certutil

package
v2.0.0+incompatible Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 1, 2019 License: MIT Imports: 14 Imported by: 0

Documentation

Overview

Package certutil contains helpers for working with x509 formatted certificates.

Index

Constants

View Source 
const (
	BlockTypeCertificate   = "CERTIFICATE"
	BlockTypeRSAPrivateKey = "RSA PRIVATE KEY"
)

BlockTypes

View Source 
const (
	DefaultCANotAfterYears     = 10
	DefaultClientNotAfterYears = 1
	DefaultServerNotAfterYears = 1
)

Not After defaults.

View Source 
const (
	ErrInvalidCertPEM exception.Class = "failed to add cert to pool as pem"
)

Errors

Variables

This section is empty.

Functions

func BytesWithError 

func BytesWithError(bytes []byte, err error) ([]byte, error)

BytesWithError returns a bytes error response with the error as an exception.

func CommonNamesForCertPEM 

func CommonNamesForCertPEM(certPEM []byte) ([]string, error)

CommonNamesForCertPEM returns the common names from a cert pair.

func ExtendEmptyPoolWithKeyPairCerts 

func ExtendEmptyPoolWithKeyPairCerts(keyPairs ...KeyPair) (*x509.CertPool, error)

ExtendEmptyPoolWithKeyPairCerts extends an empty pool with a given set of certs.

func ExtendSystemPoolWithKeyPairCerts 

func ExtendSystemPoolWithKeyPairCerts(keyPairs ...KeyPair) (*x509.CertPool, error)

ExtendSystemPoolWithKeyPairCerts extends the system ca pool with a given list of ca cert key pairs.

func MustBytes 

func MustBytes(contents []byte, err error) []byte

MustBytes panics on an error or returns the contents.

func NewClientConfig 

func NewClientConfig(clientCert KeyPair, certificateAuthorities []KeyPair) (*tls.Config, error)

NewClientConfig returns a new client config.

func ParseCertPEM 

func ParseCertPEM(certPem []byte) (output []*x509.Certificate, err error)

ParseCertPEM parses the cert portion of a cert pair.

func ReadFiles 

func ReadFiles(files ...string) (data [][]byte, err error)

ReadFiles reads a list of files as bytes.

Types

type CertBundle 

type CertBundle struct {
	PrivateKey      *rsa.PrivateKey
	PublicKey       *rsa.PublicKey
	Certificates    []x509.Certificate
	CertificateDERs [][]byte
}

CertBundle is the packet of information for a certificate.

func CreateCA 

func CreateCA(options ...CertOption) (*CertBundle, error)

CreateCA creates a ca cert bundle. The cert bundle can be used to generate client and server certificates.

func CreateClient 

func CreateClient(commonName string, ca *CertBundle, options ...CertOption) (*CertBundle, error)

CreateClient creates a client cert bundle associated with a given common name.

func CreateSelfServerCert added in v1.20201204.1 

func CreateSelfServerCert(commonName string, options ...CertOption) (*CertBundle, error)

CreateSelfServerCert creates a self signed server certificate bundle.

func CreateServer 

func CreateServer(commonName string, ca *CertBundle, options ...CertOption) (*CertBundle, error)

CreateServer creates a ca cert bundle.

func NewCertBundle 

func NewCertBundle(keyPair KeyPair) (*CertBundle, error)

NewCertBundle returns a new cert bundle from bytes. A "CertBundle" is the parsed public key, private key, and individual certificates for the pair.

func (CertBundle) CertPool 

func (cb CertBundle) CertPool() (*x509.CertPool, error)

CertPool returns the bundle as a cert pool.

func (CertBundle) CommonNames 

func (cb CertBundle) CommonNames() ([]string, error)

CommonNames returns the cert bundle common name(s).

func (*CertBundle) GenerateKeyPair added in v1.20201204.1 

func (cb *CertBundle) GenerateKeyPair() (output KeyPair, err error)

GenerateKeyPair returns a serialized key pair for the cert bundle.

func (*CertBundle) MustGenerateKeyPair added in v1.20201204.1 

func (cb *CertBundle) MustGenerateKeyPair() KeyPair

MustGenerateKeyPair returns a serialized version of the bundle as a key pair and panics if there is an error.

func (*CertBundle) WithParent 

func (cb *CertBundle) WithParent(parent *CertBundle)

WithParent adds a parent certificate to the chain.

func (CertBundle) WriteCertPem 

func (cb CertBundle) WriteCertPem(w io.Writer) error

WriteCertPem writes the public key portion of the cert to a given writer.

func (CertBundle) WriteKeyPem 

func (cb CertBundle) WriteKeyPem(w io.Writer) error

WriteKeyPem writes the certificate key as a pem.

type CertManager 

type CertManager struct {
	sync.Mutex
	TLSConfig   *tls.Config
	ClientCerts map[string][]byte
}

