2.0 KiB
agent/pkg/certs
Certificate management package for creating and extracting certificate archives.
Overview
This package provides utilities for packaging SSL certificates into ZIP archives and extracting them. It is used by the GoDoxy Agent to distribute certificates to clients in a convenient format.
Architecture
graph LR
A[Raw Certs] --> B[ZipCert]
B --> C[ZIP Archive]
C --> D[ca.pem]
C --> E[cert.pem]
C --> F[key.pem]
G[ZIP Archive] --> H[ExtractCert]
H --> I[ca, crt, key]
Public Functions
ZipCert
func ZipCert(ca, crt, key []byte) ([]byte, error)
Creates a ZIP archive containing three PEM files:
ca.pem- CA certificatecert.pem- Server/client certificatekey.pem- Private key
Parameters:
ca- CA certificate in PEM formatcrt- Certificate in PEM formatkey- Private key in PEM format
Returns:
- ZIP archive bytes
- Error if packing fails
ExtractCert
func ExtractCert(data []byte) (ca, crt, key []byte, err error)
Extracts certificates from a ZIP archive created by ZipCert.
Parameters:
data- ZIP archive bytes
Returns:
ca- CA certificate bytescrt- Certificate byteskey- Private key bytes- Error if extraction fails
AgentCertsFilepath
func AgentCertsFilepath(host string) (filepathOut string, ok bool)
Generates the file path for storing agent certificates.
Parameters:
host- Agent hostname
Returns:
- Full file path within
certs/directory falseif host is invalid (contains path separators or special characters)
isValidAgentHost
func isValidAgentHost(host string) bool
Validates that a host string is safe for use in file paths.
Constants
const AgentCertsBasePath = "certs"
Base directory for storing certificate archives.
File Format
The ZIP archive uses zip.Store compression (no compression) for fast creation and extraction. Each file is stored with its standard name (ca.pem, cert.pem, key.pem).