Documentation
¶
Index ¶
- type Authority
- type Certificate
- type Identity
- func (i *Identity) Fingerprint() [sha1.Size]byte
- func (i *Identity) IsSigned() bool
- func (i *Identity) IsValid() bool
- func (i *Identity) LoadCertificate(certBytes []byte) error
- func (i *Identity) LoadKey(pemBytes []byte) error
- func (i *Identity) LoadRequest(pemBytes []byte) error
- func (i *Identity) NewKey() error
- func (i *Identity) NewRequest() error
- type IdentityType
- type Key
- type PEMWriter
- type Request
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Authority ¶
type Authority struct {
Key *Key
Certificate *Certificate
Serial *big.Int
}
Authority holds the CA key, certificate & serial number New CAs can be created with the NewAuthority function, otherwise simply create an Authority object and assign the attributes using CertificateFromPEM, KeyFromPEM, and your own method of storing the serial number (i.e. in etcd)
func NewAuthority ¶
NewAuthority generates a new Authority that is used to sign other Certificates
type Certificate ¶
type Certificate struct {
*x509.Certificate
}
Certificate is our custom struct that we attach functionality to
func CertificateFromPEM ¶
func CertificateFromPEM(pemCert []byte) (*Certificate, error)
CertificateFromPEM takes a byte slice that contains a PEM encoded certificate and returns a composed Certificate
func CertificateFromTemplate ¶
func CertificateFromTemplate(template *x509.Certificate, parent *x509.Certificate, publicKey interface{}, privateKey *Key) (*Certificate, error)
CertificateFromTemplate takes a template, parent, public key & private key and returns a composed certificate. Generally this should be called from an Authority that takes care of filling in all of the details from higher level structs.
type Identity ¶
type Identity struct {
Id string
Key *Key
Certificate *Certificate
Request *Request
}
Identity is used to tie a node (Id) to a Key & Certificate, also holding a Request if needed
func NewIdentity ¶
NewIdentity returns a new Identity based on the node ID provided
func (*Identity) Fingerprint ¶
Returns the fingerprint (SHA1 byte array) of the certificate
func (*Identity) LoadCertificate ¶
Loads a certificate from a PEM encoded form
func (*Identity) LoadRequest ¶
Loads a signing request from a PEM encoded form
func (*Identity) NewRequest ¶
Generates a new signing request for this identity
type IdentityType ¶
type IdentityType int
IdentityType specifies the type of identity, which is used in determining KeyUsage constraints
const ( IdentityTypeDirector IdentityType = iota IdentityTypeAgent IdentityTypeClient )
type Key ¶
type Key struct {
*ecdsa.PrivateKey
}
Key is our custom type for an ecdsa private key
func KeyFromPEM ¶
KeyFromPEM returns a Key based on a slice of bytes that represent the PEM encoded version
func (*Key) GenerateSubjectKeyId ¶
GenerateSubjectKeyId generates SubjectKeyId used in Certificate Id is 160-bit SHA-1 hash of the value of the BIT STRING subjectPublicKey
type PEMWriter ¶
PEMWriter is an interface implemented by certs, keys & requests for saving their data in PEM format
type Request ¶
type Request struct {
*x509.CertificateRequest
}
func NewRequest ¶
func NewRequest(priv *Key, template *x509.CertificateRequest) (*Request, error)
NewRequest returns a new x509 signing request based on the provided template
Source Files