Documentation
¶
Index ¶
- Constants
- func CheckCertificate(d Depot, name string) bool
- func CheckCertificateSigningRequest(d Depot, name string) bool
- func CheckPrivateKey(d Depot, name string) bool
- func DeleteCertificate(d Depot, name string) error
- func DeleteCertificateSigningRequest(d Depot, name string) error
- func GetCertificate(d Depot, name string) (crt *pkix.Certificate, err error)
- func GetCertificateRevocationList(d Depot, name string) (*pkix.CertificateRevocationList, error)
- func GetCertificateSigningRequest(d Depot, name string) (crt *pkix.CertificateSigningRequest, err error)
- func GetEncryptedPrivateKey(d Depot, name string, passphrase []byte) (key *pkix.Key, err error)
- func GetNameFromCrlTag(tag *Tag) string
- func GetNameFromCrtTag(tag *Tag) string
- func GetNameFromCsrTag(tag *Tag) string
- func GetNameFromPrivKeyTag(tag *Tag) string
- func GetPrivateKey(d Depot, name string) (key *pkix.Key, err error)
- func PutCertificate(d Depot, name string, crt *pkix.Certificate) error
- func PutCertificateRevocationList(d Depot, name string, crl *pkix.CertificateRevocationList) error
- func PutCertificateSigningRequest(d Depot, name string, csr *pkix.CertificateSigningRequest) error
- func PutEncryptedPrivateKey(d Depot, name string, key *pkix.Key, passphrase []byte) error
- func PutPrivateKey(d Depot, name string, key *pkix.Key) error
- type Depot
- type File
- type FileDepot
- type Tag
Constants ¶
const ( BranchPerm = 0440 LeafPerm = 0444 )
const (
// DefaultFileDepotDir is the default directory where .key/.csr/.crt files can be found
DefaultFileDepotDir = "out"
)
Variables ¶
This section is empty.
Functions ¶
func CheckCertificate ¶
CheckCertificate checks the depot for existence of a certificate file for a given CA name
func CheckCertificateSigningRequest ¶
CheckCertificateSigningRequest checks the depot for existence of a certificate signing request file for a given host name
func CheckPrivateKey ¶
CheckPrivateKey checks the depot for existence of a private key file for a given name
func DeleteCertificate ¶
DeleteCertificate removes a certificate file for a given name from the depot
func DeleteCertificateSigningRequest ¶
DeleteCertificateSigningRequest removes a certificate signing request file for a given host name from the depot
func GetCertificate ¶
func GetCertificate(d Depot, name string) (crt *pkix.Certificate, err error)
GetCertificate retrieves a certificate file for a given name from the depot
func GetCertificateRevocationList ¶ added in v1.2.0
func GetCertificateRevocationList(d Depot, name string) (*pkix.CertificateRevocationList, error)
GetCertificateRevocationList gets a CRL file for a given name and ca in the depot.
func GetCertificateSigningRequest ¶
func GetCertificateSigningRequest(d Depot, name string) (crt *pkix.CertificateSigningRequest, err error)
GetCertificateSigningRequest retrieves a certificate signing request file for a given host name from the depot
func GetEncryptedPrivateKey ¶
GetEncryptedPrivateKey retrieves an encrypted private key file for a given name from the depot
func GetNameFromCrlTag ¶ added in v1.2.0
GetNameFromCrlTag returns the host name from a certificate revocation list file tag
func GetNameFromCrtTag ¶
GetNameFromCrtTag returns the host name from a certificate file tag
func GetNameFromCsrTag ¶ added in v1.2.0
GetNameFromCsrTag returns the host name from a certificate request file tag
func GetNameFromPrivKeyTag ¶ added in v1.2.0
GetNameFromPrivKeyTag returns the host name from a private key file tag
func GetPrivateKey ¶
GetPrivateKey retrieves a private key file for a given name from the depot
func PutCertificate ¶
func PutCertificate(d Depot, name string, crt *pkix.Certificate) error
PutCertificate creates a certificate file for a given CA name in the depot
func PutCertificateRevocationList ¶
func PutCertificateRevocationList(d Depot, name string, crl *pkix.CertificateRevocationList) error
PutCertificateRevocationList creates a CRL file for a given name and ca in the depot
func PutCertificateSigningRequest ¶
func PutCertificateSigningRequest(d Depot, name string, csr *pkix.CertificateSigningRequest) error
PutCertificateSigningRequest creates a certificate signing request file for a given name and csr in the depot
func PutEncryptedPrivateKey ¶
PutEncryptedPrivateKey creates an encrypted private key file for a given name in the depot
Types ¶
type Depot ¶
type Depot interface {
Put(tag *Tag, data []byte) error
Check(tag *Tag) bool
Get(tag *Tag) ([]byte, error)
Delete(tag *Tag) error
}
Depot is in charge of data storage
type FileDepot ¶
type FileDepot struct {
// contains filtered or unexported fields
}
FileDepot is a implementation of Depot using file system
func NewFileDepot ¶
NewFileDepot creates a new Depot at the specified path
func (*FileDepot) Check ¶
Check returns whether the file at the tag location exists and has permissions at least as restrictive as the given tag.
type Tag ¶
type Tag struct {
// contains filtered or unexported fields
}
Tag includes name and permission requirement Permission requirement is used in two ways: 1. Set the permission for data when Put 2. Check the permission required when Get It is set to prevent attacks from other users for FileDepot. For example, 'evil' creates file ca.key with 0666 file perm, 'core' reads it and uses it as ca.key. It may cause the security problem of fake certificate and key.
func PrivKeyTag ¶
PrivKeyTag returns a tag corresponding to a private key
Source Files