CertManager is a pool of client certs.

func NewCertManager 

func NewCertManager() *CertManager

NewCertManager returns a new cert manager.

func NewCertManagerWithKeyPairs 

func NewCertManagerWithKeyPairs(server KeyPair, cas []KeyPair, clientPairs ...KeyPair) (*CertManager, error)

NewCertManagerWithKeyPairs returns a new cert pool from key pairs.

func (*CertManager) AddClientCert 

func (cm *CertManager) AddClientCert(clientCert []byte) error

AddClientCert adds a client cert to the bunde and refreshes the bundle.

func (*CertManager) ClientCertUIDs 

func (cm *CertManager) ClientCertUIDs() (output []string)

ClientCertUIDs returns all the client cert uids.

func (*CertManager) GetConfigForClient 

func (cm *CertManager) GetConfigForClient(sni *tls.ClientHelloInfo) (config *tls.Config, _ error)

GetConfigForClient gets a tls config for a given client hello.

func (*CertManager) HasClientCert 

func (cm *CertManager) HasClientCert(uid string) (has bool)

HasClientCert returns if the manager has a client cert.

func (*CertManager) RemoveClientCert 

func (cm *CertManager) RemoveClientCert(uid string) error

RemoveClientCert removes a client cert by uid.

func (*CertManager) UpdateClientCerts 

func (cm *CertManager) UpdateClientCerts(clientCerts map[string][]byte) error

UpdateClientCerts sets the client cert bundle fully.

func (*CertManager) WithClientCertPool 

func (cm *CertManager) WithClientCertPool(pool *x509.CertPool) *CertManager

WithClientCertPool sets the client ca pool.

func (*CertManager) WithRootCAs 

func (cm *CertManager) WithRootCAs(pool *x509.CertPool) *CertManager

WithRootCAs sets the root ca pool.

func (*CertManager) WithServerCertificates 

func (cm *CertManager) WithServerCertificates(certs ...tls.Certificate) *CertManager

WithServerCertificates sets the server certificates.

type CertOption added in v1.20201204.1 

type CertOption func(csr *x509.Certificate)

CertOption is a modification of a certificate.

func OptAdditionalNames 

func OptAdditionalNames(dnsNames ...string) CertOption

OptAdditionalNames adds valid dns names for the cert.

func OptDNSNames added in v1.20201204.1 

func OptDNSNames(dnsNames ...string) CertOption

OptDNSNames sets valid dns names for the cert.

func OptIsCA added in v1.20201204.1 

func OptIsCA(isCA bool) CertOption

OptIsCA sets the is certificate authority flag.

func OptKeyUsage added in v1.20201204.1 

func OptKeyUsage(keyUsage x509.KeyUsage) CertOption

OptKeyUsage sets the key usage flags.

func OptNotAfter added in v1.20201204.1 

func OptNotAfter(notAfter time.Time) CertOption

OptNotAfter sets the not after time.

func OptNotBefore added in v1.20201204.1 

func OptNotBefore(notBefore time.Time) CertOption

OptNotBefore sets the not before time.

func OptSubjectCommonName added in v1.20201204.1 

func OptSubjectCommonName(commonName string) CertOption

OptSubjectCommonName sets the subject common name.

func OptSubjectCountry added in v1.20201204.1 

func OptSubjectCountry(country ...string) CertOption

OptSubjectCountry sets the subject country names.

func OptSubjectLocality added in v1.20201204.1 

func OptSubjectLocality(locality ...string) CertOption

OptSubjectLocality sets the subject locality names.

func OptSubjectOrganization added in v1.20201204.1 

func OptSubjectOrganization(organization ...string) CertOption

OptSubjectOrganization sets the subject organization names.

func OptSubjectProvince added in v1.20201204.1 

func OptSubjectProvince(province ...string) CertOption

OptSubjectProvince sets the subject province names.

type KeyPair 

type KeyPair struct {
	Cert     string `json:"cert,omitempty" yaml:"cert,omitempty"`
	CertPath string `json:"certPath,omitempty" yaml:"certPath,omitempty"`
	Key      string `json:"key,omitempty" yaml:"key,omitempty"`
	KeyPath  string `json:"keyPath,omitempty" yaml:"keyPath,omitempty"`
}

KeyPair is an x509 pem key pair as strings.

func (KeyPair) CertBytes 

func (kp KeyPair) CertBytes() ([]byte, error)

CertBytes returns the key pair cert bytes.

func (KeyPair) IsZero 

func (kp KeyPair) IsZero() bool

IsZero returns if the key pair is set or not.

func (KeyPair) KeyBytes 

func (kp KeyPair) KeyBytes() ([]byte, error)

KeyBytes returns the key pair key bytes.

func (KeyPair) String 

func (kp KeyPair) String() (output string)

String returns a string representation of the key pair.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.