Documentation ¶
Overview ¶
Package generator provides an interface and implementation to provision certificates.
Create an instance of certGenerator.
cg := SelfSignedCertGenerator{}
Generate the certificates.
certs, err := cg.Generate("foo.bar.com") if err != nil { // handle error }
Index ¶
Examples ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func ServiceToCommonName ¶
ServiceToCommonName generates the CommonName for the certificate when using a k8s service.
Example ¶
fmt.Println(ServiceToCommonName("myservicenamespace", "myservicename"))
Output: myservicename.myservicenamespace.svc
Types ¶
type Artifacts ¶
type Artifacts struct { // PEM encoded private key Key []byte // PEM encoded serving certificate Cert []byte // PEM encoded CA private key CAKey []byte // PEM encoded CA certificate CACert []byte }
Artifacts hosts a private key, its corresponding serving certificate and the CA certificate that signs the serving certificate.
type CertGenerator ¶
type CertGenerator interface { // Generate returns a Artifacts struct. Generate(CommonName string) (*Artifacts, error) // SetCA sets the PEM-encoded CA private key and CA cert for signing the generated serving cert. SetCA(caKey, caCert []byte) }
CertGenerator is an interface to provision the serving certificate.
type SelfSignedCertGenerator ¶
type SelfSignedCertGenerator struct {
// contains filtered or unexported fields
}
SelfSignedCertGenerator implements the certGenerator interface. It provisions self-signed certificates.
func (*SelfSignedCertGenerator) Generate ¶
func (cp *SelfSignedCertGenerator) Generate(commonName string) (*Artifacts, error)
Generate creates and returns a CA certificate, certificate and key for the server. serverKey and serverCert are used by the server to establish trust for clients, CA certificate is used by the client to verify the server authentication chain. The cert will be valid for 365 days.
func (*SelfSignedCertGenerator) SetCA ¶
func (cp *SelfSignedCertGenerator) SetCA(caKey, caCert []byte)
SetCA sets the PEM-encoded CA private key and CA cert for signing the generated serving cert.