generator

package

v1.119.0 Latest Latest Go to latest Published: Jun 18, 2024 License: Apache-2.0 Imports: 14 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/GoogleCloudPlatform/k8s-config-connector

Links

Open Source Insights

Documentation ¶

Overview ¶

Package generator provides an interface and implementation to provision certificates.

Create an instance of certGenerator.

cg := SelfSignedCertGenerator{}

Generate the certificates.

certs, err := cg.Generate("foo.bar.com")
if err != nil {
	// handle error
}

Index ¶

func NewPrivateKey() (*rsa.PrivateKey, error)
func NewSelfSignedCACert(cfg cert.Config, key crypto.Signer) (*x509.Certificate, error)
func ServiceToCommonName(serviceNamespace, serviceName string) string
func ValidCACert(key, cert, caCert []byte, dnsName string, time time.Time) bool
type Artifacts
type CertGenerator
type SelfSignedCertGenerator
- func (cp *SelfSignedCertGenerator) Generate(commonName string) (*Artifacts, error)
- func (cp *SelfSignedCertGenerator) SetCA(caKey, caCert []byte)

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func NewPrivateKey ¶

func NewPrivateKey() (*rsa.PrivateKey, error)

func NewSelfSignedCACert ¶

func NewSelfSignedCACert(cfg cert.Config, key crypto.Signer) (*x509.Certificate, error)

NewSelfSignedCACert creates a self signed CA certificate

func ServiceToCommonName ¶

func ServiceToCommonName(serviceNamespace, serviceName string) string

ServiceToCommonName generates the CommonName for the certificate when using a k8s service.

func ValidCACert ¶

func ValidCACert(key, cert, caCert []byte, dnsName string, time time.Time) bool

ValidCACert think cert and key are valid if they meet the following requirements: - key and cert are valid pair - caCert is the root ca of cert - cert is for dnsName - cert won't expire before time

Types ¶

type Artifacts ¶

type Artifacts struct {
	// PEM encoded private key
	Key []byte
	// PEM encoded serving certificate
	Cert []byte
	// PEM encoded CA private key
	CAKey []byte
	// PEM encoded CA certificate
	CACert []byte
}

Artifacts hosts a private key, its corresponding serving certificate and the CA certificate that signs the serving certificate.

type CertGenerator ¶

type CertGenerator interface {
	// Generate returns a Artifacts struct.
	Generate(CommonName string) (*Artifacts, error)
	// SetCA sets the PEM-encoded CA private key and CA cert for signing the generated serving cert.
	SetCA(caKey, caCert []byte)
}

CertGenerator is an interface to provision the serving certificate.

type SelfSignedCertGenerator ¶

type SelfSignedCertGenerator struct {
	// contains filtered or unexported fields
}

SelfSignedCertGenerator implements the certGenerator interface. It provisions self-signed certificates.

func (*SelfSignedCertGenerator) Generate ¶

func (cp *SelfSignedCertGenerator) Generate(commonName string) (*Artifacts, error)

Generate creates and returns a CA certificate, certificate and key for the server. serverKey and serverCert are used by the server to establish trust for clients, CA certificate is used by the client to verify the server authentication chain. The cert will be valid for 365 days.

func (*SelfSignedCertGenerator) SetCA ¶

func (cp *SelfSignedCertGenerator) SetCA(caKey, caCert []byte)

SetCA sets the PEM-encoded CA private key and CA cert for signing the generated serving cert.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL