Documentation
¶
Index ¶
Constants ¶
const (
DNSNamePrefix = "e"
)
DNSNamePrefix is prepended to all encoded public keys in certificate DNS names
Variables ¶
This section is empty.
Functions ¶
func EncodePubKeyToDNS ¶
EncodePubKeyToDNS encodes an Ed25519 public key into a DNS name. The format is: "e" + base32(pubKey) with custom alphabet.
Types ¶
type Config ¶
type Config struct { // PublicKey is the Ed25519 public key to embed in the certificate PublicKey ed25519.PublicKey // PrivateKey is used to sign the certificate PrivateKey ed25519.PrivateKey // CertValidityPeriod defines how long the certificate remains valid CertValidityPeriod time.Duration }
Config contains the parameters needed for certificate generation.
type Generator ¶
type Generator struct {
// contains filtered or unexported fields
}
Generator creates TLS certificates with Ed25519 keys and encoded DNS names.
func NewGenerator ¶
NewGenerator creates a new certificate generator with the given configuration.
func (*Generator) GenerateCertificate ¶
func (g *Generator) GenerateCertificate() (*tls.Certificate, error)
GenerateCertificate creates a new self-signed TLS certificate. The certificate: - Uses Ed25519 for key and signature - Includes the encoded public key as DNS name - Is valid for the configured duration - Supports both server and client authentication
type Validator ¶
type Validator struct{}
Validator checks certificates for compliance with protocol requirements. Implements the transport.CertValidator interface.
func NewValidator ¶
func NewValidator() *Validator
NewValidator creates a new certificate validator.
func (*Validator) ExtractPublicKey ¶
ExtractPublicKey retrieves the Ed25519 public key from a certificate. Returns an error if the certificate doesn't use an Ed25519 key.
func (*Validator) ValidateCertificate ¶
func (v *Validator) ValidateCertificate(cert *x509.Certificate) error
ValidateCertificate checks if a certificate meets the protocol requirements: - Uses Ed25519 for signatures - Contains exactly one DNS name - DNS name matches encoded public key format - Certificate is within its validity period