peertls

package

v0.8.5 Latest Latest Go to latest Published: Apr 4, 2019 License: AGPL-3.0 Imports: 12 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/storj/storj

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
Variables
func CATemplate() (*x509.Certificate, error)
func ChainBytes(chain ...*x509.Certificate) ([]byte, error)
func DoubleSHA256PublicKey(k crypto.PublicKey) ([sha256.Size]byte, error)
func LeafTemplate() (*x509.Certificate, error)
func NewCert(publicKey crypto.PublicKey, parentKey crypto.PrivateKey, ...) (*x509.Certificate, error)
func NewSelfSignedCert(key crypto.PrivateKey, template *x509.Certificate) (*x509.Certificate, error)
func TLSCert(chain [][]byte, leaf *x509.Certificate, key crypto.PrivateKey) (*tls.Certificate, error)
func VerifyPeerCertChains(_ [][]byte, parsedChains [][]*x509.Certificate) error
func WriteChain(w io.Writer, chain ...*x509.Certificate) error
type NonTemporaryError
- func NewNonTemporaryError(err error) NonTemporaryError
- func (nte NonTemporaryError) Err() error
- func (nte NonTemporaryError) Temporary() bool
type PeerCertVerificationFunc
- func VerifyCAWhitelist(cas []*x509.Certificate) PeerCertVerificationFunc
- func VerifyPeerFunc(next ...PeerCertVerificationFunc) PeerCertVerificationFunc

Constants ¶

View Source

const (
	// LeafIndex is the index of the leaf certificate in a cert chain (0)
	LeafIndex = iota
	// CAIndex is the index of the CA certificate in a cert chain (1)
	CAIndex
)

Variables ¶

View Source

var (
	// ErrNotExist is used when a file or directory doesn't exist.
	ErrNotExist = errs.Class("file or directory not found error")
	// ErrGenerate is used when an error occurred during cert/key generation.
	ErrGenerate = errs.Class("tls generation error")
	// ErrTLSTemplate is used when an error occurs during tls template generation.
	ErrTLSTemplate = errs.Class("tls template error")
	// ErrVerifyPeerCert is used when an error occurs during `VerifyPeerCertificate`.
	ErrVerifyPeerCert = errs.Class("tls peer certificate verification error")
	// ErrVerifyCertificateChain is used when a certificate chain can't be verified from leaf to root
	// (i.e.: each cert in the chain should be signed by the preceding cert and the root should be self-signed).
	ErrVerifyCertificateChain = errs.Class("certificate chain signature verification failed")
	// ErrVerifyCAWhitelist is used when a signature wasn't produced by any CA in the whitelist.
	ErrVerifyCAWhitelist = errs.Class("not signed by any CA in the whitelist")
)

Functions ¶

func CATemplate ¶

func CATemplate() (*x509.Certificate, error)

CATemplate returns x509.Certificate template for certificate authority

func ChainBytes ¶

func ChainBytes(chain ...*x509.Certificate) ([]byte, error)

ChainBytes returns bytes of the certificate chain (leaf-first) to the writer, PEM-encoded.

func DoubleSHA256PublicKey ¶

func DoubleSHA256PublicKey(k crypto.PublicKey) ([sha256.Size]byte, error)

DoubleSHA256PublicKey returns the hash of the hash of (double-hash, SHA226) the binary format of the given public key.

func LeafTemplate ¶

func LeafTemplate() (*x509.Certificate, error)

LeafTemplate returns x509.Certificate template for signing and encrypting

func NewCert ¶

func NewCert(publicKey crypto.PublicKey, parentKey crypto.PrivateKey, template, parent *x509.Certificate) (*x509.Certificate, error)

NewCert returns a new x509 certificate using the provided templates and key, signed by the parent cert if provided; otherwise, self-signed.

func NewSelfSignedCert ¶

func NewSelfSignedCert(key crypto.PrivateKey, template *x509.Certificate) (*x509.Certificate, error)

NewSelfSignedCert returns a new x509 self-signed certificate using the provided // template and key,

func TLSCert ¶

func TLSCert(chain [][]byte, leaf *x509.Certificate, key crypto.PrivateKey) (*tls.Certificate, error)

TLSCert creates a tls.Certificate from chains, key and leaf.

func VerifyPeerCertChains ¶

func VerifyPeerCertChains(_ [][]byte, parsedChains [][]*x509.Certificate) error

VerifyPeerCertChains verifies that the first certificate chain contains certificates which are signed by their respective parents, ending with a self-signed root.

func WriteChain ¶

func WriteChain(w io.Writer, chain ...*x509.Certificate) error

WriteChain writes the certificate chain (leaf-first) and extensions to the writer, PEM-encoded.

Types ¶

type NonTemporaryError ¶

type NonTemporaryError struct {
	// contains filtered or unexported fields
}

NonTemporaryError is an error with a `Temporary` method which always returns false. It is intended for use with grpc.

(see https://godoc.org/google.golang.org/grpc#WithDialer and https://godoc.org/google.golang.org/grpc#FailOnNonTempDialError).

func NewNonTemporaryError ¶

func NewNonTemporaryError(err error) NonTemporaryError

NewNonTemporaryError returns a new temporary error for use with grpc.

func (NonTemporaryError) Err ¶

func (nte NonTemporaryError) Err() error

Err returns the underlying error

func (NonTemporaryError) Temporary ¶

func (nte NonTemporaryError) Temporary() bool

Temporary returns false to indicate that is is a non-temporary error

type PeerCertVerificationFunc ¶

type PeerCertVerificationFunc func([][]byte, [][]*x509.Certificate) error

PeerCertVerificationFunc is the signature for a `*tls.Config{}`'s `VerifyPeerCertificate` function.

func VerifyCAWhitelist ¶

func VerifyCAWhitelist(cas []*x509.Certificate) PeerCertVerificationFunc

VerifyCAWhitelist verifies that the peer identity's CA was signed by any one of the (certificate authority) certificates in the provided whitelist.

func VerifyPeerFunc ¶

func VerifyPeerFunc(next ...PeerCertVerificationFunc) PeerCertVerificationFunc

VerifyPeerFunc combines multiple `*tls.Config#VerifyPeerCertificate` functions and adds certificate parsing.

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
extensions
tlsopts

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL