Documentation ¶
Index ¶
- Constants
- func CalculateDigest(data []byte) []byte
- func CreateCATemplate(clk clock.Clock, publicKey crypto.PublicKey, subject pkix.Name, ...) (*x509.Certificate, error)
- func CreateRootCATemplate(clk clock.Clock, subject pkix.Name, ttl time.Duration) (*x509.Certificate, error)
- func CreateX509Template(clk clock.Clock, publicKey crypto.PublicKey, subject pkix.Name, ...) (*x509.Certificate, error)
- func EncodeCertificate(cert *x509.Certificate) []byte
- func EncodeECPrivateKey(privateKey *ecdsa.PrivateKey) ([]byte, error)
- func EncodeRSAPrivateKey(privateKey *rsa.PrivateKey) []byte
- func GenerateSigner(keyType KeyType) (crypto.Signer, error)
- func LoadCertificate(path string) (*x509.Certificate, error)
- func LoadCertificates(path string) ([]*x509.Certificate, error)
- func LoadECPrivateKey(path string) (crypto.PrivateKey, error)
- func LoadPrivateKey(path string) (crypto.PrivateKey, error)
- func LoadRSAPrivateKey(path string) (crypto.PrivateKey, error)
- func NewSerialNumber() (*big.Int, error)
- func ParseCertificate(pemBytes []byte) (*x509.Certificate, error)
- func ParseCertificates(pemBytes []byte) ([]*x509.Certificate, error)
- func ParseECPrivateKey(derBytes []byte) (crypto.PrivateKey, error)
- func ParseECPrivateKeyPEM(pemBlocks []byte) (interface{}, error)
- func ParseRSAPrivateKey(derBytes []byte) (crypto.PrivateKey, error)
- func ParseRSAPrivateKeyPEM(pemBlocks []byte) (interface{}, error)
- func SelfSignX509(template *x509.Certificate) (*x509.Certificate, crypto.PrivateKey, error)
- func SignX509(template, parent *x509.Certificate, signerPrivateKey crypto.PrivateKey) (*x509.Certificate, error)
- func ValidateBundleDigest(payload, digest []byte) error
- func VerifyCertificatePrivateKey(cert *x509.Certificate, privateKey crypto.PrivateKey) error
- type KeyType
Constants ¶
const ( // DefaultKeyType is the default key type used for generating new keys in Galadriel. // TODO: investigate where this should be configurable. For now, this default type is centralized in this constant. DefaultKeyType = RSA2048 )
const ( // NotBeforeTolerance is used to allow for a small amount of clock skew when // validating the NotBefore field of a certificate. NotBeforeTolerance = 30 * time.Second )
Variables ¶
This section is empty.
Functions ¶
func CalculateDigest ¶
CalculateDigest calculates the SHA256 digest of the given data.
func CreateCATemplate ¶
func CreateCATemplate(clk clock.Clock, publicKey crypto.PublicKey, subject pkix.Name, ttl time.Duration) (*x509.Certificate, error)
CreateCATemplate creates a new x509.Certificate template for a CA certificate.
func CreateRootCATemplate ¶
func CreateRootCATemplate(clk clock.Clock, subject pkix.Name, ttl time.Duration) (*x509.Certificate, error)
CreateRootCATemplate creates a new x509.Certificate template for a root CA certificate.
func CreateX509Template ¶
func CreateX509Template(clk clock.Clock, publicKey crypto.PublicKey, subject pkix.Name, uris []*url.URL, dnsNames []string, ttl time.Duration) (*x509.Certificate, error)
CreateX509Template creates a new x509.Certificate template for a leaf certificate.
func EncodeCertificate ¶
func EncodeCertificate(cert *x509.Certificate) []byte
EncodeCertificate encodes the given x509.Certificate into PEM format.
func EncodeECPrivateKey ¶
func EncodeECPrivateKey(privateKey *ecdsa.PrivateKey) ([]byte, error)
EncodeECPrivateKey encodes an RSA private key in PEM format.
func EncodeRSAPrivateKey ¶
func EncodeRSAPrivateKey(privateKey *rsa.PrivateKey) []byte
EncodeRSAPrivateKey encodes an RSA private key in PEM format.
func GenerateSigner ¶
GenerateSigner generates a new key for the given key type.
func LoadCertificate ¶
func LoadCertificate(path string) (*x509.Certificate, error)
LoadCertificate loads a x509.Certificate from the given path.
func LoadCertificates ¶
func LoadCertificates(path string) ([]*x509.Certificate, error)
LoadCertificates loads one or more certificates into an []*x509.Certificate from a PEM file.
func LoadECPrivateKey ¶
func LoadECPrivateKey(path string) (crypto.PrivateKey, error)
LoadECPrivateKey loads an EC private key from a file.
func LoadPrivateKey ¶
func LoadPrivateKey(path string) (crypto.PrivateKey, error)
LoadPrivateKey loads a private key from file in PEM format. The key can be either an RSA or EC private key.
func LoadRSAPrivateKey ¶
func LoadRSAPrivateKey(path string) (crypto.PrivateKey, error)
LoadRSAPrivateKey loads an RSA private key from a file.
func NewSerialNumber ¶
NewSerialNumber returns a new random serial number in the range [1, 2^63-1].
func ParseCertificate ¶
func ParseCertificate(pemBytes []byte) (*x509.Certificate, error)
ParseCertificate parses a x509.Certificate from the given PEM bytes.
func ParseCertificates ¶
func ParseCertificates(pemBytes []byte) ([]*x509.Certificate, error)
ParseCertificates parses a list of x509.Certificates from the given PEM bytes.
func ParseECPrivateKey ¶
func ParseECPrivateKey(derBytes []byte) (crypto.PrivateKey, error)
ParseECPrivateKey parses an EC private key in PKCS #1, ASN.1 DER form.
func ParseECPrivateKeyPEM ¶
ParseECPrivateKeyPEM parses an RSA private key in PEM format.
func ParseRSAPrivateKey ¶
func ParseRSAPrivateKey(derBytes []byte) (crypto.PrivateKey, error)
ParseRSAPrivateKey parses an RSA private key in PKCS #1, ASN.1 DER form.
func ParseRSAPrivateKeyPEM ¶
ParseRSAPrivateKeyPEM parses an RSA private key in PEM format.
func SelfSignX509 ¶
func SelfSignX509(template *x509.Certificate) (*x509.Certificate, crypto.PrivateKey, error)
SelfSignX509 creates a new self-signed x509.Certificate based on the given template. Returns the signed certificate and the private key used to sign it.
func SignX509 ¶
func SignX509(template, parent *x509.Certificate, signerPrivateKey crypto.PrivateKey) (*x509.Certificate, error)
SignX509 creates a new x509.Certificate based on the given template. The parent certificate is the issuer of the new certificate. The signerPrivateKey is used to sign the new certificate.
func ValidateBundleDigest ¶
ValidateBundleDigest validates the given payload against the given digest.
func VerifyCertificatePrivateKey ¶
func VerifyCertificatePrivateKey(cert *x509.Certificate, privateKey crypto.PrivateKey) error
VerifyCertificatePrivateKey verifies that the private key matches the public key in the certificate.