tls

package
v0.1.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Nov 23, 2019 License: Apache-2.0 Imports: 12 Imported by: 0

Documentation

Index

Constants

View Source
const (
	Duration           = 3650 // 10 years = 3650 days
	OrganizationalUnit = "KubeKit"
	Organization       = "LifeRaft"
	Locality           = "San Diego"
	Province           = "California"
	Country            = "US"
)

Constants used to create the certificate

View Source
const EnvCAKeyPassword = "KUBEKIT_CA_KEY_PASSWORD"

EnvCAKeyPassword is the environment variable to store the password used to encrypt the provided CA Key file

Variables

View Source
var (
	GenericDNSNames = []string{
		"localhost",
	}
	GenericIPAddresses = []string{
		"127.0.0.1",
	}
)

Temporal: DNS and IPs to include in the certificates

Functions

func GenCAPrivateKey

func GenCAPrivateKey(filename string) (caKey *rsa.PrivateKey, caKeyBytes []byte, err error)

GenCAPrivateKey generates a CA RSA Key or returns the CA Key from the given filename. The file (if provided) should contain a PEM encoded CA RSA Key

func GenRSAPrivateKey

func GenRSAPrivateKey() (key *rsa.PrivateKey, err error)

GenRSAPrivateKey generates a RSA private key

func NewSelfSignedCACert

func NewSelfSignedCACert(caKey *rsa.PrivateKey, cn string) (*x509.Certificate, error)

NewSelfSignedCACert creates a Self Signed CA Certificate with a given CA Private Key and a Common Name

func NewSignedCert

func NewSignedCert(privKey *rsa.PrivateKey, caKeyPair *KeyPair, cn, o string, dns, ips []string, extKeyUsage []x509.ExtKeyUsage) (*x509.Certificate, error)

NewSignedCert creates a Self Signed Certificate with a given private key, the CA key pair (key and cert) and a Common Name

func SelfSignedCACert

func SelfSignedCACert(filename string, caKey *rsa.PrivateKey, cn string) (*x509.Certificate, []byte, error)

SelfSignedCACert generates a CA x509 Certificate from a CA RSA Key or returns the CA x509 Certificate from the given filename. The file (if provided) should contain a PEM encoded CA x509 Certificate

func SignedCert

func SignedCert(privKey *rsa.PrivateKey, caKeyPair *KeyPair, cn, o string, dns, ips []string, extKeyUsage []x509.ExtKeyUsage) (*x509.Certificate, []byte, error)

SignedCert generates a Self Signed Certificate and returns also the pem decoded bytes

Types

type KeyPair

type KeyPair struct {
	Name           string
	KeyFile        string
	PrivateKey     *rsa.PrivateKey
	PrivateKeyPEM  []byte
	CN             string
	O              string
	DNSNames       []string
	IPAddresses    []string
	CertFile       string
	Certificate    *x509.Certificate
	CertificatePEM []byte
	IsCA           bool
	ExtKeyUsage    []x509.ExtKeyUsage
}

KeyPair encapsulate the Private Key and Certificate key pair

func Load

func Load(baseCertsDir, name, cn string) (*KeyPair, error)

Load creates and loads the key pair from the key and cert files located in the given directory

func NewCAKeyPair

func NewCAKeyPair(fromCAKeyPair *KeyPair, baseCertsDir, name, cn string) (*KeyPair, error)

NewCAKeyPair creates a new CA Key Pair from the given filenames or generates them if the files does not exists

func NewEmptyKeyPair

func NewEmptyKeyPair(baseCertsDir, name, cn, o string, dns, ips []string, extKeyUsage []x509.ExtKeyUsage) *KeyPair

NewEmptyKeyPair creates a KeyPair with everything but the key and cert

func NewKeyPair

func NewKeyPair(baseCertsDir, name, cn, o string, dns, ips []string, caKeyPair *KeyPair, extKeyUsage []x509.ExtKeyUsage) (*KeyPair, error)

NewKeyPair creates a new KeyPair with the key and cert

func (*KeyPair) GenCAKeyPair

func (kp *KeyPair) GenCAKeyPair(fromCAKeyPair *KeyPair) error

GenCAKeyPair reads the CA Key and Certificate from the given files or generates them if the file names are empty or does not exists

func (*KeyPair) GenKeyPair

func (kp *KeyPair) GenKeyPair(caKeyPair *KeyPair) error

GenKeyPair creates the key and cert

func (*KeyPair) Load

func (kp *KeyPair) Load() error

Load loads the keypair from the files in the given directory, if they exists

func (*KeyPair) NewFilenames

func (kp *KeyPair) NewFilenames(baseCertsDir, name string) (prevKeyFile string, prevCertFile string)

NewFilenames updates the Key Pair filenames (key and cert) using a new base directory and name. If name is empty will use the current Key Pair name. It returns the previous filenames

func (*KeyPair) PEMEncodeCert

func (kp *KeyPair) PEMEncodeCert() []byte

PEMEncodeCert returns the PEM encode of the given certificate

func (*KeyPair) PEMEncodePrivateKey

func (kp *KeyPair) PEMEncodePrivateKey() []byte

PEMEncodePrivateKey returns the PEM encode of the given private key

func (*KeyPair) SaveCertificate

func (kp *KeyPair) SaveCertificate(overwrite bool) error

SaveCertificate saves the certificate file from this key pair

func (*KeyPair) SavePrivateKey

func (kp *KeyPair) SavePrivateKey(overwrite bool) error

SavePrivateKey saves the private key file from this key pair

type KeyPairs

type KeyPairs map[string]*KeyPair

KeyPairs is a list of KeyPair

func (KeyPairs) Save

func (kps KeyPairs) Save(overwrite bool) error

Save saves all the private keys and certificates (if not empty) for all the Key Pairs

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL