certgen

package

v0.0.0-...-1dc6284 Latest Latest Go to latest Published: Mar 15, 2023 License: Apache-2.0 Imports: 12 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/google/monologue

Links

Open Source Insights

Documentation ¶

Overview ¶

Package certgen generates (pre-)certificates and (pre-)certificate chains.

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type CA ¶

type CA struct {
	SigningCert *x509.Certificate
	SigningKey  crypto.Signer
	CertConfig  CertificateConfig
}

CA is a Certificate Authority that issues certificates and certificate chains using its SigningCert and SigningKey.

func (*CA) IssueCertificate ¶

func (ca *CA) IssueCertificate() (*x509.Certificate, error)

IssueCertificate creates a new leaf certificate, issued by the key specified in the SigningCert and SigningKey fields of the CA, and configured using the CertConfig in the CA.

func (*CA) IssueCertificateChain ¶

func (ca *CA) IssueCertificateChain() ([]*x509.Certificate, error)

IssueCertificateChain creates a certificate chain, containing a new leaf certificate (as created by IssueCertificate) and the certificate for the key that signed it (stored in the SigningCert field of the CA).

func (*CA) IssuePrecertificate ¶

func (ca *CA) IssuePrecertificate() (*x509.Certificate, error)

IssuePrecertificate creates a new leaf precertificate, issued by the key specified in the SigningCert and SigningKey fields of the CA, and configured using the CertConfig in the CA.

func (*CA) IssuePrecertificateChain ¶

func (ca *CA) IssuePrecertificateChain() ([]*x509.Certificate, error)

IssuePrecertificateChain creates a certificate chain, containing a new leaf precertificate (as created by IssuePrecertificate) and the certificate for the key that signed it (stored in the SigningCert field of the CA).

TODO(katjoyce): Add precert-signing-cert functionality.

type CertificateConfig ¶

type CertificateConfig struct {
	// Required fields
	//
	// What these are set to, including the zero values if left unset, is what
	// will appear in the leaf certificates.
	SubjectCommonName         string
	SubjectOrganization       string
	SubjectOrganizationalUnit string
	SubjectLocality           string
	SubjectCountry            string
	SignatureAlgorithm        x509.SignatureAlgorithm

	// DNSPrefix is a prefix that will be used in conjunction with the
	// SubjectCommonName to create a more specific DNS SAN.
	DNSPrefix string
	// NotAfterInterval specifies an interval in which the NotAfter time of a
	// certificate must fall.
	//
	// For example, if a certificate is being generated to be submitted to a
	// temporal CT Log shard, then, in order to be accepted by the Log, its
	// NotAfter value must fall within the Log's temporal range, so this field
	// would be set to the temporal interval of the Log.  However, if a
	// certificate is being generated to be submitted to a non-temporal CT Log,
	// this field should be left unset/set to nil.
	NotAfterInterval *interval.Interval
}

CertificateConfig contains details to be used to populate newly created leaf certificates.

Source Files ¶

View all Source files

certgen.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL