certificate

Documentation

Index

• Constants
• Variables
• func ValidCA(ca *CA) bool
• type CA
  • func BuildCAFromSecret(s *corev1.Secret) *CA
  • func NewCAConfigSecret(options CAOptions) (*CA, error)
  • func (ca *CA) GetEncodeCert() []byte
  • func (ca *CA) GetEncodePrivateKey() []byte
• type CAOptions

Constants

const (
	TlsKeyName  = "tls.key"
	TLsCertName = "tls.crt"
)

Variables

var (
	// SerialNumberLimit is the maximum number used as a certificate serial number
	SerialNumberLimit    = new(big.Int).Lsh(big.NewInt(1), 128)
	DefaultExpireTimeout = 365 * 24 * time.Hour
	UpdateCABefore       = 10 * time.Minute
)

var (
	Cert_Type       = "CERTIFICATE"
	PrivateKey_Type = "RSA PRIVATE KEY"
)

Functions

func ValidCA

func ValidCA(ca *CA) bool

check the CA is still valid. privateKey convert to publickey equals to config publickey, the certificate is not expired.

Types

type CA

type CA struct {

	//the struct of privateKey.
	PrivateKey *rsa.PrivateKey
	// the certificate used to issue new certificates
	Certificate *x509.Certificate
	// contains filtered or unexported fields
}

func BuildCAFromSecret

func BuildCAFromSecret(s *corev1.Secret) *CA

build from secret, the secret keys should contains tls.key, tls.

func NewCAConfigSecret

func NewCAConfigSecret(options CAOptions) (*CA, error)

create CA according to the options.

func (*CA) GetEncodeCert

func (ca *CA) GetEncodeCert() []byte

return the encode signed certificate.

func (*CA) GetEncodePrivateKey

func (ca *CA) GetEncodePrivateKey() []byte

return the encode signed key.

type CAOptions

type CAOptions struct {
	//Subject of location information to build.
	Subject pkix.Name
	//privateKey to be used for signing certificates(auto generated if not provided)
	PrivateKey *rsa.PrivateKey

	//all fully dns name for certificate.
	DnsNames []string
}