pki

package
v0.5.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Nov 15, 2018 License: Apache-2.0 Imports: 15 Imported by: 34

Documentation

Index

Constants

View Source 
const (
	MinRSAKeySize = 2048
	MaxRSAKeySize = 8192

	ECCurve256 = 256
	ECCurve384 = 384
	ECCurve521 = 521
)

Variables

This section is empty.

Functions

func CommonNameForCertificate 

func CommonNameForCertificate(crt *v1alpha1.Certificate) string

func DNSNamesForCertificate 

func DNSNamesForCertificate(crt *v1alpha1.Certificate) []string

func DecodeDERCertificateBytes added in v0.1.0 

func DecodeDERCertificateBytes(derBytes []byte) (*x509.Certificate, error)

func DecodePKCS1PrivateKeyBytes 

func DecodePKCS1PrivateKeyBytes(keyBytes []byte) (*rsa.PrivateKey, error)

func DecodePrivateKeyBytes 

func DecodePrivateKeyBytes(keyBytes []byte) (crypto.PrivateKey, error)

func DecodeX509CertificateBytes 

func DecodeX509CertificateBytes(certBytes []byte) (*x509.Certificate, error)

func EncodeCSR 

func EncodeCSR(template *x509.CertificateRequest, key interface{}) ([]byte, error)

func EncodeECPrivateKey 

func EncodeECPrivateKey(pk *ecdsa.PrivateKey) ([]byte, error)

func EncodePKCS1PrivateKey 

func EncodePKCS1PrivateKey(pk *rsa.PrivateKey) []byte

func EncodePrivateKey 

func EncodePrivateKey(pk crypto.PrivateKey) ([]byte, error)

func GenerateCSR 

func GenerateCSR(issuer v1alpha1.GenericIssuer, crt *v1alpha1.Certificate) (*x509.CertificateRequest, error)

func GenerateECPrivateKey 

func GenerateECPrivateKey(keySize int) (*ecdsa.PrivateKey, error)

func GeneratePrivateKeyForCertificate 

func GeneratePrivateKeyForCertificate(crt *v1alpha1.Certificate) (crypto.PrivateKey, error)

func GenerateRSAPrivateKey 

func GenerateRSAPrivateKey(keySize int) (*rsa.PrivateKey, error)

func GenerateTemplate 

func GenerateTemplate(issuer v1alpha1.GenericIssuer, crt *v1alpha1.Certificate, serialNo *big.Int) (*x509.Certificate, error)

GenerateTemplate will create a x509.Certificate for the given Certificate resource. This should create a Certificate template that is equivalent to the CertificateRequest generated by GenerateCSR. The PublicKey field must be populated by the caller.

func OrganizationForCertificate 

func OrganizationForCertificate(crt *v1alpha1.Certificate) []string

func PublicKeyForPrivateKey 

func PublicKeyForPrivateKey(pk crypto.PrivateKey) (crypto.PublicKey, error)

func PublicKeyMatchesCertificate 

func PublicKeyMatchesCertificate(check crypto.PublicKey, crt *x509.Certificate) (bool, error)

PublicKeyMatchesCertificate can be used to verify the given public key is the correct counter-part to the given x509 Certificate. It will return false and no error if the public key is *not* valid for the given Certificate. It will return true if the public key *is* valid for the given Certificate. It will return an error if either of the passed parameters are of an unrecognised type (i.e. non RSA/ECDSA)

func SignCertificate 

func SignCertificate(template *x509.Certificate, issuerCert *x509.Certificate, publicKey interface{}, signerKey interface{}) ([]byte, *x509.Certificate, error)

SignCertificate returns a signed x509.Certificate object for the given *v1alpha1.Certificate crt. publicKey is the public key of the signee, and signerKey is the private key of the signer.

func SignatureAlgorithm 

func SignatureAlgorithm(crt *v1alpha1.Certificate) (x509.SignatureAlgorithm, error)

Return the appropriate signature algorithm for the certificate Adapted from https://github.com/cloudflare/cfssl/blob/master/csr/csr.go#L102

Types

This section is empty.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.