certs

package
v0.10.16 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Nov 21, 2021 License: Apache-2.0 Imports: 16 Imported by: 3

Documentation

Overview

Copyright (c) Microsoft Corporation. All rights reserved. Licensed under the Apache v2.0 license.

Copyright (c) Microsoft Corporation. All rights reserved. Licensed under the Apache v2.0 license.

Index

Constants

This section is empty.

Variables

View Source 
var (

	// RFC 5755
	OidAccessIdentity = []int{1, 3, 6, 1, 5, 5, 7, 10, 2}
)

Functions

func CalculateRenewTime added in v0.10.16 

func CalculateRenewTime(certificate string, factor *backOffFactor) (duration *backOffDuration, err error)

func DecodeCertPEM 

func DecodeCertPEM(encoded []byte) (*x509.Certificate, error)

DecodeCertPEM attempts to return a decoded certificate or nil if the encoded input does not contain a certificate.

func DecodeCertRequestPEM added in v0.10.7 

func DecodeCertRequestPEM(encoded []byte) (*x509.CertificateRequest, error)

DecodeCertRequestPEM attempts to return a decoded certificate request or nil if the encoded input does not contain a certificate request.

func DecodePrivateKeyPEM 

func DecodePrivateKeyPEM(encoded []byte) (*rsa.PrivateKey, error)

DecodePrivateKeyPEM attempts to return a decoded key or nil if the encoded input does not contain a private key.

func EncodeCertPEM 

func EncodeCertPEM(cert *x509.Certificate) []byte

EncodeCertPEM returns PEM-endcoded certificate data.

func EncodeCertRequestPEM added in v0.10.7 

func EncodeCertRequestPEM(cert *x509.CertificateRequest) []byte

EncodeCertRequestPEM returns PEM-endcoded certificate request data.

func EncodePrivateKeyPEM 

func EncodePrivateKeyPEM(key *rsa.PrivateKey) []byte

EncodePrivateKeyPEM returns PEM-encoded private key data.

func EncodePublicKeyBytePEM 

func EncodePublicKeyBytePEM(key []byte) ([]byte, error)

EncodePublicKeyPEM returns PEM-encoded public key data.

func EncodePublicKeyPEM 

func EncodePublicKeyPEM(key *rsa.PublicKey) ([]byte, error)

EncodePublicKeyPEM returns PEM-encoded public key data.

func GenerateCertificateRenewRequest added in v0.10.7 

func GenerateCertificateRenewRequest(cert *tls.Certificate) (retCsr []byte, retPriv []byte, err error)

GenerateCertificateRenewRequest creates a renew CSR A new private key will be created, used to create CSR and returned

func GenerateCertificateRenewRequestSameKey added in v0.10.7 

func GenerateCertificateRenewRequestSameKey(cert *tls.Certificate) (retCsr []byte, err error)

GenerateCertificateRenewRequestSameKey creates a renew CSR A same private key in cert will be used to create CSR

func GenerateCertificateRequest added in v0.10.7 

func GenerateCertificateRequest(conf *Config, privKey []byte) (csr []byte, retPrivKey []byte, err error)

GenerateCertificateRequest creates a CSR if privKey is not provided, a new one will be created and returned if privKey is provided, it will be used to create csr and the same key will be returned

func GenerateClientCertificate 

func GenerateClientCertificate(name string) (*x509.Certificate, *rsa.PrivateKey, error)

func IsCertificateExpired added in v0.10.16 

func IsCertificateExpired(certificate string) (bool, error)

func NewBackOffFactor added in v0.10.16 

func NewBackOffFactor(renewBackoffFactor, errorBackoffFactor float64) (factor *backOffFactor, err error)

func NewPrivateKey 

func NewPrivateKey() (*rsa.PrivateKey, error)

NewPrivateKey creates an RSA private key

func NewSignedCert 

func NewSignedCert(key *rsa.PrivateKey, caCert *x509.Certificate, caKey *rsa.PrivateKey, conf Config) (*x509.Certificate, error)

Types

type AltNames 

type AltNames struct {
	DNSNames []string
	IPs      []net.IP
}

AltNames contains the domain names and IP addresses for a cert

type CAConfig added in v0.10.7 

type CAConfig struct {
	RootSigner      *tls.Certificate
	CrossRootCert   *x509.Certificate   // OPTIONAL
	AdditionalRoots []*x509.Certificate // OPTIONAL
	Revocation      Revocation          // OPTIONAL
}

type CertificateAuthority added in v0.10.7 

type CertificateAuthority struct {
	// contains filtered or unexported fields
}

func NewCertificateAuthority added in v0.10.7 

func NewCertificateAuthority(config *CAConfig) (*CertificateAuthority, error)

NewCertificateAuthority creates a CertificateAuthority

func (*CertificateAuthority) SignRequest added in v0.10.7 

func (ca *CertificateAuthority) SignRequest(csrPem []byte, oldCertPem []byte, conf *SignConfig) (retCert []byte, err error)

SignRequest signs the CSR using Certificate Authority if oldCertPem is provided it is validated against CA

func (*CertificateAuthority) VerifyClientCertificate added in v0.10.7 

func (ca *CertificateAuthority) VerifyClientCertificate(rawCerts [][]byte) error

VerifyClientCertificate verifies rawCerts(ASN encoded) using the CertificateAuthority

type Config 

type Config struct {
	CommonName   string
	Organization []string
	AltNames     AltNames
	Usages       []x509.ExtKeyUsage
}

Config contains the basic fields required for creating a certificate.

type KeyPair 

type KeyPair struct {
	Cert, Key []byte
}

KeyPair holds the raw bytes for a certificate and key.

func (*KeyPair) IsValid 

func (k *KeyPair) IsValid() bool

IsValid returns true if both the certificate and key are non-nil.

type Revocation added in v0.10.7 

type Revocation interface {
	IsRevoked(cert *x509.Certificate) error
}

type SignConfig added in v0.10.7 

type SignConfig struct {
	Offset     time.Duration
	Identity   string
	ServerAuth bool
}

Config contains the basic fields required for signing a certificate.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.