cert

package

v0.0.0-...-f00fe5a Latest Latest Go to latest Published: Feb 26, 2025 License: MIT Imports: 10 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/eigerco/strawberry

Documentation ¶

Index ¶

Constants
func EncodePubKeyToDNS(pubKey ed25519.PublicKey) string
type Config
type Generator
- func NewGenerator(config Config) *Generator
- func (g *Generator) GenerateCertificate() (*tls.Certificate, error)
type Validator
- func NewValidator() *Validator
- func (v *Validator) ExtractPublicKey(cert *x509.Certificate) (ed25519.PublicKey, error)
- func (v *Validator) ValidateCertificate(cert *x509.Certificate) error

Constants ¶

View Source

const (
	DNSNamePrefix = "e"
)

DNSNamePrefix is prepended to all encoded public keys in certificate DNS names

Variables ¶

This section is empty.

Functions ¶

func EncodePubKeyToDNS ¶

func EncodePubKeyToDNS(pubKey ed25519.PublicKey) string

EncodePubKeyToDNS encodes an Ed25519 public key into a DNS name. The format is: "e" + base32(pubKey) with custom alphabet.

Types ¶

type Config ¶

type Config struct {
	// PublicKey is the Ed25519 public key to embed in the certificate
	PublicKey ed25519.PublicKey
	// PrivateKey is used to sign the certificate
	PrivateKey ed25519.PrivateKey
	// CertValidityPeriod defines how long the certificate remains valid
	CertValidityPeriod time.Duration
}

Config contains the parameters needed for certificate generation.

type Generator ¶

type Generator struct {
	// contains filtered or unexported fields
}

Generator creates TLS certificates with Ed25519 keys and encoded DNS names.

func NewGenerator ¶

func NewGenerator(config Config) *Generator

NewGenerator creates a new certificate generator with the given configuration.

func (*Generator) GenerateCertificate ¶

func (g *Generator) GenerateCertificate() (*tls.Certificate, error)

GenerateCertificate creates a new self-signed TLS certificate. The certificate: - Uses Ed25519 for key and signature - Includes the encoded public key as DNS name - Is valid for the configured duration - Supports both server and client authentication

type Validator ¶

type Validator struct{}

Validator checks certificates for compliance with protocol requirements. Implements the transport.CertValidator interface.

func NewValidator ¶

func NewValidator() *Validator

NewValidator creates a new certificate validator.

func (*Validator) ExtractPublicKey ¶

func (v *Validator) ExtractPublicKey(cert *x509.Certificate) (ed25519.PublicKey, error)

ExtractPublicKey retrieves the Ed25519 public key from a certificate. Returns an error if the certificate doesn't use an Ed25519 key.

func (*Validator) ValidateCertificate ¶

func (v *Validator) ValidateCertificate(cert *x509.Certificate) error

ValidateCertificate checks if a certificate meets the protocol requirements: - Uses Ed25519 for signatures - Contains exactly one DNS name - DNS name matches encoded public key format - Certificate is within its validity period

Source Files ¶

View all Source files

cert.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL