peertls

package
v0.21.2 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Sep 20, 2019 License: AGPL-3.0 Imports: 11 Imported by: 0

Documentation

Index

Constants

View Source
const (
	// LeafIndex is the index of the leaf certificate in a cert chain (0)
	LeafIndex = iota
	// CAIndex is the index of the CA certificate in a cert chain (1)
	CAIndex
)

Variables

View Source
var (
	// ErrNotExist is used when a file or directory doesn't exist.
	ErrNotExist = errs.Class("file or directory not found error")
	// ErrGenerate is used when an error occurred during cert/key generation.
	ErrGenerate = errs.Class("tls generation error")
	// ErrTLSTemplate is used when an error occurs during tls template generation.
	ErrTLSTemplate = errs.Class("tls template error")
	// ErrVerifyPeerCert is used when an error occurs during `VerifyPeerCertificate`.
	ErrVerifyPeerCert = errs.Class("tls peer certificate verification error")
	// ErrVerifyCertificateChain is used when a certificate chain can't be verified from leaf to root
	// (i.e.: each cert in the chain should be signed by the preceding cert and the root should be self-signed).
	ErrVerifyCertificateChain = errs.Class("certificate chain signature verification failed")
	// ErrVerifyCAWhitelist is used when a signature wasn't produced by any CA in the whitelist.
	ErrVerifyCAWhitelist = errs.Class("not signed by any CA in the whitelist")
)

Functions

func CATemplate

func CATemplate() (*x509.Certificate, error)

CATemplate returns x509.Certificate template for certificate authority

func ChainBytes

func ChainBytes(chain ...*x509.Certificate) ([]byte, error)

ChainBytes returns bytes of the certificate chain (leaf-first) to the writer, PEM-encoded.

func CreateCertificate added in v0.9.0

func CreateCertificate(signee crypto.PublicKey, signer crypto.PrivateKey, template, issuer *x509.Certificate) (*x509.Certificate, error)

CreateCertificate creates a new X.509v3 certificate based on a template. The new certificate:

  • will have the public key given as 'signee'
  • will be signed by 'signer' (which should be the private key of 'issuer')
  • will be issued by 'issuer'
  • will have metadata fields copied from 'template'

Returns the new Certificate object.

func CreateSelfSignedCertificate added in v0.9.0

func CreateSelfSignedCertificate(key crypto.PrivateKey, template *x509.Certificate) (*x509.Certificate, error)

CreateSelfSignedCertificate creates a new self-signed X.509v3 certificate using fields from the given template.

func DoubleSHA256PublicKey

func DoubleSHA256PublicKey(k crypto.PublicKey) ([sha256.Size]byte, error)

DoubleSHA256PublicKey returns the hash of the hash of (double-hash, SHA226) the binary format of the given public key.

func LeafTemplate

func LeafTemplate() (*x509.Certificate, error)

LeafTemplate returns x509.Certificate template for signing and encrypting

func TLSCert

func TLSCert(chain [][]byte, leaf *x509.Certificate, key crypto.PrivateKey) (*tls.Certificate, error)

TLSCert creates a tls.Certificate from chains, key and leaf.

func VerifyPeerCertChains

func VerifyPeerCertChains(_ [][]byte, parsedChains [][]*x509.Certificate) error

VerifyPeerCertChains verifies that the first certificate chain contains certificates which are signed by their respective parents, ending with a self-signed root.

func WriteChain

func WriteChain(w io.Writer, chain ...*x509.Certificate) error

WriteChain writes the certificate chain (leaf-first) and extensions to the writer, PEM-encoded.

Types

type NonTemporaryError

type NonTemporaryError struct {
	// contains filtered or unexported fields
}

NonTemporaryError is an error with a `Temporary` method which always returns false. It is intended for use with grpc.

(see https://godoc.org/google.golang.org/grpc#WithDialer and https://godoc.org/google.golang.org/grpc#FailOnNonTempDialError).

func NewNonTemporaryError

func NewNonTemporaryError(err error) NonTemporaryError

NewNonTemporaryError returns a new temporary error for use with grpc.

func (NonTemporaryError) Err

func (nte NonTemporaryError) Err() error

Err returns the underlying error

func (NonTemporaryError) Temporary

func (nte NonTemporaryError) Temporary() bool

Temporary returns false to indicate that is is a non-temporary error

type PeerCertVerificationFunc

type PeerCertVerificationFunc func([][]byte, [][]*x509.Certificate) error

PeerCertVerificationFunc is the signature for a `*tls.Config{}`'s `VerifyPeerCertificate` function.

func VerifyCAWhitelist

func VerifyCAWhitelist(cas []*x509.Certificate) PeerCertVerificationFunc

VerifyCAWhitelist verifies that the peer identity's CA was signed by any one of the (certificate authority) certificates in the provided whitelist.

func VerifyPeerFunc

func VerifyPeerFunc(next ...PeerCertVerificationFunc) PeerCertVerificationFunc

VerifyPeerFunc combines multiple `*tls.Config#VerifyPeerCertificate` functions and adds certificate parsing.

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL