certutil

package

v1.1.1 Latest Latest Go to latest Published: Feb 5, 2019 License: MIT Imports: 14 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/blend/go-sdk

Documentation ¶

Index ¶

Constants
func BytesWithError(bytes []byte, err error) ([]byte, error)
func CommonNamesForCertPEM(certPEM []byte) ([]string, error)
func ExtendEmptyPoolWithKeyPairCerts(keyPairs ...KeyPair) (*x509.CertPool, error)
func ExtendSystemPoolWithKeyPairCerts(keyPairs ...KeyPair) (*x509.CertPool, error)
func MustBytes(contents []byte, err error) []byte
func NewClientConfig(clientCert KeyPair, certificateAuthorities []KeyPair) (*tls.Config, error)
func ParseCertPEM(certPem []byte) (output []*x509.Certificate, err error)
func ReadFiles(files ...string) (data [][]byte, err error)
type CertBundle
type CertManager
- func NewCertManager() *CertManager
- func NewCertManagerWithKeyPairs(server KeyPair, cas []KeyPair, clientPairs ...KeyPair) (*CertManager, error)
type KeyPair

Constants ¶

View Source

const (
	BlockTypeCertificate   = "CERTIFICATE"
	BlockTypeRSAPrivateKey = "RSA PRIVATE KEY"
)

BlockTypes

View Source

const (
	ErrInvalidCertPEM exception.Class = "failed to add cert to pool as pem"
)

Errors

Variables ¶

This section is empty.

Functions ¶

func BytesWithError ¶

func BytesWithError(bytes []byte, err error) ([]byte, error)

BytesWithError returns a bytes error response with the error as an exception.

func CommonNamesForCertPEM ¶

func CommonNamesForCertPEM(certPEM []byte) ([]string, error)

CommonNamesForCertPEM returns the common names from a cert pair.

func ExtendEmptyPoolWithKeyPairCerts ¶

func ExtendEmptyPoolWithKeyPairCerts(keyPairs ...KeyPair) (*x509.CertPool, error)

ExtendEmptyPoolWithKeyPairCerts extends an empty pool with a given set of certs.

func ExtendSystemPoolWithKeyPairCerts ¶

func ExtendSystemPoolWithKeyPairCerts(keyPairs ...KeyPair) (*x509.CertPool, error)

ExtendSystemPoolWithKeyPairCerts extends the system ca pool with a given list of ca cert key pairs.

func MustBytes ¶

func MustBytes(contents []byte, err error) []byte

MustBytes panics on an error or returns the contents.

func NewClientConfig ¶

func NewClientConfig(clientCert KeyPair, certificateAuthorities []KeyPair) (*tls.Config, error)

NewClientConfig returns a new client config.

func ParseCertPEM ¶

func ParseCertPEM(certPem []byte) (output []*x509.Certificate, err error)

ParseCertPEM parses the cert portion of a cert pair.

func ReadFiles ¶

func ReadFiles(files ...string) (data [][]byte, err error)

ReadFiles reads a list of files as bytes.

Types ¶

type CertBundle ¶

type CertBundle struct {
	PrivateKey      *rsa.PrivateKey
	PublicKey       *rsa.PublicKey
	Certificates    []x509.Certificate
	CertificateDERs [][]byte
}

CertBundle is the packet of information for a certificate.

func CreateCA ¶

func CreateCA() (output CertBundle, err error)

CreateCA creates a ca cert bundle.

func CreateClient ¶

func CreateClient(commonName string, ca *CertBundle) (output CertBundle, err error)

CreateClient creates a client cert bundle associated with a given common name.

func CreateServer ¶

func CreateServer(commonName string, ca *CertBundle, alternateNames ...string) (output CertBundle, err error)

CreateServer creates a ca cert bundle.

func NewCertBundle ¶

func NewCertBundle(keyPair KeyPair) (*CertBundle, error)

NewCertBundle returns a new cert bundle from bytes.

func (CertBundle) CertPool ¶

func (cb CertBundle) CertPool() (*x509.CertPool, error)

CertPool returns the bundle as a cert pool.

func (CertBundle) CommonNames ¶

func (cb CertBundle) CommonNames() ([]string, error)

CommonNames returns the cert bundle common name(s).

func (*CertBundle) KeyPair ¶

func (cb *CertBundle) KeyPair() (output KeyPair, err error)

KeyPair returns a serialized key pair for the cert bundle.

func (*CertBundle) MustKeyPair ¶

func (cb *CertBundle) MustKeyPair() KeyPair

MustKeyPair returns a serialized version of the bundle as a key pair and panics if there is an error.

func (*CertBundle) WithParent ¶

func (cb *CertBundle) WithParent(parent *CertBundle)

WithParent adds a parent certificate to the chain.

func (CertBundle) WriteCertPem ¶

func (cb CertBundle) WriteCertPem(w io.Writer) error

WriteCertPem writes the public key portion of the cert to a given writer.

func (CertBundle) WriteKeyPem ¶

func (cb CertBundle) WriteKeyPem(w io.Writer) error

WriteKeyPem writes the certificate key as a pem.

type CertManager ¶

type CertManager struct {
	sync.Mutex
	TLSConfig   *tls.Config
	ClientCerts map[string][]byte
}

CertManager is a pool of client certs.

func NewCertManager ¶

func NewCertManager() *CertManager

NewCertManager returns a new cert manager.

func NewCertManagerWithKeyPairs ¶

func NewCertManagerWithKeyPairs(server KeyPair, cas []KeyPair, clientPairs ...KeyPair) (*CertManager, error)

NewCertManagerWithKeyPairs returns a new cert pool from key pairs.

func (*CertManager) AddClientCert ¶

func (cm *CertManager) AddClientCert(clientCert []byte) error

AddClientCert adds a client cert to the bunde and refreshes the bundle.

func (*CertManager) ClientCertUIDs ¶

func (cm *CertManager) ClientCertUIDs() (output []string)

ClientCertUIDs returns all the client cert uids.

func (*CertManager) GetConfigForClient ¶

func (cm *CertManager) GetConfigForClient(sni *tls.ClientHelloInfo) (config *tls.Config, _ error)

GetConfigForClient gets a tls config for a given client hello.

func (*CertManager) HasClientCert ¶

func (cm *CertManager) HasClientCert(uid string) (has bool)

HasClientCert returns if the manager has a client cert.

func (*CertManager) RemoveClientCert ¶

func (cm *CertManager) RemoveClientCert(uid string) error

RemoveClientCert removes a client cert by uid.

func (*CertManager) UpdateClientCerts ¶

func (cm *CertManager) UpdateClientCerts(clientCerts map[string][]byte) error

UpdateClientCerts sets the client cert bundle fully.

func (*CertManager) WithClientCertPool ¶

func (cm *CertManager) WithClientCertPool(pool *x509.CertPool) *CertManager

WithClientCertPool sets the client ca pool.

func (*CertManager) WithRootCAs ¶

func (cm *CertManager) WithRootCAs(pool *x509.CertPool) *CertManager

WithRootCAs sets the root ca pool.

func (*CertManager) WithServerCertificates ¶

func (cm *CertManager) WithServerCertificates(certs ...tls.Certificate) *CertManager

WithServerCertificates sets the server certificates.

type KeyPair ¶

type KeyPair struct {
	Cert     string `json:"cert,omitempty" yaml:"cert,omitempty"`
	CertPath string `json:"certPath,omitempty" yaml:"certPath,omitempty"`
	Key      string `json:"key,omitempty" yaml:"key,omitempty"`
	KeyPath  string `json:"keyPath,omitempty" yaml:"keyPath,omitempty"`
}

KeyPair is an x509 pem key pair as strings.

func (KeyPair) CertBytes ¶

func (kp KeyPair) CertBytes() ([]byte, error)

CertBytes returns the key pair cert bytes.

func (KeyPair) IsZero ¶

func (kp KeyPair) IsZero() bool

IsZero returns if the key pair is set or not.

func (KeyPair) KeyBytes ¶

func (kp KeyPair) KeyBytes() ([]byte, error)

KeyBytes returns the key pair key bytes.

func (KeyPair) String ¶

func (kp KeyPair) String() (output string)

String returns a string representation of the key pair.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL