Documentation ¶
Overview ¶
Package tls contains utilities for generating certificates and authorities
Index ¶
- func CertKeyPairExists(name, dir string) (bool, error)
- func CertValid(commonName string, SANs []string, organizations []string, name, dir string) (warn []error, err error)
- func NewCACert(csrFile string, commonName string) (key, cert []byte, err error)
- func NewCert(ca *CA, req csr.CertificateRequest) (key, cert []byte, err error)
- func ReadCACert(name, dir string) (key, cert []byte, err error)
- func ReadCert(name, dir string) (*x509.Certificate, error)
- func WriteCert(key, cert []byte, name, dir string) error
- type CA
- type Subject
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func CertKeyPairExists ¶
CertKeyPairExists returns true if a key and matching certificate exist. Matching is defined as having the expected file names. No validation is performed on the actual bytes of the cert/key
func CertValid ¶ added in v1.2.0
func CertValid(commonName string, SANs []string, organizations []string, name, dir string) (warn []error, err error)
CertValid returns a list of validation warnings if the certificate values do not match the expected values. Validation rules: - common name: must match exactly - subject alternate names: the expected SANs must be a subset of the cert's SANs - organizations: the expected organizations must be a subset of the cert's organizations Subset validation is performed to allow operator to supply their own SANs and organizations Returns an error if trying to validate a cert that does not exist, or there is an issue reading or parsing the certificate
func NewCACert ¶
NewCACert creates a new Certificate Authority and returns it's private key and public certificate.
func NewCert ¶
func NewCert(ca *CA, req csr.CertificateRequest) (key, cert []byte, err error)
NewCert creates a new certificate/key pair using the CertificateAuthority provided
func ReadCACert ¶
ReadCACert read CA file
Types ¶
type CA ¶
type CA struct { // Key is the CA's private key. Key []byte // Password is the CA's private key password. Can be empty if not password is set. Password string // Cert is the CA's public certificate. Cert []byte // ConfigFile contains a cfssl configuration file for the Certificate Authority ConfigFile string // Profile to be used when signing with this Certificate Authority Profile string }
CA contains information about the Certificate Authority