Documentation ¶
Index ¶
- Constants
- Variables
- func DecodeCertificatePEM(data []byte) (*x509.Certificate, error)
- func DecodeCertificatesPEM(data []byte) ([]*x509.Certificate, error)
- func DecodePrivateKeyPEM(data []byte) (*rsa.PrivateKey, error)
- func EncodeCertificatePEM(cert *x509.Certificate) []byte
- func EncodePrivateKeyPEM(key *rsa.PrivateKey) []byte
- func IsCertificatePEM(data []byte) bool
- func NewCA(caDurationDays int, CommonName string) (*rsa.PrivateKey, *x509.Certificate, error)
- func NewPrivateKey() (*rsa.PrivateKey, error)
- func NewSelfSignedCACertificate(cfg CACertConfig, key *rsa.PrivateKey) (*x509.Certificate, error)
- func NewSignedClientCertificate(cfg ClientCertConfig, key *rsa.PrivateKey, caCert *x509.Certificate, ...) (*x509.Certificate, error)
- func NewSignedServerCertificate(cfg ServerCertConfig, key *rsa.PrivateKey, caCert *x509.Certificate, ...) (*x509.Certificate, error)
- type CACertConfig
- type Certificate
- type Certificates
- type ClientCertConfig
- type DN
- type KeyPair
- type PKI
- type ServerCertConfig
Constants ¶
View Source
const (
RSAKeySize = 2048
)
Variables ¶
View Source
var (
Duration365d = time.Hour * 24 * 365
)
View Source
var ValidityFormat = "Jan _2 15:04:05 2006 MST"
format for NotBefore and NotAfter fields to make output similar to openssl
Functions ¶
func DecodeCertificatePEM ¶
func DecodeCertificatePEM(data []byte) (*x509.Certificate, error)
func DecodeCertificatesPEM ¶
func DecodeCertificatesPEM(data []byte) ([]*x509.Certificate, error)
func DecodePrivateKeyPEM ¶
func DecodePrivateKeyPEM(data []byte) (*rsa.PrivateKey, error)
func EncodeCertificatePEM ¶
func EncodeCertificatePEM(cert *x509.Certificate) []byte
func EncodePrivateKeyPEM ¶
func EncodePrivateKeyPEM(key *rsa.PrivateKey) []byte
func IsCertificatePEM ¶
func NewCA ¶
func NewCA(caDurationDays int, CommonName string) (*rsa.PrivateKey, *x509.Certificate, error)
func NewPrivateKey ¶
func NewPrivateKey() (*rsa.PrivateKey, error)
func NewSelfSignedCACertificate ¶
func NewSelfSignedCACertificate(cfg CACertConfig, key *rsa.PrivateKey) (*x509.Certificate, error)
func NewSignedClientCertificate ¶
func NewSignedClientCertificate(cfg ClientCertConfig, key *rsa.PrivateKey, caCert *x509.Certificate, caKey *rsa.PrivateKey) (*x509.Certificate, error)
func NewSignedServerCertificate ¶
func NewSignedServerCertificate(cfg ServerCertConfig, key *rsa.PrivateKey, caCert *x509.Certificate, caKey *rsa.PrivateKey) (*x509.Certificate, error)
Types ¶
type CACertConfig ¶
type Certificate ¶
type Certificate struct { Issuer DN NotBefore time.Time NotAfter time.Time Subject DN DNSNames []string IPAddresses []net.IP }
func (Certificate) ContainsDNSName ¶
func (c Certificate) ContainsDNSName(name string) bool
func (Certificate) ContainsIPAddress ¶
func (c Certificate) ContainsIPAddress(ip net.IP) bool
func (Certificate) IsExpired ¶
func (c Certificate) IsExpired() bool
func (Certificate) String ¶
func (c Certificate) String() string
type Certificates ¶
type Certificates []Certificate
func CertificatesFromBytes ¶
func CertificatesFromBytes(data []byte) (Certificates, error)
converts raw certificate bytes to certificate, if the supplied data is cert bundle (or chain) all the certificates will be returned
func (Certificates) GetBySubjectCommonNamePattern ¶
func (cs Certificates) GetBySubjectCommonNamePattern(subjectCNMatch string) (cert Certificate, ok bool)
returns certificate that matches subject CN match regex (Subject.CommonName), if the certificate cannot be found, second returned value will be false
type ClientCertConfig ¶
type KeyPair ¶
type KeyPair struct { Key *rsa.PrivateKey Cert *x509.Certificate // contains filtered or unexported fields }
KeyPair is the TLS public certificate PEM file and its associated private key PEM file that is used by kube-aws and its plugins
func KeyPairFromPEMs ¶ added in v0.15.0
Click to show internal directories.
Click to hide internal directories.