Documentation ¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func Hash ¶
func Hash(crt *x509.Certificate) string
Hash calculates the SHA-256 hash of the Subject Public Key Information (SPKI) object in an x509 certificate (in DER encoding). It returns the full hash as a hex encoded string (suitable for passing to Set.Allow). See https://github.com/kubernetes/kubernetes/blob/f557e0f7e3ee9089769ed3f03187fdd4acbb9ac1/cmd/kubeadm/app/util/pubkeypin/pubkeypin.go
func NewSerialNumber ¶
NewSerialNumber generates a random serial number for an X.509 certificate.
Types ¶
type Certificate ¶
type Certificate struct { X509Certificate *x509.Certificate X509CertificatePEM []byte }
Certificate represents an X.509 certificate.
func NewCertificateFromCSR ¶
func NewCertificateFromCSR(ca *x509.Certificate, key *ecdsa.PrivateKey, csr *x509.CertificateRequest, setters ...Option) (crt *Certificate, err error)
NewCertificateFromCSR creates and signs X.509 certificate using the provided CSR.
type CertificateAuthority ¶
type CertificateAuthority struct { Crt *x509.Certificate CrtPEM []byte Key interface{} KeyPEM []byte }
CertificateAuthority represents a CA.
func NewSelfSignedCertificateAuthority ¶
func NewSelfSignedCertificateAuthority(setters ...Option) (ca *CertificateAuthority, err error)
NewSelfSignedCertificateAuthority creates a self-signed CA configured for server and client authentication.
type CertificateSigningRequest ¶
type CertificateSigningRequest struct { X509CertificateRequest *x509.CertificateRequest X509CertificateRequestPEM []byte }
CertificateSigningRequest represents a CSR.
func NewCertificateSigningRequest ¶
func NewCertificateSigningRequest(key *ecdsa.PrivateKey, setters ...Option) (csr *CertificateSigningRequest, err error)
NewCertificateSigningRequest creates a CSR. If the IPAddresses option is not specified, the CSR will be generated with the default value set in NewDefaultOptions.
type Key ¶
type Key struct { KeyPEM []byte // contains filtered or unexported fields }
Key represents an ECDSA private key.
type KeyPair ¶
type KeyPair struct {
*tls.Certificate
}
KeyPair represents a certificate and key pair.
func NewKeyPair ¶
func NewKeyPair(ca *x509.Certificate, key *ecdsa.PrivateKey, setters ...Option) (keypair *KeyPair, err error)
NewKeyPair generates a certificate signed by the provided CA, and an ECDSA private key. The certifcate and private key are then used to create an tls.X509KeyPair.
type Option ¶
type Option func(*Options)
Option is the functional option func.
func IPAddresses ¶
IPAddresses sets the value for the IP addresses in Subject Alternate Name of the certificate.
func Organization ¶
Organization sets the subject organization of the certificate.
func RSA ¶
RSA sets a flag for indicating that the requested operation should be performed under the context of RSA instead of the default ECDSA.
func SignatureAlgorithm ¶
func SignatureAlgorithm(o x509.SignatureAlgorithm) Option
SignatureAlgorithm sets the hash algorithm used to sign the SSL certificate.
type Options ¶
type Options struct { Organization string SignatureAlgorithm x509.SignatureAlgorithm IPAddresses []net.IP Bits int RSA bool NotAfter time.Time }
Options is the functional options struct.
func NewDefaultOptions ¶
NewDefaultOptions initializes the Options struct with default values.
type PEMEncodedCertificateAndKey ¶
PEMEncodedCertificateAndKey represents the PEM encoded certificate and private key pair.
func NewCertificateAndKeyFromFiles ¶
func NewCertificateAndKeyFromFiles(crt, key string) (p *PEMEncodedCertificateAndKey, err error)
NewCertificateAndKeyFromFiles initializes and returns a PEMEncodedCertificateAndKey from the path to a crt and key.
func (*PEMEncodedCertificateAndKey) MarshalYAML ¶
func (p *PEMEncodedCertificateAndKey) MarshalYAML() (interface{}, error)
MarshalYAML implements the yaml.Marshaler interface for PEMEncodedCertificateAndKey. It is expected that the Crt and Key are a base64 encoded string in the YAML file. This function encodes the byte slices into strings
func (*PEMEncodedCertificateAndKey) UnmarshalYAML ¶
func (p *PEMEncodedCertificateAndKey) UnmarshalYAML(unmarshal func(interface{}) error) error
UnmarshalYAML implements the yaml.Unmarshaler interface for PEMEncodedCertificateAndKey. It is expected that the Crt and Key are a base64 encoded string in the YAML file. This function decodes the strings into byte slices.