pkimodel

package
v0.0.0-...-23a808a Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Sep 22, 2024 License: BSD-3-Clause Imports: 10 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type Certificate 

type Certificate struct {
	// contains filtered or unexported fields
}

func NewCertificate 

func NewCertificate(oif CertificateInFile) (cif *Certificate, err error)

func (*Certificate) File 

func (c *Certificate) File() DataInFile

func (*Certificate) Fingerprint 

func (c *Certificate) Fingerprint() []byte

func (*Certificate) FingerprintHex 

func (c *Certificate) FingerprintHex() string

func (*Certificate) Issued 

func (c *Certificate) Issued() []*Certificate

func (*Certificate) Issuer 

func (c *Certificate) Issuer() *Certificate

func (*Certificate) Key 

func (c *Certificate) Key() *PrivateKey

func (*Certificate) Parsed 

func (c *Certificate) Parsed() *x509.Certificate

func (*Certificate) String 

func (c *Certificate) String() string

func (*Certificate) Update 

func (c *Certificate) Update(n *x509.Certificate) error

type CertificateInFile 

type CertificateInFile ObjectInFile[*x509.Certificate]

type Collection 

type Collection struct {
	CAs          []*ca.CA
	Files        []PkiFile
	Certificates []*Certificate
	PrivateKeys  []*PrivateKey
	DontScan     map[string]struct{}
}

func NewCollection 

func NewCollection() *Collection

func (*Collection) AddCA 

func (c *Collection) AddCA(authority *ca.CA) error

func (*Collection) AddDontScan 

func (c *Collection) AddDontScan(paths ...string) error

func (*Collection) AddFile 

func (c *Collection) AddFile(f PkiFile) error

func (*Collection) BuildChains 

func (c *Collection) BuildChains(errorStream chan<- error) error

func (*Collection) Close 

func (c *Collection) Close() error

Close closes all the CAs in the collection

func (*Collection) ShouldScan 

func (c *Collection) ShouldScan(path string) (bool, error)

type DataInFile 

type DataInFile interface {
	// File in which this PKI object was found
	File() PkiFile

	// String returns a reference to where this data is found withing the file.
	// Typically, this is PkiFile.String() + "#" + reference_in_file
	String() string

	// GetRawObject returns the raw data of the cryptographic object store in
	// the file. For a PEM file, this would be the DER encoding.
	GetRawObject() []byte

	// SetRawObject stores a new (updated) object in the file structure but
	// does not write it back to disk until Save() is called on the PkiFile
	// object returned by File().
	SetRawObject([]byte)
}

DataInFile represents a chunk fo data in a PkiFile that represents a single cryptographic object. It also provides an interface to the decoded form of the object. This may represent a PEM block found within a text file.

type IsInFile 

type IsInFile interface {
	File() DataInFile
}

type ObjectInFile 

type ObjectInFile[T any] interface {
	DataInFile

	GetObject() (T, error)

	SetObject(T) error
}

ObjectInFile is an extension the DataInFIle allowing access to the parsed form of the cryptographic object.

type PkiFile 

type PkiFile interface {
	// String returns a reference to where to find this file, typically this
	// is an absolute path.
	String() string

	// ParseCertificates returns the parsed certificates from the file. See
	// NewCertificate.
	ParseCertificates() ([]*Certificate, error)

	// ParsePrivateKeys returns the parsed keys from a
	ParsePrivateKeys() ([]*PrivateKey, error)

	// TieBreakCertificates is called when there are multiple CA certificates
	// any of which may have issued the leaf certificate. If a certificate
	// in the file twice then the same cryptographic object may be listed more
	// than once in the issuers list. All issuers will have originated from
	// the file on which this function is called.
	TieBreakCertificates(leaf *Certificate, issuers []*Certificate) *Certificate

	TieBreakPrivateKeys(cert *Certificate, keys []*PrivateKey) *PrivateKey

	// MarkUpdated sets a flag within the object so that when Save() is called
	// the file will be written back to disk along with any updates made to
	// the objects that were parsed from it.
	MarkUpdated()

	// Save the file back to disk along with any updates. If no updates were
	// made (i.e. MarkUpdated() was not called) then this may be a no-op.
	// anyChanges will be ture if MarkUpdated() was called prior the last call
	// to Save()
	Save() (anyChanges bool, err error)
}

PkiFile represents a file (or other RW object) which may contain a collection of cryptographic objects. The objects will be parsed and made available and may also be replaced and the modified file written back to disk.

type PrivateKey 

type PrivateKey struct {
	// contains filtered or unexported fields
}

func NewPrivateKeyOffline 

func NewPrivateKeyOffline(oif PrivateKeyInFile) (kif *PrivateKey, err error)

func NewPrivateKeyOnline 

func NewPrivateKeyOnline(oif PrivateKeyInFile) (kif *PrivateKey, err error)

func (*PrivateKey) File 

func (c *PrivateKey) File() DataInFile

func (*PrivateKey) Fingerprint 

func (c *PrivateKey) Fingerprint() []byte

func (*PrivateKey) FingerprintHex 

func (c *PrivateKey) FingerprintHex() string

func (*PrivateKey) Parsed 

func (c *PrivateKey) Parsed() crypto.PrivateKey

func (*PrivateKey) PublicKey 

func (c *PrivateKey) PublicKey() crypto.PublicKey

func (*PrivateKey) String 

func (c *PrivateKey) String() string

func (*PrivateKey) Type 

func (c *PrivateKey) Type() keytype.Type

type PrivateKeyInFile 

type PrivateKeyInFile ObjectInFile[any]

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.