certificate

package
v3.18.4+incompatible Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Mar 26, 2019 License: Apache-2.0 Imports: 12 Imported by: 67

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func AllSupportedKeySizes

func AllSupportedKeySizes() []int

func GenerateECDSAPrivateKey

func GenerateECDSAPrivateKey(curve EllipticCurve) (*ecdsa.PrivateKey, error)

GenerateECDSAPrivateKey generates a new ecdsa private key using the curve specified

func GenerateRSAPrivateKey

func GenerateRSAPrivateKey(size int) (*rsa.PrivateKey, error)

GenerateRSAPrivateKey generates a new rsa private key using the size specified

func GenerateRequest

func GenerateRequest(request *Request, privateKey crypto.Signer) error

GenerateRequest generates a certificate request please use method Request.GenerateCSR() todo: remove usage from all libraries deprecated

func GetCertificatePEMBlock

func GetCertificatePEMBlock(cert []byte) *pem.Block

GetCertificatePEMBlock gets the certificate as a PEM data block

func GetCertificateRequestPEMBlock

func GetCertificateRequestPEMBlock(request []byte) *pem.Block

GetCertificateRequestPEMBlock gets the certificate request as a PEM data block

func GetEncryptedPrivateKeyPEMBock

func GetEncryptedPrivateKeyPEMBock(key interface{}, password []byte) (*pem.Block, error)

GetEncryptedPrivateKeyPEMBock gets the private key as an encrypted PEM data block

func GetPrivateKeyPEMBock

func GetPrivateKeyPEMBock(key interface{}) (*pem.Block, error)

GetPrivateKeyPEMBock gets the private key as a PEM data block

func PublicKey

func PublicKey(priv crypto.Signer) crypto.PublicKey

Types

type CSrOriginOption

type CSrOriginOption int
const (
	LocalGeneratedCSR CSrOriginOption = iota // local generation is default.
	ServiceGeneratedCSR
	UserProvidedCSR
)

type ChainOption

type ChainOption int

ChainOption represents the options to be used with the certificate chain

const (
	//ChainOptionRootLast specifies the root certificate should be in the last position of the chain
	ChainOptionRootLast ChainOption = iota
	//ChainOptionRootFirst specifies the root certificate should be in the first position of the chain
	ChainOptionRootFirst
	//ChainOptionIgnore specifies the chain should be ignored
	ChainOptionIgnore
)

func ChainOptionFromString

func ChainOptionFromString(order string) ChainOption

ChainOptionFromString converts the string to the corresponding ChainOption

type EllipticCurve

type EllipticCurve int

EllipticCurve represents the types of supported elliptic curves

const (
	//EllipticCurveP521 represents the P521 curve
	EllipticCurveP521 EllipticCurve = iota
	//EllipticCurveP224 represents the P224 curve
	EllipticCurveP224
	//EllipticCurveP256 represents the P256 curve
	EllipticCurveP256
	//EllipticCurveP384 represents the P384 curve
	EllipticCurveP384
	EllipticCurveDefault = EllipticCurveP521
)

func AllSupportedCurves

func AllSupportedCurves() []EllipticCurve

func (*EllipticCurve) Set

func (ec *EllipticCurve) Set(value string) error

Set the elliptic cuve value via a string

func (*EllipticCurve) String

func (ec *EllipticCurve) String() string

type ImportRequest

type ImportRequest struct {
	PolicyDN             string            `json:",omitempty"`
	ObjectName           string            `json:",omitempty"`
	CertificateData      string            `json:",omitempty"`
	PrivateKeyData       string            `json:",omitempty"`
	Password             string            `json:",omitempty"`
	Reconcile            bool              `json:",omitempty"`
	CASpecificAttributes map[string]string `json:",omitempty"`
}

type ImportResponse

type ImportResponse struct {
	CertificateDN      string `json:",omitempty"`
	CertificateVaultId int    `json:",omitempty"`
	Guid               string `json:",omitempty"`
	PrivateKeyVaultId  int    `json:",omitempty"`
}

type KeyType

type KeyType int

KeyType represents the types of supported keys

const (
	//KeyTypeRSA represents a key type of RSA
	KeyTypeRSA KeyType = iota
	//KeyTypeECDSA represents a key type of ECDSA
	KeyTypeECDSA
)

func (*KeyType) Set

func (kt *KeyType) Set(value string) error

Set the key type via a string

func (*KeyType) String

func (kt *KeyType) String() string

func (*KeyType) X509Type

func (kt *KeyType) X509Type() x509.PublicKeyAlgorithm

type PEMCollection

type PEMCollection struct {
	Certificate string   `json:",omitempty"`
	PrivateKey  string   `json:",omitempty"`
	Chain       []string `json:",omitempty"`
}

PEMCollection represents a collection of PEM data

func NewPEMCollection

func NewPEMCollection(certificate *x509.Certificate, privateKey interface{}, privateKeyPassword []byte) (*PEMCollection, error)

NewPEMCollection creates a PEMCollection based on the data being passed in

func PEMCollectionFromBytes

func PEMCollectionFromBytes(certBytes []byte, chainOrder ChainOption) (*PEMCollection, error)

PEMCollectionFromBytes creates a PEMCollection based on the data passed in

func (*PEMCollection) AddChainElement

func (col *PEMCollection) AddChainElement(certificate *x509.Certificate) error

AddChainElement adds a chain element to the collection

func (*PEMCollection) AddPrivateKey

func (col *PEMCollection) AddPrivateKey(privateKey interface{}, privateKeyPassword []byte) error

AddPrivateKey adds a Private Key to the PEMCollection. Note that the collection can only contain one private key

type RenewalRequest

type RenewalRequest struct {
	CertificateDN      string // these fields are for certificate lookup on remote
	Thumbprint         string
	CertificateRequest *Request // here CSR should be filled
}

type Request

type Request struct {
	Subject            pkix.Name
	DNSNames           []string
	EmailAddresses     []string
	IPAddresses        []net.IP
	Attributes         []pkix.AttributeTypeAndValueSET
	SignatureAlgorithm x509.SignatureAlgorithm
	PublicKeyAlgorithm x509.PublicKeyAlgorithm //deprecated
	FriendlyName       string
	KeyType            KeyType
	KeyLength          int
	KeyCurve           EllipticCurve
	CSR                []byte //should be pem encoded CSR
	PrivateKey         crypto.Signer
	CsrOrigin          CSrOriginOption
	PickupID           string
	ChainOption        ChainOption
	KeyPassword        string
	FetchPrivateKey    bool
	Thumbprint         string /* this one is here because *Request is used in RetrieveCertificate(),
	   it should be refactored so that RetrieveCertificate() uses
	   some abstract search object, instead of *Request{PickupID} */
	Timeout time.Duration
}

Request contains data needed to generate a certificate request CSR is pem encoded Certificate Signed Request

func NewRequest

func NewRequest(cert *x509.Certificate) *Request

func (*Request) CheckCertificate

func (request *Request) CheckCertificate(certPEM string) error

func (*Request) GenerateCSR

func (request *Request) GenerateCSR() error

func (*Request) GeneratePrivateKey

func (request *Request) GeneratePrivateKey() error

type RevocationRequest

type RevocationRequest struct {
	CertificateDN string
	Thumbprint    string
	Reason        string
	Comments      string
	Disable       bool
}

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL