cert

package
v0.0.0-...-f00fe5a Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Feb 26, 2025 License: MIT Imports: 10 Imported by: 0

Documentation

Index

Constants

View Source
const (
	DNSNamePrefix = "e"
)

DNSNamePrefix is prepended to all encoded public keys in certificate DNS names

Variables

This section is empty.

Functions

func EncodePubKeyToDNS

func EncodePubKeyToDNS(pubKey ed25519.PublicKey) string

EncodePubKeyToDNS encodes an Ed25519 public key into a DNS name. The format is: "e" + base32(pubKey) with custom alphabet.

Types

type Config

type Config struct {
	// PublicKey is the Ed25519 public key to embed in the certificate
	PublicKey ed25519.PublicKey
	// PrivateKey is used to sign the certificate
	PrivateKey ed25519.PrivateKey
	// CertValidityPeriod defines how long the certificate remains valid
	CertValidityPeriod time.Duration
}

Config contains the parameters needed for certificate generation.

type Generator

type Generator struct {
	// contains filtered or unexported fields
}

Generator creates TLS certificates with Ed25519 keys and encoded DNS names.

func NewGenerator

func NewGenerator(config Config) *Generator

NewGenerator creates a new certificate generator with the given configuration.

func (*Generator) GenerateCertificate

func (g *Generator) GenerateCertificate() (*tls.Certificate, error)

GenerateCertificate creates a new self-signed TLS certificate. The certificate: - Uses Ed25519 for key and signature - Includes the encoded public key as DNS name - Is valid for the configured duration - Supports both server and client authentication

type Validator

type Validator struct{}

Validator checks certificates for compliance with protocol requirements. Implements the transport.CertValidator interface.

func NewValidator

func NewValidator() *Validator

NewValidator creates a new certificate validator.

func (*Validator) ExtractPublicKey

func (v *Validator) ExtractPublicKey(cert *x509.Certificate) (ed25519.PublicKey, error)

ExtractPublicKey retrieves the Ed25519 public key from a certificate. Returns an error if the certificate doesn't use an Ed25519 key.

func (*Validator) ValidateCertificate

func (v *Validator) ValidateCertificate(cert *x509.Certificate) error

ValidateCertificate checks if a certificate meets the protocol requirements: - Uses Ed25519 for signatures - Contains exactly one DNS name - DNS name matches encoded public key format - Certificate is within its validity period

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL