrAttemptsExceeded is returned when too many attempts have been made to decrypt a key
type ErrBadCertificateStore ¶
type ErrBadCertificateStore struct { }
ErrBadCertificateStore is returned when there is an internal inconsistency in our x509 store
func (ErrBadCertificateStore) Error ¶
func (err ErrBadCertificateStore) Error() string
ErrBadCertificateStore is returned when there is an internal inconsistency in our x509 store
type ErrCertExists ¶
type ErrCertExists struct { }
ErrCertExists is returned when a Certificate already exists in the key store
func (ErrCertExists) Error ¶
func (err ErrCertExists) Error() string
ErrCertExists is returned when a Certificate already exists in the key store
type ErrCertValidation ¶
type ErrCertValidation struct { }
ErrCertValidation is returned when a certificate doesn't pass the store specific validations
func (ErrCertValidation) Error ¶
func (err ErrCertValidation) Error() string
ErrCertValidation is returned when a certificate doesn't pass the store specific validations
type ErrKeyNotFound ¶
type ErrKeyNotFound struct {
KeyID string
}
ErrKeyNotFound is returned when the keystore fails to retrieve a specific key.
func (ErrKeyNotFound) Error ¶
func (err ErrKeyNotFound) Error() string
ErrKeyNotFound is returned when the keystore fails to retrieve a specific key.
type ErrNoCertificatesFound ¶
type ErrNoCertificatesFound struct {
// contains filtered or unexported fields
}
ErrNoCertificatesFound is returned when no certificates are found for a GetCertificatesBy*
func (ErrNoCertificatesFound) Error ¶
func (err ErrNoCertificatesFound) Error() string
ErrNoCertificatesFound is returned when no certificates are found for a GetCertificatesBy*
type ErrPasswordInvalid ¶
type ErrPasswordInvalid struct{}
ErrPasswordInvalid is returned when signing fails. It could also mean the signing key file was corrupted, but we have no way to distinguish.
func (ErrPasswordInvalid) Error ¶
func (err ErrPasswordInvalid) Error() string
ErrPasswordInvalid is returned when signing fails. It could also mean the signing key file was corrupted, but we have no way to distinguish.
type KeyFileStore ¶
type KeyFileStore struct { sync.Mutex SimpleFileStore passphrase.Retriever // contains filtered or unexported fields }
KeyFileStore persists and manages private keys on disk
func NewKeyFileStore ¶
func NewKeyFileStore(baseDir string, passphraseRetriever passphrase.Retriever) (*KeyFileStore, error)
NewKeyFileStore returns a new KeyFileStore creating a private directory to hold the keys.
func (*KeyFileStore) AddKey ¶
func (s *KeyFileStore) AddKey(keyInfo KeyInfo, privKey data.PrivateKey) error
AddKey stores the contents of a PEM-encoded private key as a PEM block
func (*KeyFileStore) ExportKey ¶
func (s *KeyFileStore) ExportKey(keyID string) ([]byte, error)
ExportKey exports the encrypted bytes from the keystore
func (*KeyFileStore) GetKey ¶
func (s *KeyFileStore) GetKey(name string) (data.PrivateKey, string, error)
GetKey returns the PrivateKey given a KeyID
func (*KeyFileStore) GetKeyInfo ¶ added in v0.3.0
func (s *KeyFileStore) GetKeyInfo(keyID string) (KeyInfo, error)
GetKeyInfo returns the corresponding gun and role key info for a keyID
func (*KeyFileStore) ListKeys ¶
func (s *KeyFileStore) ListKeys() map[string]KeyInfo
ListKeys returns a list of unique PublicKeys present on the KeyFileStore, by returning a copy of the keyInfoMap
func (*KeyFileStore) Name ¶
func (s *KeyFileStore) Name() string
Name returns a user friendly name for the location this store keeps its data
func (*KeyFileStore) RemoveKey ¶
func (s *KeyFileStore) RemoveKey(keyID string) error
RemoveKey removes the key from the keyfilestore
type KeyInfo ¶ added in v0.3.0
KeyInfo stores the role, path, and gun for a corresponding private key ID It is assumed that each private key ID is unique
type KeyMemoryStore ¶
type KeyMemoryStore struct { sync.Mutex MemoryFileStore passphrase.Retriever // contains filtered or unexported fields }
KeyMemoryStore manages private keys in memory
func NewKeyMemoryStore ¶
func NewKeyMemoryStore(passphraseRetriever passphrase.Retriever) *KeyMemoryStore
NewKeyMemoryStore returns a new KeyMemoryStore which holds keys in memory
func (*KeyMemoryStore) AddKey ¶
func (s *KeyMemoryStore) AddKey(keyInfo KeyInfo, privKey data.PrivateKey) error
AddKey stores the contents of a PEM-encoded private key as a PEM block
func (*KeyMemoryStore) ExportKey ¶
func (s *KeyMemoryStore) ExportKey(keyID string) ([]byte, error)
ExportKey exports the encrypted bytes from the keystore
func (*KeyMemoryStore) GetKey ¶
func (s *KeyMemoryStore) GetKey(name string) (data.PrivateKey, string, error)
GetKey returns the PrivateKey given a KeyID
func (*KeyMemoryStore) GetKeyInfo ¶ added in v0.3.0
func (s *KeyMemoryStore) GetKeyInfo(keyID string) (KeyInfo, error)
GetKeyInfo returns the corresponding gun and role key info for a keyID
func (*KeyMemoryStore) ListKeys ¶
func (s *KeyMemoryStore) ListKeys() map[string]KeyInfo
ListKeys returns a list of unique PublicKeys present on the KeyFileStore, by returning a copy of the keyInfoMap
func (*KeyMemoryStore) Name ¶
func (s *KeyMemoryStore) Name() string
Name returns a user friendly name for the location this store keeps its data
func (*KeyMemoryStore) RemoveKey ¶
func (s *KeyMemoryStore) RemoveKey(keyID string) error
RemoveKey removes the key from the keystore
type KeyStore ¶
type KeyStore interface { // AddKey adds a key to the KeyStore, and if the key already exists, // succeeds. Otherwise, returns an error if it cannot add. AddKey(keyInfo KeyInfo, privKey data.PrivateKey) error // Should fail with ErrKeyNotFound if the keystore is operating normally // and knows that it does not store the requested key. GetKey(keyID string) (data.PrivateKey, string, error) GetKeyInfo(keyID string) (KeyInfo, error) ListKeys() map[string]KeyInfo RemoveKey(keyID string) error ExportKey(keyID string) ([]byte, error) Name() string }
KeyStore is a generic interface for private key storage
type MemoryFileStore ¶
MemoryFileStore is an implementation of Storage that keeps the contents in memory.
func NewMemoryFileStore ¶
func NewMemoryFileStore() *MemoryFileStore
NewMemoryFileStore creates a MemoryFileStore
func (*MemoryFileStore) Add ¶
func (f *MemoryFileStore) Add(name string, data []byte) error
Add writes data to a file with a given name
func (*MemoryFileStore) Get ¶
func (f *MemoryFileStore) Get(name string) ([]byte, error)
Get returns the data given a file name
func (*MemoryFileStore) ListFiles ¶
func (f *MemoryFileStore) ListFiles() []string
ListFiles lists all the files inside of a store
func (*MemoryFileStore) Remove ¶
func (f *MemoryFileStore) Remove(name string) error
Remove removes a file identified by name
type SimpleFileStore ¶
type SimpleFileStore struct {
// contains filtered or unexported fields
}
SimpleFileStore implements FileStore
func NewFileStore ¶ added in v0.3.0
func NewFileStore(baseDir, fileExt string, perms os.FileMode) (*SimpleFileStore, error)
NewFileStore creates a fully configurable file store
func NewPrivateSimpleFileStore ¶
func NewPrivateSimpleFileStore(baseDir, fileExt string) (*SimpleFileStore, error)
NewPrivateSimpleFileStore is a wrapper to create an owner readable/writeable _only_ filestore
func NewSimpleFileStore ¶
func NewSimpleFileStore(baseDir, fileExt string) (*SimpleFileStore, error)
NewSimpleFileStore is a convenience wrapper to create a world readable, owner writeable filestore
func (*SimpleFileStore) Add ¶
func (f *SimpleFileStore) Add(name string, data []byte) error
Add writes data to a file with a given name
func (*SimpleFileStore) BaseDir ¶
func (f *SimpleFileStore) BaseDir() string
BaseDir returns the base directory of the filestore
func (*SimpleFileStore) Get ¶
