easytls

package module
v0.1.4 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 28, 2025 License: BSD-3-Clause Imports: 10 Imported by: 7

README

easytls

Latest release Build status Go Report Card Documentation

Package easytls makes working with TLS for either servers or clients easy. It contains several sane and safe defaults for implementing TLS and using certificates, as well as loader interfaces to accelerate the process of loading certificates from files or raw byte data.

go get github.com/go-pogo/easytls

import "github.com/go-pogo/easytls"

Documentation

Additional detailed documentation is available at pkg.go.dev

Created with

License

Copyright © 2022-2025 Roel Schut. All rights reeasytlsed.

This project is governed by a BSD-style license that can be found in the LICENSE file.

Documentation

Overview

Package easytls makes working with TLS for either servers or clients easy. It contains several sane and safe defaults for implementing TLS and using certificates, as well as _loader_ interfaces to accelerate the process of loading certificates from files or raw byte data.

Index

Constants

View Source 
const (
	TargetServer Target = iota + 1
	TargetClient

	ErrAddCACertToPool errors.Msg = "failed to add CA certificate to pool"
	ErrNotMarkedAsCA   errors.Msg = "certificate is not marked as a CA"
	ErrMissingCertSign errors.Msg = "certificate is missing the cert sign flag"
)
View Source 
const (
	ErrLoadCertificate = "failed to load certificate"
)
View Source 
const ErrNoCertificateInPEM errors.Msg = "failed to find \"CERTIFICATE\" PEM block in data"

Variables

This section is empty.

Functions

func Apply 

func Apply(conf *tls.Config, target Target, opts ...Option) error

func CACertificate 

func CACertificate(subj pkix.Name) *x509.Certificate

CACertificate returns a basic CA x509.Certificate with a validity of 10 years.

func ClientCertificate 

func ClientCertificate() *x509.Certificate

func CopyMissingSubjectFields 

func CopyMissingSubjectFields(src pkix.Name, dest *pkix.Name)

func DefaultTLSConfig 

func DefaultTLSConfig() *tls.Config

DefaultTLSConfig returns a modern preconfigured tls.Config.

func GetCertificate 

func GetCertificate(cl TLSCertificateLoader) func(*tls.ClientHelloInfo) (*tls.Certificate, error)

GetCertificate can be used in tls.Config to load a certificate when it's requested for.

func LoadAndAdd 

func LoadAndAdd(pool *x509.CertPool, certs ...X509CertificateLoader) error

LoadAndAdd loads the certificates from the provided [X509CertificateLoader]s and adds them to the provided x509.CertPool. Errors that occur are grouped together and returned as a single error after all certificates have been loaded.

func LoadAndAddSystem 

func LoadAndAddSystem(certs ...X509CertificateLoader) (*x509.CertPool, error)

func LoadAndAppend 

func LoadAndAppend(list []tls.Certificate, certs ...TLSCertificateLoader) ([]tls.Certificate, error)

LoadAndAppend loads the certificates from the provided [TLSCertificateLoader]s and appends them to the provided tls.Certificate slice. Errors that occur are grouped together and returned as a single error after all certificates have been loaded.

func ServerCertificate 

func ServerCertificate(hosts ...string) *x509.Certificate

func ValidateCA 

func ValidateCA(cert *x509.Certificate) (bool, error)

ValidateCA checks if the provided x509.Certificate can be used as CA certificate. It return true when the certificate is valid, otherwise false. Any reasons why the certificate is invalid will be returned as an error, or nil when no non-nil certificate is provided.

Types

type CertificateFile 

type CertificateFile string

CertificateFile contains the path to an existing certificate file which can be loaded using CertificateFile.LoadX509Certificate. The contents of the file must contain valid PEM encoded data.

func (CertificateFile) GoString 

func (cf CertificateFile) GoString() string

func (CertificateFile) LoadX509Certificate 

func (cf CertificateFile) LoadX509Certificate() (*x509.Certificate, error)

func (*CertificateFile) Set 

func (cf *CertificateFile) Set(s string) error

func (CertificateFile) String 

func (cf CertificateFile) String() string

type Config 

type Config struct {
	// CACertFile is the path to the root certificate authority (CA) file. It
	// is used to verify both client and server certificates are signed by the
	// same CA.
	CACertFile CertificateFile `env:""`
	// CertFile is the path to the certificate file.
	CertFile string `env:""`
	// KeyFile is the path to the private key file.
	KeyFile string `env:""`
	// VerifyClient enables mutual TLS authentication.
	VerifyClient bool `env:""`
	// InsecureSkipVerify disabled all certificate verification and should only
	// be used for testing. See [tls.Config.InsecureSkipVerify] for additional
	// information.
	InsecureSkipVerify bool `env:""`
}

