pki

package

v1.0.0 Latest Latest Go to latest Published: Feb 7, 2019 License: MPL-2.0 Imports: 17 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/letsencrypt/ct-woodpecker

Links

Open Source Insights

Documentation ¶

Overview ¶

Package pki provides helpers for creating random certificate serial numbers, random private keys, and issuing test certificates.

Index ¶

func IssueCertificate(subjectKey crypto.PublicKey, issuerKey *ecdsa.PrivateKey, ...) (*x509.Certificate, error)
func LoadCertificate(file string) (*x509.Certificate, error)
func LoadPrivateKey(file string) (*ecdsa.PrivateKey, error)
func RandKey() (*ecdsa.PrivateKey, error)
func RandSerial() (*big.Int, error)
type CertificatePair
- func IssueTestCertificate(issuerKey *ecdsa.PrivateKey, issuerCert *x509.Certificate, clk clock.Clock, ...) (CertificatePair, error)

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func IssueCertificate ¶

func IssueCertificate(
	subjectKey crypto.PublicKey,
	issuerKey *ecdsa.PrivateKey,
	issuerCert, template *x509.Certificate) (*x509.Certificate, error)

IssueCertificate uses the provided issuerKey and issuerCert to issue a new X509 Certificate with the provided subjectKey based on the provided template.

func LoadCertificate ¶

func LoadCertificate(file string) (*x509.Certificate, error)

LoadCertificate returns the *x509.Certificate loaded from the PEM encoded certificate in the provided file, or returns an error.

func LoadPrivateKey ¶

func LoadPrivateKey(file string) (*ecdsa.PrivateKey, error)

LoadPrivateKey returns a *ecdsa.PrivateKey loaded from the BASE64 encoded DER of an ECDSA private key from the provided file, or returns an error.

func RandKey ¶

func RandKey() (*ecdsa.PrivateKey, error)

RandKey generates a random ECDSA private key or returns an error.

func RandSerial ¶

func RandSerial() (*big.Int, error)

RandSerial generates a random *bigInt to use as a certificate serial or returns an error.

Types ¶

type CertificatePair ¶

type CertificatePair struct {
	PreCert *x509.Certificate
	Cert    *x509.Certificate
}

CertificatePair is a struct for holding a precertificate and a matching final certificate.

func IssueTestCertificate ¶

func IssueTestCertificate(
	issuerKey *ecdsa.PrivateKey,
	issuerCert *x509.Certificate,
	clk clock.Clock,
	windowStart *time.Time,
	windowEnd *time.Time) (CertificatePair, error)

If windowEnd is nil the certificate NotAfter will be set to 90 days after the current time based on the provided clock. If windowEnd is not nil then the certificate NotAfter will be set to the windowEnd minus one day.

This function creates certificates that will be submitted to public logs and so while they are not issued by a trusted root we try to avoid cablint errors to avoid requiring log monitors special-case our submissions.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL