Documentation ¶
Index ¶
- Constants
- Variables
- func EncodeCertPEM(cert *x509.Certificate) []byte
- func GenCerts(pkiPath string, ...) error
- func GeneratePrivateKey(keyType x509.PublicKeyAlgorithm) (crypto.Signer, error)
- func NewCACertAndKey() (*x509.Certificate, *crypto.Signer, error)
- func NewCertAndKey(caCert *x509.Certificate, caKey crypto.Signer, config *CertsConfig) (*x509.Certificate, crypto.Signer, error)
- func NewCertificateAuthority(config *CertsConfig) (*x509.Certificate, crypto.Signer, error)
- func NewSignedCert(cfg *CertsConfig, key crypto.Signer, caCert *x509.Certificate, ...) (*x509.Certificate, error)
- func PathForCert(pkiPath, name string) string
- func PathForKey(pkiPath, name string) string
- func RemoveDuplicateAltNames(altNames *certutil.AltNames)
- func WriteCert(pkiPath, name string, cert *x509.Certificate) error
- func WriteCertAndKey(pkiPath, pkiName string, ca *x509.Certificate, key *crypto.Signer) error
- func WriteKey(pkiPath, name string, key crypto.Signer) error
- type CertsConfig
Constants ¶
const ( //Duration365d Certificate validity period Duration365d = time.Hour * 24 * 365 )
Variables ¶
var NewPrivateKey = GeneratePrivateKey
NewPrivateKey returns a new private key.
Functions ¶
func EncodeCertPEM ¶
func EncodeCertPEM(cert *x509.Certificate) []byte
EncodeCertPEM returns PEM-endcoded certificate data
func GenCerts ¶
func GenCerts(pkiPath string, etcdServerCertCfg, etcdClientCertCfg, karmadaCertCfg, frontProxyClientCertCfg *CertsConfig) error
GenCerts Create CA certificate and sign etcd karma certificate.
func GeneratePrivateKey ¶
func GeneratePrivateKey(keyType x509.PublicKeyAlgorithm) (crypto.Signer, error)
GeneratePrivateKey Generate CA Private Key
func NewCACertAndKey ¶
func NewCACertAndKey() (*x509.Certificate, *crypto.Signer, error)
NewCACertAndKey The public and private keys of the root certificate are returned
func NewCertAndKey ¶
func NewCertAndKey(caCert *x509.Certificate, caKey crypto.Signer, config *CertsConfig) (*x509.Certificate, crypto.Signer, error)
NewCertAndKey creates new certificate and key by passing the certificate authority certificate and key
func NewCertificateAuthority ¶
func NewCertificateAuthority(config *CertsConfig) (*x509.Certificate, crypto.Signer, error)
NewCertificateAuthority creates new certificate and private key for the certificate authority
func NewSignedCert ¶
func NewSignedCert(cfg *CertsConfig, key crypto.Signer, caCert *x509.Certificate, caKey crypto.Signer, isCA bool) (*x509.Certificate, error)
NewSignedCert creates a signed certificate using the given CA certificate and key
func PathForCert ¶
PathForCert returns the paths for the certificate given the path and basename.
func PathForKey ¶
PathForKey returns the paths for the key given the path and basename.
func RemoveDuplicateAltNames ¶
RemoveDuplicateAltNames removes duplicate items in altNames.
func WriteCert ¶
func WriteCert(pkiPath, name string, cert *x509.Certificate) error
WriteCert stores the given certificate at the given location
func WriteCertAndKey ¶
WriteCertAndKey Write certificate and key to file.
Types ¶
type CertsConfig ¶
type CertsConfig struct { certutil.Config NotAfter *time.Time PublicKeyAlgorithm x509.PublicKeyAlgorithm }
CertsConfig is a wrapper around certutil.Config extending it with PublicKeyAlgorithm.
func NewCertConfig ¶
func NewCertConfig(cn string, org []string, altNames certutil.AltNames, notAfter *time.Time) *CertsConfig
NewCertConfig create new CertConfig