tls

package

v1.12.0 Latest Latest Go to latest Published: Jun 28, 2018 License: Apache-2.0 Imports: 17 Imported by: 1

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/apprenda/kismatic

Documentation ¶

Overview ¶

Package tls contains utilities for generating certificates and authorities

Index ¶

func CertKeyPairExists(name, dir string) (bool, error)
func CertValid(commonName string, SANs []string, organizations []string, name, dir string) (warn []error, err error)
func NewCACert(csrFile string, commonName string, expiry string) (key, cert []byte, err error)
func NewCert(ca *CA, req csr.CertificateRequest, expiry time.Duration) (key, cert []byte, err error)
func ReadCACert(name, dir string) (key, cert []byte, err error)
func ReadCert(name, dir string) (*x509.Certificate, error)
func WriteCert(key, cert []byte, name, dir string) error
type CA
type Subject

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func CertKeyPairExists ¶

func CertKeyPairExists(name, dir string) (bool, error)

CertKeyPairExists returns true if a key and matching certificate exist. Matching is defined as having the expected file names. No validation is performed on the actual bytes of the cert/key

func CertValid ¶ added in v1.2.0

func CertValid(commonName string, SANs []string, organizations []string, name, dir string) (warn []error, err error)

CertValid returns a list of validation warnings if the certificate values do not match the expected values. Validation rules: - common name: must match exactly - subject alternate names: the expected SANs must be a subset of the cert's SANs - organizations: the expected organizations must be a subset of the cert's organizations Subset validation is performed to allow operator to supply their own SANs and organizations Returns an error if trying to validate a cert that does not exist, or there is an issue reading or parsing the certificate

func NewCACert ¶

func NewCACert(csrFile string, commonName string, expiry string) (key, cert []byte, err error)

NewCACert creates a new Certificate Authority and returns it's private key and public certificate.

func NewCert ¶

func NewCert(ca *CA, req csr.CertificateRequest, expiry time.Duration) (key, cert []byte, err error)

NewCert creates a new certificate/key pair using the CertificateAuthority provided

func ReadCACert ¶

func ReadCACert(name, dir string) (key, cert []byte, err error)

ReadCACert read CA file

func ReadCert ¶ added in v1.4.0

func ReadCert(name, dir string) (*x509.Certificate, error)

ReadCert reads the certificate with the given name in the provided directory.

func WriteCert ¶

func WriteCert(key, cert []byte, name, dir string) error

WriteCert writes cert and key files

Types ¶

type CA ¶

type CA struct {
	// Key is the CA's private key.
	Key []byte
	// Password is the CA's private key password. Can be empty if not password is set.
	Password string
	// Cert is the CA's public certificate.
	Cert []byte
}

CA contains information about the Certificate Authority

type Subject ¶

type Subject struct {
	Country            string
	State              string
	Locality           string
	Organization       string
	OrganizationalUnit string
}

The Subject contains the fields of the X.509 Subject

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL