pki

package
v0.4.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Aug 10, 2018 License: Apache-2.0 Imports: 14 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func CommonNameForCertificate

func CommonNameForCertificate(crt *v1alpha1.Certificate) string

func DNSNamesForCertificate

func DNSNamesForCertificate(crt *v1alpha1.Certificate) []string

func DecodeDERCertificateBytes

func DecodeDERCertificateBytes(derBytes []byte) (*x509.Certificate, error)

func DecodePKCS1PrivateKeyBytes

func DecodePKCS1PrivateKeyBytes(keyBytes []byte) (*rsa.PrivateKey, error)

func DecodeX509CertificateBytes

func DecodeX509CertificateBytes(certBytes []byte) (*x509.Certificate, error)

func EncodeCSR added in v0.4.0

func EncodeCSR(template *x509.CertificateRequest, key interface{}) ([]byte, error)

func EncodePKCS1PrivateKey

func EncodePKCS1PrivateKey(pk *rsa.PrivateKey) []byte

func GenerateRSAPrivateKey

func GenerateRSAPrivateKey(keySize int) (*rsa.PrivateKey, error)

func GenerateTemplate added in v0.4.0

func GenerateTemplate(issuer v1alpha1.GenericIssuer, crt *v1alpha1.Certificate, serialNo *big.Int) (*x509.Certificate, error)

GenerateTemplate will create a x509.Certificate for the given Certificate resource. This should create a Certificate template that is equivalent to the CertificateRequest generated by GenerateCSR. The PublicKey field must be populated by the caller.

func PublicKeyMatchesCertificate added in v0.4.1

func PublicKeyMatchesCertificate(check crypto.PublicKey, crt *x509.Certificate) (bool, error)

PublicKeyMatchesCertificate can be used to verify the given public key is the correct counter-part to the given x509 Certificate. It will return false and no error if the public key is *not* valid for the given Certificate. It will return true if the public key *is* valid for the given Certificate. It will return an error if either of the passed parameters are of an unrecognised type (i.e. non RSA/ECDSA)

func SignCertificate added in v0.4.0

func SignCertificate(template *x509.Certificate, issuerCert *x509.Certificate, publicKey interface{}, signerKey interface{}) ([]byte, *x509.Certificate, error)

SignCertificate returns a signed x509.Certificate object for the given *v1alpha1.Certificate crt. publicKey is the public key of the signee, and signerKey is the private key of the signer.

Types

This section is empty.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL