xcert

package module
v1.0.5 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Mar 12, 2022 License: GPL-3.0 Imports: 21 Imported by: 0

README

⚡ xcert

xcert is a easy way to manager x509 certificate

Installation

go get -u github.com/hkloudou/xcert

Quick Start self signed

os.MkdirAll("./test", 0744)
tmpl := xcert.Template(
    xcert.PkixName(pkix.Name{Organization: []string{"Acme Co"}}),
    xcert.KeyUsage(x509.KeyUsageKeyEncipherment|x509.KeyUsageDigitalSignature|x509.KeyUsageCertSign),
    xcert.ExtKeyUsage(x509.ExtKeyUsageServerAuth),
    xcert.Hosts("localhost", "test.yourdomain.com", "127.0.0.1"),
)
pem, key, err := xcert.GenerateEcdsaCert(tmpl)
if err != nil {
    panic(err)
}
ioutil.WriteFile("./test/self.pem", pem, 0644)
ioutil.WriteFile("./test/self.key", key, 0644)

Quick Start two way signed

os.MkdirAll("./test", 0744)
tmpl := xcert.Template(
    xcert.PkixName(pkix.Name{CommonName: "test"}),
    xcert.KeyUsage(x509.KeyUsageDigitalSignature|
        x509.KeyUsageKeyEncipherment|x509.KeyUsageCertSign|
        x509.KeyUsageCRLSign),
    xcert.ExtKeyUsage(x509.ExtKeyUsageAny),
)
pem, key, err := xcert.GenerateEcdsaCert(tmpl)
if err != nil {
    t.Fatal(err)
}
ioutil.WriteFile("./test/ca.pem", pem, 0644)
ioutil.WriteFile("./test/ca.key", key, 0644)
ca, caKey, err := xcert.ParseCertPair(pem, key)
pem, key, err = xcert.GenerateEcdsaCertWithParent(
    xcert.Template(
        xcert.PkixName(pkix.Name{CommonName: "server"}),
        xcert.Hosts("localhost", "127.0.0.1"),
        xcert.IsCa(false),
        xcert.ExtKeyUsage(x509.ExtKeyUsageServerAuth),
    ), ca, caKey)
if err != nil {
    t.Fatal(err)
}
ioutil.WriteFile("./test/server.pem", pem, 0644)
ioutil.WriteFile("./test/server.key", key, 0644)

pem, key, err = xcert.GenerateEcdsaCertWithParent(xcert.Template(
    xcert.PkixName(pkix.Name{CommonName: "client"}),
    xcert.IsCa(false),
    xcert.ExtKeyUsage(x509.ExtKeyUsageClientAuth),
), ca, caKey)
if err != nil {
    t.Fatal(err)
}
ioutil.WriteFile("./test/client.pem", pem, 0644)
ioutil.WriteFile("./test/client.key", key, 0644)

use it

cfg, err := xcert.ParseTlsConfig(nil, "./test/self.pem", "./test/self.key")
if err != nil {
    t.Fatal(err)
}
cfg, err = xcert.ParseTlsConfig("./test/ca.pem", "./test/server.pem", "./test/server.key")
if err != nil {
    t.Fatal(err)
}
tls.Listen("tcp", ":443", cfg)

Todolist

  • Auther interface

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func Expired

func Expired(t time.Duration) tmplOption

func ExtKeyUsage

func ExtKeyUsage(usgs ...x509.ExtKeyUsage) tmplOption

func GenerateEcdsaCert added in v1.0.2

func GenerateEcdsaCert(tmpl x509.Certificate) ([]byte, []byte, error)

func GenerateEcdsaCertWithParent added in v1.0.2

func GenerateEcdsaCertWithParent(tmpl x509.Certificate, parentCert *x509.Certificate, parentPriv any) ([]byte, []byte, error)

func Hosts

func Hosts(hosts ...string) tmplOption

func IsCa

func IsCa(b bool) tmplOption

func KeyUsage

func KeyUsage(usg x509.KeyUsage) tmplOption

func NotBefore

func NotBefore(t time.Duration) tmplOption

func ParseCertPair added in v1.0.3

func ParseCertPair(certParame, keyParame interface{}) (*x509.Certificate, crypto.PrivateKey, error)

func ParsePrivateCert added in v1.0.3

func ParsePrivateCert(cert interface{}) (crypto.PrivateKey, error)

Private Key

ReadPrivateCert []byte string *rsa.PrivateKey, *ecdsa.PrivateKey, ed25519.PrivateKey

func ParsePublicCert added in v1.0.3

func ParsePublicCert(cert interface{}) ([][]byte, *x509.Certificate, error)

Public Key

ParsePublicCert []byte string *x509.Certificate

func ParseTlsConfig added in v1.0.4

func ParseTlsConfig(caParame interface{}, certParame interface{}, keyParame interface{}) (*tls.Config, error)

func PkixName

func PkixName(name pkix.Name) tmplOption

func Template

func Template(opts ...tmplOption) x509.Certificate

Types

This section is empty.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL