Categorygithub.com/openziti/identity
modulepackage
1.0.85
Repository: https://github.com/openziti/identity.git
Documentation: pkg.go.dev
Overview
Versions
1
Dependencies
19
Dependents
116
Files
1.2k SLOC

# README

Ziti Identity library

This library is an attempt to normalize identity configuration for various ziti components.

Configuration

It is expected that identity configuration is stored in JSON format and mapped to identity.IdentityConfig type

{
    "id": {
        "key": "file://{path}",
        "cert": "file://{path}",
        "server_cert": "file://{path}" // optional
        "ca": "file://{path}" // optional
    }
}

It allows different ways of specifying private keys and certificates

Keys

  • from file "key": "file://{path to key PEM file}", or "key": "{path to key PEM file}". Note, latter version supports relative paths
  • inline "key": "pem:------BEGIN EC PRIVATE KEY-----...."
  • engine for HW token support "key": "engine:{engine_id}?{engine options}"

Certificates

Applied to both ID/client and server certificates, as well as CA bundle config

  • from file "cert": "file://{path to cert PEM file}", or "server_cert": "{path to key PEM file}". Note, latter version supports relative paths
  • inline "cert": "pem:------BEGIN CERTIFICATE-----...."

Usage

Once IdentityConfig is loaded, it could be used to acquire actual TLS credentials

idCfg := cfg.ID // load config from somewhere
id, err := identity.LoadIdentity(idCfg)

cltCert = id.Cert() // tls.Certificate

# Packages

No description provided by the author
No description provided by the author
No description provided by the author

# Functions

AssembleServerChains takes in an array of certificates, finds all certificates with x509.ExtKeyUsageAny or x509.ExtKeyUsageServerAuth and builds an array of leaf-first chains.
ChainsToTlsCerts converts and array of x509 certificate chains to an array of tls.Certificates (which have their own internal arrays of raw certificates).
IsFile returns a file path from a given configuration value and true if the configuration value is a file.
IsRootCa returns true if a certificate is a root certificate (is a ca, distinguishing name match on subject/issuer, and is self-signed).
LoadCert will inspect the string property from an identity configuration and attempt to load an array of *x509.Certificate from there.
No description provided by the author
No description provided by the author
LoadKey will inspect the string property from an identity configuration and attempt to load a private key from there.
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
NewConfigFromMap will parse a standard identity configuration section that has been loaded from JSON/YAML/etc.
NewConfigFromMapWithPathContext performs the same checks as NewConfigFromMap but also allows a path context to be provided for error messages when parsing deep or complex configuration.
No description provided by the author

# Constants

No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author

# Structs

No description provided by the author
No description provided by the author
No description provided by the author
LazyIdentity will delay calling identity.LoadIdentity(config) till it is first accessed.
No description provided by the author
No description provided by the author

# Interfaces

No description provided by the author