Documentation
¶
Overview ¶
Package certutil contains utility code to parse and inspect cryptographic certificates.
In addition to utility code certutil defines all key types supported by acmeproxy.
The contents of certutil are intended for use in production as well as in test code.
Index ¶
- func AssertCertificateValid(t *testing.T, domain string, issuerCerts, certificate []byte)
- func AssertKeyBelongsToCertificate(t *testing.T, kt KeyType, certificate, key []byte)
- func CreateOpenSSLPrivateKey(t *testing.T, kt KeyType, keyPath string, pemEncode bool)
- func CreateOpenSSLSelfSignedCertificate(t *testing.T, commonName, keyFile, certFile string, pemEncode bool)
- func CreateSelfSignedCertificate(t *testing.T, cn string, pk crypto.PrivateKey) *x509.Certificate
- func KeyMust(key crypto.PrivateKey, err error) crypto.PrivateKey
- func NewPrivateKey(kt KeyType) (crypto.PrivateKey, error)
- func ParseCertificate(certificate []byte, pemDecode bool) (*x509.Certificate, error)
- func ReadCertificate(r io.Reader, pemDecode bool) (*x509.Certificate, error)
- func ReadCertificateFromFile(path string, pemDecode bool) (*x509.Certificate, error)
- func ReadPrivateKey(kt KeyType, r io.Reader, pemDecode bool) (crypto.PrivateKey, error)
- func ReadPrivateKeyFromFile(kt KeyType, path string, pemDecode bool) (crypto.PrivateKey, error)
- func WriteCertificate(cert *x509.Certificate, w io.Writer, pemEncode bool) error
- func WriteCertificateForTesting(t *testing.T, certFile string, cn string, pk crypto.PrivateKey, pemEncode bool) *x509.Certificate
- func WriteCertificateToFile(cert *x509.Certificate, path string, pemEncode bool) error
- func WritePrivateKey(key crypto.PrivateKey, w io.Writer, pemEncode bool) error
- func WritePrivateKeyForTesting(t *testing.T, keyFile string, kt KeyType, pemEncode bool) crypto.PrivateKey
- func WritePrivateKeyToFile(key crypto.PrivateKey, path string, pemEncode bool) error
- type KeyType
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func AssertCertificateValid ¶
AssertCertificateValid asserts that the certificate was signed by using the issuerCerts for the domain.
func AssertKeyBelongsToCertificate ¶
AssertKeyBelongsToCertificate asserts that the key belongs to the certificate.
func CreateOpenSSLPrivateKey ¶
CreateOpenSSLPrivateKey creates private key files using OpenSSL.
This is especially useful for testing: in order to test reading key files we need such files. Writing them with our own code seems awkward. Therefore we use openssl to write those files. The files are checked into version control to allow the tests to succeed on systems where openssl is not available.
func CreateOpenSSLSelfSignedCertificate ¶
func CreateOpenSSLSelfSignedCertificate(t *testing.T, commonName, keyFile, certFile string, pemEncode bool)
CreateOpenSSLSelfSignedCertificate creates a self-signed certificate using OpenSSL.
This is especially useful for testing: in order to test reading certificate files we need such files. Writing them with our own code seems awkward. Therefore we use openssl to write those files. The files are checked into version control to allow the tests to succeed on systems where openssl is not available.
func CreateSelfSignedCertificate ¶
func CreateSelfSignedCertificate(t *testing.T, cn string, pk crypto.PrivateKey) *x509.Certificate
CreateSelfSignedCertificate uses pk to create a self-signed x509 certificate.
func KeyMust ¶
func KeyMust(key crypto.PrivateKey, err error) crypto.PrivateKey
KeyMust panics err != nil. It returns key otherwise. KeyMust should not be called in production code unless the caller is absolutely sure that a panic is warranted.
func NewPrivateKey ¶
func NewPrivateKey(kt KeyType) (crypto.PrivateKey, error)
NewPrivateKey creates a new private key for the specified key type.
It uses crypto/rand.Reader as the source for cryptographically secure random numbers.
func ParseCertificate ¶
func ParseCertificate(certificate []byte, pemDecode bool) (*x509.Certificate, error)
ParseCertificate reads an x509 certificate. If pemDecode is true ParseCertificate attempts to PEM decode the data before parsing the certificate.
func ReadCertificate ¶
ReadCertificate reads an x509 certificate from the passed reader. If pemDecode is true ReadCertificateFromFile attempts to PEM decode the file before parsing the certificate.
func ReadCertificateFromFile ¶
func ReadCertificateFromFile(path string, pemDecode bool) (*x509.Certificate, error)
ReadCertificateFromFile reads an x509 certificate from the passed file. If pemDecode is true ReadCertificateFromFile attempts to PEM decode the file before parsing the certificate.
func ReadPrivateKey ¶
ReadPrivateKey reads an private key from r using either ReadECDSAPrivateKey or ReadRSAPrivateKey.
The value of kt determines which the type of key to be read. To read an ECDSA private key any of the EC* values can be used. Likewise to read an RSA private key any of the RSA* values can be passed.
func ReadPrivateKeyFromFile ¶
ReadPrivateKeyFromFile reads a private key of type kt from the file at the specified path. If pemDecode is true ReadPrivateKeyFromFile assumes the key is PEM encoded and decodes it accordingly.
func WriteCertificate ¶
WriteCertificate writes cert to w. If pemEncode is true the certificate is PEM encoded before writing. Otherwise the certificate is written in ASN.1 DER encoded form.
func WriteCertificateForTesting ¶
func WriteCertificateForTesting( t *testing.T, certFile string, cn string, pk crypto.PrivateKey, pemEncode bool, ) *x509.Certificate
WriteCertificateForTesting creates and writes a self-signed certificate for use during unit tests. See CreateSelfSignedCertificate for details about how the certificate is created.
func WriteCertificateToFile ¶
func WriteCertificateToFile(cert *x509.Certificate, path string, pemEncode bool) error
WriteCertificateToFile writes the passed certificate to the file specified by path. If pemEncode is true the certificate is PEM encoded before writing. Otherwise the certificate is written in ASN.1 DER encoded form.
func WritePrivateKey ¶
WritePrivateKey writes a private key to a file.
WritePrivateKey returns an error if the writing the key to w fails or if WritePrivateKey does not support the type of private key passed.
If pemEncode is true WritePrivateKey PEM-encodes the private key before it writes it to w.
func WritePrivateKeyForTesting ¶
func WritePrivateKeyForTesting(t *testing.T, keyFile string, kt KeyType, pemEncode bool) crypto.PrivateKey
WritePrivateKeyForTesting generates a private key of type kt and writes it to keyFile. If pemEncode is true the key is PEM encoded.
func WritePrivateKeyToFile ¶
func WritePrivateKeyToFile(key crypto.PrivateKey, path string, pemEncode bool) error
WritePrivateKeyToFile writes the private key into the file given by path.
If pemEncode is true it will PEM encode the private key before writing it.
WritePrivateKeyToFile creates any missing intermediate directories.
Types ¶
type KeyType ¶
type KeyType int
KeyType represents the types of cryptographic keys supported by acmeproxy.
The supported key types are dictated by what our ACME client library supports.
const ( // EC256 represents an ECDSA key using an elliptic curve implementing P-256. EC256 KeyType = iota // EC384 represents an ECDSA key using an elliptic curve implementing P-384. EC384 // RSA2048 represents an RSA key with a size of 2048 bits. RSA2048 // RSA4096 represents an RSA key with a size of 4096 bits. RSA4096 // RSA8192 represents an RSA key with a size of 8192 bits. RSA8192 )
func DetermineKeyType ¶
func DetermineKeyType(key crypto.PrivateKey) (KeyType, error)
DetermineKeyType inspects the passed key and returns the appropriate KeyType. It returns an error if it could not determine the passed key type. In this case the returned key type is wrong and has to be ignored.
Source Files