issuer

package module

v0.0.0-...-d4c059a Latest Latest Go to latest Published: Oct 17, 2018 License: MIT Imports: 25 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

Repository URL not available.

README ¶

issuer

Issuer for Certificates, knows how to interface several managed CA solutions.

Documentation ¶

Overview ¶

Package issuer implements a common interface for several TLS Certificate Authority issuance implementations.

Index ¶

Variables
func DigiCertEVProduct(names []string, extKeyUsage []x509.ExtKeyUsage) string
func DigiCertProduct(names []string, extKeyUsage []x509.ExtKeyUsage) string
type Capability
type DigiCertProductFunc
type Issuer
type LemurOption
type VaultOption
- func VaultToken(token string) VaultOption

Constants ¶

This section is empty.

Variables ¶

View Source

var (
	// ErrNotSupported indicates the requested operation is not supported by the Issuer.
	ErrNotSupported = errors.New("issuer: not supported")
)

Functions ¶

func DigiCertEVProduct ¶

func DigiCertEVProduct(names []string, extKeyUsage []x509.ExtKeyUsage) string

func DigiCertProduct ¶

func DigiCertProduct(names []string, extKeyUsage []x509.ExtKeyUsage) string

Types ¶

type Capability ¶

type Capability uint

Capability bitmask to indicate Issuer capabilities.

const (
	Sign Capability = 1 << iota
	SignKeyPair
	Renew
	Revoke
	RevocationList
	OCSP
)

Capability flags.

const (
	None Capability = 0
	All  Capability = Sign | SignKeyPair | Renew | Revoke | RevocationList | OCSP
)

Composite Capability flags.

type DigiCertProductFunc ¶

type DigiCertProductFunc func([]string, []x509.ExtKeyUsage) string

DigiCertProductFunc returns a DigiCert product name for the requested usage.

type Issuer ¶

type Issuer interface {
	// Capabilities returns the issuer capability flags.
	Capabilities() Capability

	// Certificate for this issuer.
	Certificate() *x509.Certificate

	// Chain is X.509 chain for this issuer.
	Chain() []*x509.Certificate

	// RevocationList returns the Certificate Revocation List (CRL).
	RevocationList() (crl []byte, list *pkix.CertificateList, err error)

	// Request a Certificate.
	Request(csr *x509.CertificateRequest, ttl time.Duration) (cert *x509.Certificate, chain []*x509.Certificate, err error)

	// RequestKeyPair requests a certificate and private key pair based on
	// the supplied certificate template.
	RequestKeyPair(template *x509.Certificate, ttl time.Duration) (cert *x509.Certificate, chain []*x509.Certificate, key crypto.PrivateKey, err error)

	// Renew a certificate previously issued by this issuer.
	Renew(old *x509.Certificate, ttl time.Duration) (cert *x509.Certificate, chain []*x509.Certificate, err error)

	// Revoke a certificate previously issued by this issuer.
	Revoke(crt *x509.Certificate) (revoked bool, err error)
}

Issuer can issue certificates.

func NewDigiCert ¶

func NewDigiCert(token string, product DigiCertProductFunc) Issuer

NewDigiCert returns an issuer that uses the DigiCert API. If product is nil, DigiCertProduct will be used to determine what product to use in requesting new certificates.

func NewLemur ¶

func NewLemur(api, authorityName string, options ...LemurOption) (Issuer, error)

NewLemur sets up a Lemur based issuer.

func NewStandalone ¶

func NewStandalone(certFile, keyFile, crlFile string) (Issuer, error)

Newstandalone returns a standalone issuer, with the supplied certFile and keyFile as Certificate Authority certificate and key (PEM format). The crlFile location should be writable, so the issuer can store revoked certificates.

func NewVault ¶

func NewVault(api, mountpoint, role string, options ...VaultOption) (Issuer, error)

NewVault initializes a new Vault based issuer on the specified mountpoint and role. Each role requires a separate instance.

type LemurOption ¶

type LemurOption func(*lemur)

LemurOption is an option for NewLemur.

func LemurAuth ¶

func LemurAuth(username, password string) LemurOption

LemurAuth enables username/password authentication.

func LemurDefaultOwner ¶

func LemurDefaultOwner(email string) LemurOption

LemurDefaultOwner defines the owner for certificates that don't have an emailAddress attribute type and value in the subject.

func LemurSkipVerifyTLS ¶

func LemurSkipVerifyTLS() LemurOption

LemurSkipVerifyTLS disabled TLS verification.

func LemurToken ¶

func LemurToken(token string) LemurOption

LemurToken enables token authentication.

type VaultOption ¶

type VaultOption func(*vault)

VaultOption is an option for NewVault.

func VaultToken ¶

func VaultToken(token string) VaultOption

VaultToken adds the Vault authentication token.

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
pkixutil Package pkixutil implements helpers for formatting and parsing X.509 attributes and types.	Package pkixutil implements helpers for formatting and parsing X.509 attributes and types.

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL