mkcert

Documentation

Overview

Package mkcert provides the private CA for mTLS

Index

• Constants
• type CA
  • func (m *CA) GetCAPool() *x509.CertPool
  • func (m *CA) GetCertificate(chi *tls.ClientHelloInfo) (*tls.Certificate, error)
  • func (m *CA) WriteCertFile() (string, error)
  • func (m *CA) WriteKeyFile() (string, error)
• type Config
  • func (cfg *Config) CertFileName() (string, error)
  • func (cfg *Config) Export() *ca.Config
  • func (cfg *Config) KeyFileName() (string, error)
  • func (cfg *Config) LoadCA() (*CA, error)
  • func (cfg *Config) MkRootDir() error
  • func (cfg *Config) NewCA() (*CA, error)
  • func (cfg *Config) SetDefaults() error

Constants

const (
	// DefaultKeyFilePermissions are the permissions used when creating the KeyFile
	DefaultKeyFilePermissions os.FileMode = 0600
	// DefaultCertFilePermissions are the permissions used when creating the CertFile
	DefaultCertFilePermissions os.FileMode = 0644
	// DefaultDirPermissions are the permissions used when creating the RootDir
	DefaultDirPermissions os.FileMode = 0700
)

Types

type CA

type CA struct {
	// contains filtered or unexported fields
}

CA is a private PKI for mTLS

func (*CA) GetCAPool

func (m *CA) GetCAPool() *x509.CertPool

GetCAPool returns a reference to the Certificates Pool

func (*CA) GetCertificate

func (m *CA) GetCertificate(chi *tls.ClientHelloInfo) (*tls.Certificate, error)

GetCertificate returns the TLS Certificate that should be used for a given TLS request

func (*CA) WriteCertFile

func (m *CA) WriteCertFile() (string, error)

WriteCertFile writes the CA's Certificate PEM encoded, using the filename in the [Config.CertFile]

func (*CA) WriteKeyFile

func (m *CA) WriteKeyFile() (string, error)

WriteKeyFile writes the CA's Private Key PEM encoded, using the filename in the [Config.KeyFile]

type Config

type Config struct {
	// RootDir is the directory where key and cert are securely stored
	RootDir string `toml:"caroot_dir" default:"~/.local/share/mkcert"`
	// KeyFile is the filename of the CA key within the RootDir
	KeyFile string `toml:"key_file"   default:"rootCA-key.pem"`
	// CertFile is the filename of the CA certificate within the RootDir
	CertFile string `toml:"cert_file" default:"rootCA.pem"`

	// Certificates include infomation for the issued certificates
	Certificates ca.TemplateConfig `toml:"certificates,omitempty"`
	// Issuer include infomation for creating the CA
	Issuer ca.TemplateConfig `toml:"issuer,omitempty"`

	// KeyAlgorithm indicates the KeyAlgorigthm  to be used.
	// RSA, ECDSA, or ED25519. case-insensitive.
	KeyAlgorithm string `toml:"algorithm,omitempty"`
}

Config is the configuration of a CA

func (*Config) CertFileName

func (cfg *Config) CertFileName() (string, error)

CertFileName returns the full path to the [Config.CertFile]

func (*Config) Export

func (cfg *Config) Export() *ca.Config

Export converts an annotated Config into a ca.Config

func (*Config) KeyFileName

func (cfg *Config) KeyFileName() (string, error)

KeyFileName returns the full path to the [Config.KeyFile]

func (*Config) LoadCA

func (cfg *Config) LoadCA() (*CA, error)

LoadCA creates a new CA using [Config.KeyFile] and [Config.CertFile]

func (*Config) MkRootDir

func (cfg *Config) MkRootDir() error

MkRootDir creates the [Config.RootDir] if it doesn't exist already

func (*Config) NewCA

func (cfg *Config) NewCA() (*CA, error)

NewCA generates a new CA using cfg.Issuer information

func (*Config) SetDefaults

func (cfg *Config) SetDefaults() error

SetDefaults fills the gaps in the Config