Documentation
¶
Overview ¶
package authority implements X509 certificate authority features
Index ¶
- func GenerateCSR(req csr.CertificateRequest, privateKeyPEM []byte) (csrBytes []byte, key []byte, err error)
- func ProcessCSR(req signer.SignRequest, ttl time.Duration, certAuthority *TLSKeyPair) ([]byte, error)
- type ExistingKey
- type TLSKeyPair
- func GenerateCertificate(req csr.CertificateRequest, certAuthority *TLSKeyPair, privateKeyPEM []byte, ...) (*TLSKeyPair, error)
- func GenerateCertificateWithExtensions(req csr.CertificateRequest, certAuthority *TLSKeyPair, privateKeyPEM []byte, ...) (*TLSKeyPair, error)
- func GenerateSelfSignedCA(req csr.CertificateRequest) (*TLSKeyPair, error)
- func NewTLSKeyPair(keyPath, certPath string) (*TLSKeyPair, error)
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func GenerateCSR ¶
func GenerateCSR(req csr.CertificateRequest, privateKeyPEM []byte) (csrBytes []byte, key []byte, err error)
GenerateCSR generates new certificate signing request for existing key if supplied or generates new private key otherwise
func ProcessCSR ¶
func ProcessCSR(req signer.SignRequest, ttl time.Duration, certAuthority *TLSKeyPair) ([]byte, error)
ProcessCSR processes CSR (certificate sign request) with given cert authority
Types ¶
type ExistingKey ¶
type ExistingKey struct {
// contains filtered or unexported fields
}
ExistingKey tells signer to use existing key instead
func NewExistingKey ¶
func NewExistingKey(keyPEM []byte) (*ExistingKey, error)
func (*ExistingKey) Algo ¶
func (kr *ExistingKey) Algo() string
Algo returns the requested key algorithm represented as a string.
func (*ExistingKey) Generate ¶
func (kr *ExistingKey) Generate() (crypto.PrivateKey, error)
Generate generates a key as specified in the request. Currently, only ECDSA and RSA are supported.
func (*ExistingKey) SigAlgo ¶
func (kr *ExistingKey) SigAlgo() x509.SignatureAlgorithm
SigAlgo returns an appropriate X.509 signature algorithm given the key request's type and size.
type TLSKeyPair ¶
type TLSKeyPair struct {
// KeyPEM is private key PEM encoded contents
KeyPEM []byte
// CertPEM is certificate PEM encoded contents
CertPEM []byte
}
TLSKeyPair is a pair with TLS private key and certificate
func GenerateCertificate ¶
func GenerateCertificate(req csr.CertificateRequest, certAuthority *TLSKeyPair, privateKeyPEM []byte, validFor time.Duration) (*TLSKeyPair, error)
GenerateCertificate generates a certificate/key pair signed by the provided CA, if privateKeyPEM is provided, uses the key instead of generating it
func GenerateCertificateWithExtensions ¶
func GenerateCertificateWithExtensions(req csr.CertificateRequest, certAuthority *TLSKeyPair, privateKeyPEM []byte, validFor time.Duration, extensions []signer.Extension) (*TLSKeyPair, error)
GenerateCertificateWithExtensions is like GenerateCertificate but allows to specify extensions to include into generated certificate
func GenerateSelfSignedCA ¶
func GenerateSelfSignedCA(req csr.CertificateRequest) (*TLSKeyPair, error)
GenerateSelfSignedCA generates self signed certificate authority
func NewTLSKeyPair ¶
func NewTLSKeyPair(keyPath, certPath string) (*TLSKeyPair, error)
NewTLSKeyPair returns a new TLSKeyPair with private key and certificate found at the provided paths
Source Files