README
¶
security
The security package provides a simple way to quickly generate self-signed certificates.
Example
package main
import (
"log"
"github.com/samherrmann/serveit/security"
)
func main() {
// 1. Define the chain of trust
chain := &security.ChainOfTrust{
Filename: "my_app.crt",
KeyFilename: "my_app.key",
Subject: &security.Subject{
CommonName: "My Awesome App Name",
Organization: []string{"My Awesome App Making Company Inc."},
Country: []string{"CA"},
Province: []string{"ON"},
Locality: []string{"Ottawa"},
},
Days: 3650,
Hosts: []string{"localhost,192.168.0.1,example.com"},
Parent: &security.ChainOfTrust{
Filename: "my_root_ca.crt",
KeyFilename: "my_root_ca.key",
KeyPassword: "mysecurepassword",
Subject: &security.Subject{
CommonName: "My Awesome Certificate Authority",
Organization: []string{"My Awesome Certificate Authority"},
Country: []string{"CA"},
Province: []string{"ON"},
Locality: []string{"Ottawa"},
},
Days: 3650,
},
}
// 2. Create the RSA private key and x.509 certificate files.
if err := security.WriteChainOfTrustFiles(chain, 0600); err != nil {
log.Fatalln(err)
}
}
The code above writes the following files to the working directory:
my_root_ca.keymy_root_ca.crtmy_app.keymy_app.crt
Documentation
¶
Index ¶
- func CreateSerialNumber() (*big.Int, error)
- func ReadCertFile(filename string) (*x509.Certificate, error)
- func ReadKeyFile(filename, password string) (*rsa.PrivateKey, error)
- func WriteCertFile(chain *ChainOfTrust, perm os.FileMode) error
- func WriteChainOfTrustFiles(chain *ChainOfTrust, perm os.FileMode) error
- func WriteKeyFile(filename, password string, perm os.FileMode) error
- type ChainOfTrust
- type Subject
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func CreateSerialNumber ¶ added in v0.8.0
CreateSerialNumber creates a random serial number that is a maximum length of 20 bytes. See https://tools.ietf.org/html/rfc3280#appendix-B
func ReadCertFile ¶ added in v0.8.0
func ReadCertFile(filename string) (*x509.Certificate, error)
ReadCertFile returns the x.509v3 certificate from the file named by the provided filename.
func ReadKeyFile ¶ added in v0.8.0
func ReadKeyFile(filename, password string) (*rsa.PrivateKey, error)
ReadKeyFile returns the RSA private key from the file named by the provided filename. If the password is not an empty string then it's used to decrypt the PEM block.
func WriteCertFile ¶ added in v0.8.0
func WriteCertFile(chain *ChainOfTrust, perm os.FileMode) error
WriteCertFile creates a X.509v3 certificate for the first level in the given chain and writes it to the file named by the provided filename. Note that the file named by filename must not exist or an error is returned. A file-exist error may be checked with errors.Is(err, os.ErrExist). The file is created with the given perm mode.
func WriteChainOfTrustFiles ¶ added in v0.8.0
func WriteChainOfTrustFiles(chain *ChainOfTrust, perm os.FileMode) error
WriteChainOfTrustFiles writes all RSA private keys and x.509 certificates defined in ChainOfTrust. If the files defined in the chain of trust already exist they are not overwritten and no error is returned.
func WriteKeyFile ¶ added in v0.8.0
WriteKeyFile creates a RSA private key and writes it to the file named by the provided filename. The key is written as a PEM block. If the password is not an empty string then the PEM block is encrypted using the password. The file named by filename must not exist or an error is returned. A file-exist error may be checked with errors.Is(err, os.ErrExist). The file is created with the given perm mode.
Types ¶
type ChainOfTrust ¶ added in v0.8.0
type ChainOfTrust struct {
// Parent is the parent link in the chain of trust.
Parent *ChainOfTrust
// Days is the number of days for which the certificate is valid.
Days int
// Subject is x.509 certificate subject.
Subject *Subject
// Hosts is a list of domain names and/or IP addresses.
Hosts []string
// Filename is the filename of the file containing the x.509 certificate.
Filename string
// KeyFilename is the filename of the file containing the RSA private key.
KeyFilename string
// KeyPassword is the password used to encrypt the RSA private key PEM block.
// If no password is provided (i.e. empty string) then the PEM block is not
// encrypted.
KeyPassword string
// contains filtered or unexported fields
}
ChainOfTrust defines a chain of x.509 certificates and RSA private keys.
Source Files