func (f *SimpleFileStore) Get(name string) ([]byte, error)
Get returns the data given a file name
func (*SimpleFileStore) GetPath ¶
func (f *SimpleFileStore) GetPath(name string) (string, error)
GetPath returns the full final path of a file with a given name
func (*SimpleFileStore) ListFiles ¶
func (f *SimpleFileStore) ListFiles() []string
ListFiles lists all the files inside of a store
func (*SimpleFileStore) Remove ¶
func (f *SimpleFileStore) Remove(name string) error
Remove removes a file identified by name
type Storage ¶ added in v0.3.0
type Storage interface { // Add writes a file to the specified location, returning an error if this // is not possible (reasons may include permissions errors). The path is cleaned // before being made absolute against the store's base dir. Add(fileName string, data []byte) error // Remove deletes a file from the store relative to the store's base directory. // The path is cleaned before being made absolute to ensure no path traversal // outside the base directory is possible. Remove(fileName string) error // Get returns the file content found at fileName relative to the base directory // of the file store. The path is cleaned before being made absolute to ensure // path traversal outside the store is not possible. If the file is not found // an error to that effect is returned. Get(fileName string) ([]byte, error) // ListFiles returns a list of paths relative to the base directory of the // filestore. Any of these paths must be retrievable via the // Storage.Get method. ListFiles() []string }
Storage implements the bare bones primitives (no hierarchy)
type Validator ¶
type Validator interface {
Validate(cert *x509.Certificate) bool
}
Validator is a convenience type to create validating function that filters certificates that get added to the store
type ValidatorFunc ¶
type ValidatorFunc func(cert *x509.Certificate) bool
ValidatorFunc is a convenience type to create functions that implement the Validator interface
func (ValidatorFunc) Validate ¶
func (vf ValidatorFunc) Validate(cert *x509.Certificate) bool
Validate implements the Validator interface to allow for any func() bool method to be passed as a Validator
type X509FileStore ¶
type X509FileStore struct {
// contains filtered or unexported fields
}
X509FileStore implements X509Store that persists on disk
func NewX509FileStore ¶
func NewX509FileStore(directory string) (*X509FileStore, error)
NewX509FileStore returns a new X509FileStore.
func NewX509FilteredFileStore ¶
func NewX509FilteredFileStore(directory string, validate func(*x509.Certificate) bool) (*X509FileStore, error)
NewX509FilteredFileStore returns a new X509FileStore that validates certificates that are added.
func (*X509FileStore) AddCert ¶
func (s *X509FileStore) AddCert(cert *x509.Certificate) error
AddCert creates a filename for a given cert and adds a certificate with that name
func (*X509FileStore) AddCertFromFile ¶
func (s *X509FileStore) AddCertFromFile(filename string) error
AddCertFromFile tries to adds a X509 certificate to the store given a filename
func (X509FileStore) AddCertFromPEM ¶
func (s X509FileStore) AddCertFromPEM(pemBytes []byte) error
AddCertFromPEM adds the first certificate that it finds in the byte[], returning an error if no Certificates are found
func (*X509FileStore) Empty ¶
func (s *X509FileStore) Empty() bool
Empty returns true if there are no certificates in the X509FileStore, false otherwise.
func (*X509FileStore) GetCertificateByCertID ¶
func (s *X509FileStore) GetCertificateByCertID(certID string) (*x509.Certificate, error)
GetCertificateByCertID returns the certificate that matches a certain certID
func (*X509FileStore) GetCertificatePool ¶
func (s *X509FileStore) GetCertificatePool() *x509.CertPool
GetCertificatePool returns an x509 CertPool loaded with all the certificates in the store.
func (*X509FileStore) GetCertificates ¶
func (s *X509FileStore) GetCertificates() []*x509.Certificate
GetCertificates returns an array with all of the current X509 Certificates.
func (*X509FileStore) GetCertificatesByCN ¶
func (s *X509FileStore) GetCertificatesByCN(cn string) ([]*x509.Certificate, error)
GetCertificatesByCN returns all the certificates that match a specific CommonName
func (*X509FileStore) GetVerifyOptions ¶
func (s *X509FileStore) GetVerifyOptions(dnsName string) (x509.VerifyOptions, error)
GetVerifyOptions returns VerifyOptions with the certificates within the KeyStore as part of the roots list. This never allows the use of system roots, returning an error if there are no root CAs.
func (*X509FileStore) RemoveAll ¶
func (s *X509FileStore) RemoveAll() error
RemoveAll removes all the certificates from the store
func (*X509FileStore) RemoveCert ¶
func (s *X509FileStore) RemoveCert(cert *x509.Certificate) error
RemoveCert removes a certificate from a X509FileStore.
type X509MemStore ¶
type X509MemStore struct {
// contains filtered or unexported fields
}
X509MemStore implements X509Store as an in-memory object with no persistence
func NewX509FilteredMemStore ¶
func NewX509FilteredMemStore(validate func(*x509.Certificate) bool) *X509MemStore
NewX509FilteredMemStore returns a new X509Memstore that validates certificates that are added.
func NewX509MemStore ¶
func NewX509MemStore() *X509MemStore
NewX509MemStore returns a new X509MemStore.
func (*X509MemStore) AddCert ¶
func (s *X509MemStore) AddCert(cert *x509.Certificate) error
AddCert adds a certificate to the store
func (*X509MemStore) AddCertFromFile ¶
func (s *X509MemStore) AddCertFromFile(originFilname string) error
AddCertFromFile tries to adds a X509 certificate to the store given a filename
func (*X509MemStore) AddCertFromPEM ¶
func (s *X509MemStore) AddCertFromPEM(pemBytes []byte) error
AddCertFromPEM adds a certificate to the store from a PEM blob
func (*X509MemStore) GetCertificateByCertID ¶
func (s *X509MemStore) GetCertificateByCertID(certID string) (*x509.Certificate, error)
GetCertificateByCertID returns the certificate that matches a certain certID
func (*X509MemStore) GetCertificatePool ¶
func (s *X509MemStore) GetCertificatePool() *x509.CertPool
GetCertificatePool returns an x509 CertPool loaded with all the certificates in the store.
func (*X509MemStore) GetCertificates ¶
func (s *X509MemStore) GetCertificates() []*x509.Certificate
GetCertificates returns an array with all of the current X509 Certificates.
func (*X509MemStore) GetCertificatesByCN ¶
func (s *X509MemStore) GetCertificatesByCN(cn string) ([]*x509.Certificate, error)
GetCertificatesByCN returns all the certificates that match a specific CommonName
func (*X509MemStore) GetVerifyOptions ¶
func (s *X509MemStore) GetVerifyOptions(dnsName string) (x509.VerifyOptions, error)
GetVerifyOptions returns VerifyOptions with the certificates within the KeyStore as part of the roots list. This never allows the use of system roots, returning an error if there are no root CAs.
func (*X509MemStore) RemoveAll ¶
func (s *X509MemStore) RemoveAll() error
RemoveAll removes all the certificates from the store
func (*X509MemStore) RemoveCert ¶
func (s *X509MemStore) RemoveCert(cert *x509.Certificate) error
RemoveCert removes a certificate from a X509MemStore.
type X509Store ¶
type X509Store interface { AddCert(cert *x509.Certificate) error AddCertFromPEM(pemCerts []byte) error AddCertFromFile(filename string) error RemoveCert(cert *x509.Certificate) error RemoveAll() error GetCertificateByCertID(certID string) (*x509.Certificate, error) GetCertificatesByCN(cn string) ([]*x509.Certificate, error) GetCertificates() []*x509.Certificate GetCertificatePool() *x509.CertPool GetVerifyOptions(dnsName string) (x509.VerifyOptions, error) }
X509Store is the interface for all X509Stores