config

package
v0.2.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 9, 2023 License: Apache-2.0 Imports: 13 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func AddConfigurator 

func AddConfigurator(version int, c Configurator)

Configuration implementations register themselves using this function. It is recommended to keep verion > 0 to avoid bugs regarding to uninitialized version numbers.

func GetRdnAttributeOid 

func GetRdnAttributeOid(attr string) (asn1.ObjectIdentifier, error)

Helper function to get a RDN attribute OID based on it's shorthand string representation.

func IsErrorUnknownFile 

func IsErrorUnknownFile(err error) bool

func ParseConfig 

func ParseConfig(r io.Reader) (any, error)

The main parsing function for configurations. This is the intended way to parse a config. It attempts to read the version integer from the config and then decide which version to use based on that. It returns either a config.CertificateContent or a config.CertificateProfile on success. It throws an error, if the provided stream does not conform to the assumptions this package makes (see package documentation), or if the version does not exist (yet).

func ParseRDNSequence 

func ParseRDNSequence(s string) (pkix.RDNSequence, error)

Parses the string representation of a Relative Distinguished Name. The underlying data structure will be in reverse order so that it conforms to RFC4514#section-2.1. It supports custom OID attributes.

To keep this function simple, there are some limitations:

  • only shorthand string representations are recognized (e.g. CN instead of commonName)
  • only C, O, OU, CN, SERIALNUMBER, L, ST, STREET, POSTALCODE are recognized as representations
  • custom OIDs are supported, but the values is always interpreted as a string, and not as #[DER-SEQUENCE] as RFC4514 demands. This is done for simplicity and ease of configuration

func Validate 

func Validate(profile CertificateProfile, content CertificateContent) bool

Function to validate a certificate profile against a certificate configuration. It will check the constraints on the subject DN mandated by the profile. Extensions will not be checked here, since this is covered by the override errors when calling Compile().

Types

type CertificateContent 

type CertificateContent struct {
	Alias              string
	SerialNumber       int64
	IssuerUniqueId     asn1.BitString
	SubjectUniqueId    asn1.BitString
	Profile            string
	Subject            pkix.RDNSequence
	Issuer             string
	ValidFrom          time.Time
	ValidUntil         time.Time
	KeyAlgorithm       cert.KeyAlgorithm
	SignatureAlgorithm cert.SignatureAlgorithm
	Extensions         []ExtensionConfig
	Manipulations      Manipulations
}

The general representation of a certificate configuration. Generation engines can use this to generate certificates.

func Merge 

func Merge(profile CertificateProfile, content CertificateContent) (*CertificateContent, error)

Function to merge a certificate profile into a certificate configuration. The certificate will inherit the validity and the extensions, if it does not define it itself. One exception are non-optional extensions which will always be inherited.

When merging extension the order will be preserverd. Inherited extensions will always be above the extensions set by the certificate.

func (CertificateContent) HashSum 

func (c CertificateContent) HashSum() ([]byte, error)

HashSum returns a sha1 hash of the content For HashSum to work, it is required, that all fields are exported. This also goes for all implementations of ExtensionConfig.

type CertificateProfile 

type CertificateProfile struct {
	Name              string
	ValidFrom         *time.Time
	ValidUntil        *time.Time
	SubjectAttributes ProfileSubjectAttributes
	Extensions        []ProfileExtension
}

The general representation of a certificate profile.

func (CertificateProfile) HashSum 

func (cp CertificateProfile) HashSum() ([]byte, error)

HashSum returns a sha1 hash of the profile See remarks on CertificateContent.HashSum

type Configurator 

type Configurator interface {
	ParseConfiguration(s string) (any, error)
	ProfileExample() string
	CertificateExample() string
}

The interface each configuration version must implement.

func GetConfigurator 

func GetConfigurator(version int) (Configurator, error)

Get configurator for the supplied version. Returns an error, if this version does not exist (yet).

type ConstantBuilder 

type ConstantBuilder struct {
	pkix.Extension
}

Builder that implements cert.ExtensionBuilder. This allows to arbitrarily set the extension itself for cases where the content is already defined at the time of config parsing.

func (ConstantBuilder) Compile 

func (c ConstantBuilder) Compile(ctx *cert.CertificateContext) (*pkix.Extension, error)

type ErrorUnknownFile 

type ErrorUnknownFile string

func (ErrorUnknownFile) Error 

func (e ErrorUnknownFile) Error() string

type ExtensionConfig 

type ExtensionConfig interface {
	Oid() (asn1.ObjectIdentifier, error)
	Builder() (cert.ExtensionBuilder, error)
}

The interface each Extension needs to implement. The Oid is used to determine, whether extensions have the same "type" during a merge. The builder function is there so that the cert package can build the extension iteself.

type ExtensionProfile 

type ExtensionProfile struct {
	//this is used for extensions inside profiles
	//when parsing a certificate, these values are ignored.
	Optional bool `json:"optional"`
	Override bool `json:"override"`
}

Each extension must have these values in order for a profile to correctly validate/merge extensions.

type FunctionBuilder 

type FunctionBuilder struct {
	Function func(ctx *cert.CertificateContext) (*pkix.Extension, error)
}

Builder that implements cert.ExtensionBuilder. Builds an extension according to the provided function. The function will be executed when calling Compile(), so side effects may apply accordingly.

func (FunctionBuilder) Compile 

func (f FunctionBuilder) Compile(ctx *cert.CertificateContext) (*pkix.Extension, error)

type Manipulations added in v0.2.0 

type Manipulations struct {
	Version               *int
	SignatureAlgorithm    *pkix.AlgorithmIdentifier
	SignatureValue        *asn1.BitString
	TbsSignature          *pkix.AlgorithmIdentifier
	TbsPublicKeyAlgorithm *pkix.AlgorithmIdentifier
	TbsPublicKey          *asn1.BitString
}

type OverrideNeededBuilder 

type OverrideNeededBuilder struct{}

Builder that implements cert.ExtensionBuilder. It will never yield an extension, but instead will return an error, that this extension needs to be replaced.

This is useful when a certificate inherits an extension from its profile that is requred to be overrided, because the profile itself doesn't define the content of the extension.

func (OverrideNeededBuilder) Compile 

func (e OverrideNeededBuilder) Compile(ctx *cert.CertificateContext) (*pkix.Extension, error)

type ProfileExtension 

type ProfileExtension struct {
	ExtensionConfig
	ExtensionProfile
}

type ProfileSubjectAttribute 

type ProfileSubjectAttribute struct {
	Attribute string `json:"attribute"`
	Optional  bool   `json:"optional"`
}

type ProfileSubjectAttributes 

type ProfileSubjectAttributes struct {
	AllowOther bool                      `json:"allowOther"`
	Attributes []ProfileSubjectAttribute `json:"attributes"`
}

Source Files

View all Source files

Directories

Path Synopsis
Implements version 1 of the configuration parser.
 Implements version 1 of the configuration parser.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.