Documentation ¶
Index ¶
- Constants
- Variables
- func EncodeCertPEM(cert *x509.Certificate) []byte
- func GenCerts(pkiPath, caCertFile, caKeyFile string, ...) error
- func GeneratePrivateKey(keyType x509.PublicKeyAlgorithm) (crypto.Signer, error)
- func NewCACertAndKey(cn string) (*x509.Certificate, *crypto.Signer, error)
- func NewCertAndKey(caCert *x509.Certificate, caKey crypto.Signer, config *CertsConfig) (*x509.Certificate, crypto.Signer, error)
- func NewCertificateAuthority(config *CertsConfig) (*x509.Certificate, crypto.Signer, error)
- func NewSignedCert(cfg *CertsConfig, key crypto.Signer, caCert *x509.Certificate, ...) (*x509.Certificate, error)
- func PathForCert(pkiPath, name string) string
- func PathForKey(pkiPath, name string) string
- func RemoveDuplicateAltNames(altNames *certutil.AltNames)
- func WriteCert(pkiPath, name string, cert *x509.Certificate) error
- func WriteCertAndKey(pkiPath, pkiName string, ca *x509.Certificate, key *crypto.Signer) error
- func WriteKey(pkiPath, name string, key crypto.Signer) error
- type CertsConfig
Constants ¶
const ( // Duration365d Certificate validity period Duration365d = time.Hour * 24 * 365 )
Variables ¶
var NewPrivateKey = GeneratePrivateKey
NewPrivateKey returns a new private key.
Functions ¶
func EncodeCertPEM ¶
func EncodeCertPEM(cert *x509.Certificate) []byte
EncodeCertPEM returns PEM-encoded certificate data
func GenCerts ¶
func GenCerts(pkiPath, caCertFile, caKeyFile string, etcdServerCertCfg, etcdClientCertCfg, karmadaCertCfg, apiserverCertCfg, frontProxyClientCertCfg *CertsConfig) error
GenCerts Create CA certificate and sign etcd karmada certificate.
func GeneratePrivateKey ¶
func GeneratePrivateKey(keyType x509.PublicKeyAlgorithm) (crypto.Signer, error)
GeneratePrivateKey generates a certificate key. It supports both ECDSA (using the P-256 elliptic curve) and RSA algorithms. For RSA, the key is generated with a size of 3072 bits. If the keyType is x509.UnknownPublicKeyAlgorithm, the function defaults to generating an RSA key.
func NewCACertAndKey ¶
NewCACertAndKey The public and private keys of the root certificate are returned
func NewCertAndKey ¶
func NewCertAndKey(caCert *x509.Certificate, caKey crypto.Signer, config *CertsConfig) (*x509.Certificate, crypto.Signer, error)
NewCertAndKey creates new certificate and key by passing the certificate authority certificate and key
func NewCertificateAuthority ¶
func NewCertificateAuthority(config *CertsConfig) (*x509.Certificate, crypto.Signer, error)
NewCertificateAuthority creates new certificate and private key for the certificate authority
func NewSignedCert ¶
func NewSignedCert(cfg *CertsConfig, key crypto.Signer, caCert *x509.Certificate, caKey crypto.Signer, isCA bool) (*x509.Certificate, error)
NewSignedCert creates a signed certificate using the given CA certificate and key
func PathForCert ¶
PathForCert returns the paths for the certificate given the path and basename.
func PathForKey ¶
PathForKey returns the paths for the key given the path and basename.
func RemoveDuplicateAltNames ¶
RemoveDuplicateAltNames removes duplicate items in altNames.
func WriteCert ¶
func WriteCert(pkiPath, name string, cert *x509.Certificate) error
WriteCert stores the given certificate at the given location
func WriteCertAndKey ¶
WriteCertAndKey Write certificate and key to file.
Types ¶
type CertsConfig ¶
type CertsConfig struct { certutil.Config NotAfter *time.Time PublicKeyAlgorithm x509.PublicKeyAlgorithm }
CertsConfig is a wrapper around certutil.Config extending it with PublicKeyAlgorithm.
func NewCertConfig ¶
func NewCertConfig(cn string, org []string, altNames certutil.AltNames, notAfter *time.Time) *CertsConfig
NewCertConfig create new CertConfig