Documentation ¶
Overview ¶
Package p11support provides the interface to PKCS#11 tokens.
Index ¶
- Variables
- type P11Support
- func (s *P11Support) BuildNewCSR(fqdn string, deleteExisting bool) ([]byte, error)
- func (s *P11Support) GetExistingCertificate() (*x509.Certificate, error)
- func (s *P11Support) NewP11TokenCert() ([]tls.Certificate, *x509.Certificate, []byte, error)
- func (s *P11Support) StoreCertificate(certificate *x509.Certificate) error
Constants ¶
This section is empty.
Variables ¶
var ErrNoTokenFound = errors.New("no matching token found")
ErrNoTokenFound is used to signal that there is no usable token available.
Functions ¶
This section is empty.
Types ¶
type P11Support ¶
type P11Support struct {
// contains filtered or unexported fields
}
P11Support encapsulates PKCS#11 token functionality.
func New ¶
func New(p11Module, p11Uri, keyAlgorithm, keyParameter string) (*P11Support, error)
New creates a new P11Support instance for the given PKCS#11 library module and the given PKCS#11 URI.
func (*P11Support) BuildNewCSR ¶
func (s *P11Support) BuildNewCSR(fqdn string, deleteExisting bool) ([]byte, error)
BuildNewCSR creates a new certificate signing request (CSR) for the given fully qualified domain name (fqdn). A new keypair for the label in the PKCS#11 URI is generated if there is none yet.
func (*P11Support) GetExistingCertificate ¶
func (s *P11Support) GetExistingCertificate() (*x509.Certificate, error)
GetExistingCertificate retrieves an existing certificate identified by the label from the PKCS#11 URI.
func (*P11Support) NewP11TokenCert ¶
func (s *P11Support) NewP11TokenCert() ([]tls.Certificate, *x509.Certificate, []byte, error)
NewP11TokenCert returns the client certificate including its associated private key handle for TLS client authentication, the actual certificate instance and a new signing request for renewal of the certificate.
An error is returned if retrieving the key pair or the certificate from the token fails, or if the CSR cannot be generated.
func (*P11Support) StoreCertificate ¶
func (s *P11Support) StoreCertificate(certificate *x509.Certificate) error
StoreCertificate stores the given certificate in a certificate entry of the PKCS#11 token with the same id and label as the corresponding private key. The label is taken from the PKCS#11 URI.