Config is a general config struct which can be used to configure or create a tls.Config for clients or servers.

func (Config) ApplyTo 

func (tc Config) ApplyTo(conf *tls.Config, target Target) error

ApplyTo applies the Config fields' values to the provided tls.Config for the specified Target.

func (Config) Client 

func (tc Config) Client() (*tls.Config, error)

Client creates a tls.Config for client connections. It is based on DefaultTLSConfig, with Config applied to it.

func (Config) Server 

func (tc Config) Server() (*tls.Config, error)

Server creates a tls.Config for server connections. It is based on DefaultTLSConfig, with Config applied to it.

type InvalidTarget 

type InvalidTarget struct {
	Target Target
}

func (InvalidTarget) Error 

func (e InvalidTarget) Error() string

type KeyPair 

type KeyPair struct {
	CertFile string
	KeyFile  string
}

KeyPair contains the paths to PEM encoded certificate and key pair of files, which can be loaded using KeyPair.LoadTLSCertificate.

func (KeyPair) ApplyTo 

func (kp KeyPair) ApplyTo(conf *tls.Config, target Target) error

ApplyTo adds the KeyPair certificate to the provided tls.Config.

func (KeyPair) IsEmpty 

func (kp KeyPair) IsEmpty() bool

func (KeyPair) LoadTLSCertificate 

func (kp KeyPair) LoadTLSCertificate() (*tls.Certificate, error)

LoadTLSCertificate reads and parses the key pair files with tls.LoadX509KeyPair. The files must contain valid PEM encoded data.

type Option 

type Option interface {
	ApplyTo(conf *tls.Config, target Target) error
}

An Option can be applied to a tls.Config.

func WithLoadX509RootCAs 

func WithLoadX509RootCAs(certs ...X509CertificateLoader) Option

func WithTLSRootCAs 

func WithTLSRootCAs(certs ...tls.Certificate) Option

func WithX509RootCAs 

func WithX509RootCAs(certs ...*x509.Certificate) Option

type PEMBlocks 

type PEMBlocks struct {
	Cert []byte
	Key  []byte
}

PEMBlocks contains PEM encoded certificate and key data which can be loaded using KeyPair.LoadTLSCertificate.

func (PEMBlocks) ApplyTo 

func (pb PEMBlocks) ApplyTo(conf *tls.Config, _ Target) error

ApplyTo adds the PEMBlocks certificates to the provided tls.Config.

func (PEMBlocks) IsEmpty 

func (pb PEMBlocks) IsEmpty() bool

func (PEMBlocks) LoadTLSCertificate 

func (pb PEMBlocks) LoadTLSCertificate() (*tls.Certificate, error)

LoadTLSCertificate parses the [PEMBlocks.Cert] and [PEMBlocks.Key] blocks using tls.X509KeyPair. The []byte values must contain valid PEM encoded data.

type TLSCertificateLoader 

type TLSCertificateLoader interface {
	LoadTLSCertificate() (*tls.Certificate, error)
}

TLSCertificateLoader loads a tls.Certificate from any source.

type TLSCertificateLoaderFunc 

type TLSCertificateLoaderFunc func() (*tls.Certificate, error)

TLSCertificateLoaderFunc loads a tls.Certificate from any source.

func (TLSCertificateLoaderFunc) LoadTLSCertificate 

func (fn TLSCertificateLoaderFunc) LoadTLSCertificate() (*tls.Certificate, error)

type Target 

type Target uint8

type X509CertificateLoader 

type X509CertificateLoader interface {
	LoadX509Certificate() (*x509.Certificate, error)
}

X509CertificateLoader loads a x509.Certificate from any source.

type X509CertificateLoaderFunc 

type X509CertificateLoaderFunc func() (*x509.Certificate, error)

X509CertificateLoaderFunc loads a x509.Certificate from any source.

func (X509CertificateLoaderFunc) LoadX509Certificate 

func (fn X509CertificateLoaderFunc) LoadX509Certificate() (*x509.Certificate, error)

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.