certauthority

package
v0.36.6 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Oct 18, 2021 License: Apache-2.0 Imports: 15 Imported by: 0

Documentation

Overview

Package certauthority implements a simple x509 certificate authority suitable for use in an aggregated API service.

Index

Constants

View Source
const ErrInvalidCACertificate = constable.Error("invalid CA certificate")

ErrInvalidCACertificate is returned when the contents of the loaded CA certificate do not meet our assumptions.

Variables

This section is empty.

Functions

func ToPEM

func ToPEM(cert *tls.Certificate) ([]byte, []byte, error)

Encode a tls.Certificate into a private key PEM and a cert chain PEM.

Types

type CA

type CA struct {
	// contains filtered or unexported fields
}

CA holds the state for a simple x509 certificate authority suitable for use in an aggregated API service.

func Load

func Load(certPEM string, keyPEM string) (*CA, error)

Load a certificate authority from an existing certificate and private key (in PEM format).

func New

func New(commonName string, ttl time.Duration) (*CA, error)

New generates a fresh certificate authority with the given Common Name and TTL.

func (*CA) Bundle

func (c *CA) Bundle() []byte

Bundle returns the current CA signing bundle in concatenated PEM format.

func (*CA) IssueClientCert

func (c *CA) IssueClientCert(username string, groups []string, ttl time.Duration) (*tls.Certificate, error)

IssueClientCert issues a new client certificate with username and groups included in the Kube-style certificate subject for the given identity and duration.

func (*CA) IssueClientCertPEM

func (c *CA) IssueClientCertPEM(username string, groups []string, ttl time.Duration) ([]byte, []byte, error)

Similar to IssueClientCert, but returning the new cert as a pair of PEM-formatted byte slices for the certificate and private key.

func (*CA) IssueServerCert

func (c *CA) IssueServerCert(dnsNames []string, ips []net.IP, ttl time.Duration) (*tls.Certificate, error)

IssueServerCert issues a new server certificate for the given identity and duration. The dnsNames and ips are each optional, but at least one of them should be specified.

func (*CA) IssueServerCertPEM

func (c *CA) IssueServerCertPEM(dnsNames []string, ips []net.IP, ttl time.Duration) ([]byte, []byte, error)

Similar to IssueServerCert, but returning the new cert as a pair of PEM-formatted byte slices for the certificate and private key.

func (*CA) Pool

func (c *CA) Pool() *x509.CertPool

Pool returns the current CA signing bundle as a *x509.CertPool.

func (*CA) PrivateKeyToPEM

func (c *CA) PrivateKeyToPEM() ([]byte, error)

PrivateKeyToPEM returns the current CA private key in PEM format, if this CA was constructed by New.

Directories

Path Synopsis
Package dynamiccertauthority implements a x509 certificate authority capable of issuing certificates from a dynamically updating CA keypair.
Package dynamiccertauthority implements a x509 certificate authority capable of issuing certificates from a dynamically updating CA keypair.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL