pki

package
v0.16.4 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Sep 23, 2020 License: Apache-2.0 Imports: 17 Imported by: 0

Documentation

Index

Constants

View Source
const (
	RSAKeySize = 2048
)

Variables

View Source
var (
	Duration365d = time.Hour * 24 * 365
)
View Source
var ValidityFormat = "Jan _2 15:04:05 2006 MST"

format for NotBefore and NotAfter fields to make output similar to openssl

Functions

func DecodeCertificatePEM

func DecodeCertificatePEM(data []byte) (*x509.Certificate, error)

func DecodeCertificatesPEM

func DecodeCertificatesPEM(data []byte) ([]*x509.Certificate, error)

func DecodePrivateKeyPEM

func DecodePrivateKeyPEM(data []byte) (*rsa.PrivateKey, error)

func EncodeCertificatePEM

func EncodeCertificatePEM(cert *x509.Certificate) []byte

func EncodePrivateKeyPEM

func EncodePrivateKeyPEM(key *rsa.PrivateKey) []byte

func IsCertificatePEM

func IsCertificatePEM(data []byte) bool

func NewCA

func NewCA(caDurationDays int, CommonName string) (*rsa.PrivateKey, *x509.Certificate, error)

func NewPrivateKey

func NewPrivateKey() (*rsa.PrivateKey, error)

func NewSelfSignedCACertificate

func NewSelfSignedCACertificate(cfg CACertConfig, key *rsa.PrivateKey) (*x509.Certificate, error)

func NewSignedClientCertificate

func NewSignedClientCertificate(cfg ClientCertConfig, key *rsa.PrivateKey, caCert *x509.Certificate, caKey *rsa.PrivateKey) (*x509.Certificate, error)

func NewSignedServerCertificate

func NewSignedServerCertificate(cfg ServerCertConfig, key *rsa.PrivateKey, caCert *x509.Certificate, caKey *rsa.PrivateKey) (*x509.Certificate, error)

Types

type CACertConfig

type CACertConfig struct {
	CommonName   string
	Organization string
	Duration     time.Duration
}

type Certificate

type Certificate struct {
	Issuer      DN
	NotBefore   time.Time
	NotAfter    time.Time
	Subject     DN
	DNSNames    []string
	IPAddresses []net.IP
}

func (Certificate) ContainsDNSName

func (c Certificate) ContainsDNSName(name string) bool

func (Certificate) ContainsIPAddress

func (c Certificate) ContainsIPAddress(ip net.IP) bool

func (Certificate) IsExpired

func (c Certificate) IsExpired() bool

func (Certificate) String

func (c Certificate) String() string

type Certificates

type Certificates []Certificate

func CertificatesFromBytes

func CertificatesFromBytes(data []byte) (Certificates, error)

converts raw certificate bytes to certificate, if the supplied data is cert bundle (or chain) all the certificates will be returned

func (Certificates) GetBySubjectCommonNamePattern

func (cs Certificates) GetBySubjectCommonNamePattern(subjectCNMatch string) (cert Certificate, ok bool)

returns certificate that matches subject CN match regex (Subject.CommonName), if the certificate cannot be found, second returned value will be false

type ClientCertConfig

type ClientCertConfig struct {
	CommonName   string
	Organization []string
	DNSNames     []string
	IPAddresses  []string
	Duration     time.Duration
}

type DN

type DN struct {
	Organization []string
	CommonName   string
}

func (DN) String

func (dn DN) String() string

type KeyPair

type KeyPair struct {
	Key  *rsa.PrivateKey
	Cert *x509.Certificate
	// contains filtered or unexported fields
}

KeyPair is the TLS public certificate PEM file and its associated private key PEM file that is used by kube-aws and its plugins

func KeyPairFromPEMs added in v0.15.0

func KeyPairFromPEMs(id string, certpem []byte, keypem []byte) (*KeyPair, error)

func (*KeyPair) CertInPEM

func (keypair *KeyPair) CertInPEM() []byte

func (*KeyPair) KeyInPEM

func (keypair *KeyPair) KeyInPEM() []byte

type PKI

type PKI struct {
}

func NewPKI

func NewPKI() *PKI

func (*PKI) GenerateKeyPair

func (pki *PKI) GenerateKeyPair(spec api.KeyPairSpec, signer *KeyPair) (*KeyPair, error)

type ServerCertConfig

type ServerCertConfig struct {
	CommonName  string
	DNSNames    []string
	IPAddresses []string
	Duration    time.Duration
}

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL