certauthority

package

v0.37.2 Latest Latest Go to latest Published: Dec 17, 2021 License: Apache-2.0 Imports: 15 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/getupio-undistro/undistro

Documentation ¶

Overview ¶

Package certauthority implements a simple x509 certificate authority suitable for use in an aggregated API service.

Index ¶

Constants
func ToPEM(cert *tls.Certificate) ([]byte, []byte, error)
type CA
- func Load(certPEM string, keyPEM string) (*CA, error)
- func New(commonName string, ttl time.Duration) (*CA, error)

Constants ¶

View Source

const ErrInvalidCACertificate = constable.Error("invalid CA certificate")

ErrInvalidCACertificate is returned when the contents of the loaded CA certificate do not meet our assumptions.

Variables ¶

This section is empty.

Functions ¶

func ToPEM ¶

func ToPEM(cert *tls.Certificate) ([]byte, []byte, error)

Encode a tls.Certificate into a private key PEM and a cert chain PEM.

Types ¶

type CA ¶

type CA struct {
	// contains filtered or unexported fields
}

CA holds the state for a simple x509 certificate authority suitable for use in an aggregated API service.

func Load ¶

func Load(certPEM string, keyPEM string) (*CA, error)

Load a certificate authority from an existing certificate and private key (in PEM format).

func New ¶

func New(commonName string, ttl time.Duration) (*CA, error)

New generates a fresh certificate authority with the given Common Name and TTL.

func (*CA) Bundle ¶

func (c *CA) Bundle() []byte

Bundle returns the current CA signing bundle in concatenated PEM format.

func (*CA) IssueClientCert ¶

func (c *CA) IssueClientCert(username string, groups []string, ttl time.Duration) (*tls.Certificate, error)

IssueClientCert issues a new client certificate with username and groups included in the Kube-style certificate subject for the given identity and duration.

func (*CA) IssueClientCertPEM ¶

func (c *CA) IssueClientCertPEM(username string, groups []string, ttl time.Duration) ([]byte, []byte, error)

Similar to IssueClientCert, but returning the new cert as a pair of PEM-formatted byte slices for the certificate and private key.

func (*CA) IssueServerCert ¶

func (c *CA) IssueServerCert(dnsNames []string, ips []net.IP, ttl time.Duration) (*tls.Certificate, error)

IssueServerCert issues a new server certificate for the given identity and duration. The dnsNames and ips are each optional, but at least one of them should be specified.

func (*CA) IssueServerCertPEM ¶

func (c *CA) IssueServerCertPEM(dnsNames []string, ips []net.IP, ttl time.Duration) ([]byte, []byte, error)

Similar to IssueServerCert, but returning the new cert as a pair of PEM-formatted byte slices for the certificate and private key.

func (*CA) Pool ¶

func (c *CA) Pool() *x509.CertPool

Pool returns the current CA signing bundle as a *x509.CertPool.

func (*CA) PrivateKeyToPEM ¶

func (c *CA) PrivateKeyToPEM() ([]byte, error)

PrivateKeyToPEM returns the current CA private key in PEM format, if this CA was constructed by New.

Source Files ¶

View all Source files

certauthority.go

Directories ¶

Path	Synopsis
dynamiccertauthority Package dynamiccertauthority implements a x509 certificate authority capable of issuing certificates from a dynamically updating CA keypair.	Package dynamiccertauthority implements a x509 certificate authority capable of issuing certificates from a dynamically updating CA keypair.

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL