Documentation ¶
Index ¶
- func GenerateSubjectKeyID(pub crypto.PublicKey) ([]byte, error)
- func ParseAndValidateIPs(ipList string) (res []net.IP, err error)
- type Certificate
- func CreateCertificateAuthority(key *Key, organizationalUnit string, years int, organization string, ...) (*Certificate, error)
- func CreateCertificateHost(crtAuth *Certificate, keyAuth *Key, csr *CertificateSigningRequest, years int) (*Certificate, error)
- func NewCertificateFromDER(derBytes []byte) *Certificate
- func NewCertificateFromPEM(data []byte) (c *Certificate, err error)
- type CertificateAuthorityInfo
- type CertificateRevocationList
- type CertificateSigningRequest
- func CreateCertificateSigningRequest(key *Key, organizationalUnit string, ipList []net.IP, domainList []string, ...) (*CertificateSigningRequest, error)
- func NewCertificateSigningRequestFromDER(derBytes []byte) *CertificateSigningRequest
- func NewCertificateSigningRequestFromPEM(data []byte) (*CertificateSigningRequest, error)
- type Key
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func GenerateSubjectKeyID ¶
GenerateSubjectKeyID generates SubjectKeyId used in Certificate Id is 160-bit SHA-1 hash of the value of the BIT STRING subjectPublicKey
Types ¶
type Certificate ¶
type Certificate struct {
// contains filtered or unexported fields
}
Certificate is a wrapper around a x509 Certificate and its DER-formatted bytes
func CreateCertificateAuthority ¶
func CreateCertificateAuthority(key *Key, organizationalUnit string, years int, organization string, country string, province string, locality string, commonName string) (*Certificate, error)
CreateCertificateAuthority creates Certificate Authority using existing key. CertificateAuthorityInfo returned is the extra infomation required by Certificate Authority.
func CreateCertificateHost ¶
func CreateCertificateHost(crtAuth *Certificate, keyAuth *Key, csr *CertificateSigningRequest, years int) (*Certificate, error)
CreateCertificateHost creates certificate for host. The arguments include CA certificate, CA key, certificate request.
func NewCertificateFromDER ¶
func NewCertificateFromDER(derBytes []byte) *Certificate
NewCertificateFromDER inits Certificate from DER-format bytes
func NewCertificateFromPEM ¶
func NewCertificateFromPEM(data []byte) (c *Certificate, err error)
NewCertificateFromPEM inits Certificate from PEM-format bytes data should contain at most one certificate
func (*Certificate) CheckAuthority ¶
func (c *Certificate) CheckAuthority() error
CheckAuthority checks the authority of certificate against itself. It only ensures that certificate is self-explanatory, and cannot promise the validity and security.
func (*Certificate) Export ¶
func (c *Certificate) Export() ([]byte, error)
Export returns PEM-format bytes
func (*Certificate) GetExpirationDuration ¶
func (c *Certificate) GetExpirationDuration() time.Duration
GetExpirationDuration gets time duration before expiration
func (*Certificate) GetRawCertificate ¶
func (c *Certificate) GetRawCertificate() (*x509.Certificate, error)
GetRawCertificate returns a copy of this certificate as an x509.Certificate
func (*Certificate) VerifyHost ¶
func (c *Certificate) VerifyHost(hostCert *Certificate, name string) error
VerifyHost verifies the host certificate using host name. Only certificate of authority could call this function successfully. Current implementation allows one CA and direct hosts only, so the organization is always this:
CA host1 host2 host3
type CertificateAuthorityInfo ¶
type CertificateAuthorityInfo struct { // SerialNumber that has been used so far // Recorded to ensure all serial numbers issued by the CA are different SerialNumber *big.Int }
CertificateAuthorityInfo includes extra information required for CA
func NewCertificateAuthorityInfo ¶
func NewCertificateAuthorityInfo(serialNumber int64) *CertificateAuthorityInfo
NewCertificateAuthorityInfo creates a new CertifaceAuthorityInfo with the given serial number
func NewCertificateAuthorityInfoFromJSON ¶
func NewCertificateAuthorityInfoFromJSON(data []byte) (*CertificateAuthorityInfo, error)
NewCertificateAuthorityInfoFromJSON creates a new CertifaceAuthorityInfo with the given JSON information
func (*CertificateAuthorityInfo) Export ¶
func (n *CertificateAuthorityInfo) Export() ([]byte, error)
Export transfers the serial number to a JSON format
func (*CertificateAuthorityInfo) IncSerialNumber ¶
func (n *CertificateAuthorityInfo) IncSerialNumber()
IncSerialNumber increments the given CA Info's serial number
type CertificateRevocationList ¶
type CertificateRevocationList struct {
// contains filtered or unexported fields
}
CertificateSigningRequest is a wrapper around a x509 CertificateRequest and its DER-formatted bytes
func CreateCertificateRevocationList ¶
func CreateCertificateRevocationList(key *Key, ca *Certificate, years int) (*CertificateRevocationList, error)
func NewCertificateRevocationListFromDER ¶
func NewCertificateRevocationListFromDER(derBytes []byte) *CertificateRevocationList
NewCertificateRevocationListFromDER inits CertificateRevocationList from DER-format bytes
func NewCertificateRevocationListFromPEM ¶
func NewCertificateRevocationListFromPEM(data []byte) (*CertificateRevocationList, error)
NewCertificateRevocationListFromPEM inits CertificateRevocationList from PEM-format bytes
func (*CertificateRevocationList) Export ¶
func (c *CertificateRevocationList) Export() ([]byte, error)
Export returns PEM-format bytes
type CertificateSigningRequest ¶
type CertificateSigningRequest struct {
// contains filtered or unexported fields
}
CertificateSigningRequest is a wrapper around a x509 CertificateRequest and its DER-formatted bytes
func CreateCertificateSigningRequest ¶
func CreateCertificateSigningRequest(key *Key, organizationalUnit string, ipList []net.IP, domainList []string, organization string, country string, province string, locality string, commonName string) (*CertificateSigningRequest, error)
CreateCertificateSigningRequest sets up a request to create a csr file with the given parameters
func NewCertificateSigningRequestFromDER ¶
func NewCertificateSigningRequestFromDER(derBytes []byte) *CertificateSigningRequest
NewCertificateSigningRequestFromDER inits CertificateSigningRequest from DER-format bytes
func NewCertificateSigningRequestFromPEM ¶
func NewCertificateSigningRequestFromPEM(data []byte) (*CertificateSigningRequest, error)
NewCertificateSigningRequestFromPEM inits CertificateSigningRequest from PEM-format bytes data should contain at most one certificate
func (*CertificateSigningRequest) CheckSignature ¶
func (c *CertificateSigningRequest) CheckSignature() error
CheckSignature verifies that the signature is a valid signature using the public key in CertificateSigningRequest.
func (*CertificateSigningRequest) Export ¶
func (c *CertificateSigningRequest) Export() ([]byte, error)
Export returns PEM-format bytes
func (*CertificateSigningRequest) GetRawCertificateSigningRequest ¶
func (c *CertificateSigningRequest) GetRawCertificateSigningRequest() (*x509.CertificateRequest, error)
GetRawCertificateSigningRequest returns a copy of this certificate request as an x509.CertificateRequest.
type Key ¶
type Key struct { Public crypto.PublicKey Private crypto.PrivateKey }
Key contains a public-private keypair
func CreateRSAKey ¶
CreateRSAKey creates a new Key using RSA algorithm
func NewKey ¶
func NewKey(pub crypto.PublicKey, priv crypto.PrivateKey) *Key
NewKey returns a new public-private keypair Key type
func NewKeyFromEncryptedPrivateKeyPEM ¶
NewKeyFromEncryptedPrivateKeyPEM inits Key from encrypted PEM-format rsa private key bytes
func NewKeyFromPrivateKeyPEM ¶
NewKeyFromPrivateKeyPEM inits Key from PEM-format rsa private key bytes
func (*Key) ExportEncryptedPrivate ¶
ExportEncryptedPrivate exports encrypted PEM-format private key
func (*Key) ExportPrivate ¶
ExportPrivate exports PEM-format private key