Documentation
¶
Index ¶
- Constants
- func Base64(data []byte) string
- func CertToPem(cert *x509.Certificate) []byte
- func GenerateSelfSignedCertificate(cfg *CertCfg) (*rsa.PrivateKey, *x509.Certificate, error)
- func GenerateSignedCertificate(caKey *rsa.PrivateKey, caCert *x509.Certificate, cfg *CertCfg) (*rsa.PrivateKey, *x509.Certificate, error)
- func HasCAHash(secret *corev1.Secret, ca *corev1.Secret, opts *CAOpts) bool
- func PemToCertificate(data []byte) (*x509.Certificate, error)
- func PemToPrivateKey(data []byte) (*rsa.PrivateKey, error)
- func PrivateKey() (*rsa.PrivateKey, error)
- func PrivateKeyToPem(key *rsa.PrivateKey) []byte
- func PublicKeyToPem(key *rsa.PublicKey) ([]byte, error)
- func ReconcileSelfSignedCA(secret *corev1.Secret, cn, ou string, o ...func(*CAOpts)) error
- func ReconcileSignedCert(secret *corev1.Secret, ca *corev1.Secret, cn string, org []string, ...) error
- func SelfSignedCertificate(cfg *CertCfg, key *rsa.PrivateKey) (*x509.Certificate, error)
- func ValidateKeyPair(pemKey, pemCertificate []byte, cfg *CertCfg, ...) error
- type CAOpts
- type CertCfg
Constants ¶
const ( ValidityOneDay = 24 * time.Hour ValidityOneYear = 365 * ValidityOneDay ValidityTenYears = 10 * ValidityOneYear CAHashAnnotation = "hypershiftlite.openshift.io/ca-hash" // CASignerCertMapKey is the key value in a CA cert utilized by the control plane operator. CASignerCertMapKey = "ca.crt" // CASignerKeyMapKey is the key for the private key field in a CA cert utilized by the control plane operator. CASignerKeyMapKey = "ca.key" // TLSSignerCertMapKey is the key value the default k8s cert-manager looks for in a TLS certificate in a TLS secret. //TLSSignerCertMapKey is programmatically enforced to have the same data as CASignerCertMapKey. TLSSignerCertMapKey = "tls.crt" // TLSSignerKeyMapKey is the key the default k8s cert-manager looks for in a private key field in a TLS secret. // TLSSignerKeyMapKey is programmatically enforced to have the same data as CASignerKeyMapKey. TLSSignerKeyMapKey = "tls.key" )
Variables ¶
This section is empty.
Functions ¶
func CertToPem ¶
func CertToPem(cert *x509.Certificate) []byte
CertToPem converts an x509.Certificate object to a pem string
func GenerateSelfSignedCertificate ¶
func GenerateSelfSignedCertificate(cfg *CertCfg) (*rsa.PrivateKey, *x509.Certificate, error)
GenerateSelfSignedCertificate generates a key/cert pair defined by CertCfg.
func GenerateSignedCertificate ¶
func GenerateSignedCertificate(caKey *rsa.PrivateKey, caCert *x509.Certificate, cfg *CertCfg) (*rsa.PrivateKey, *x509.Certificate, error)
GenerateSignedCertificate generate a key and cert defined by CertCfg and signed by CA.
func PemToCertificate ¶
func PemToCertificate(data []byte) (*x509.Certificate, error)
PemToCertificate converts a data block to x509.Certificate.
func PemToPrivateKey ¶
func PemToPrivateKey(data []byte) (*rsa.PrivateKey, error)
PemToPrivateKey converts a data block to rsa.PrivateKey.
func PrivateKey ¶
func PrivateKey() (*rsa.PrivateKey, error)
PrivateKey generates an RSA Private key and returns the value
func PrivateKeyToPem ¶
func PrivateKeyToPem(key *rsa.PrivateKey) []byte
PrivateKeyToPem converts a rsa.PrivateKey object to pem string
func PublicKeyToPem ¶
PublicKeyToPem converts a rsa.PublicKey object to pem string
func ReconcileSelfSignedCA ¶
ReconcileSelfSignedCA reconciles a CA secret. It is a oneshot function that will never regenerate the CA unless the cert or key entry is missing from the secret.
func ReconcileSignedCert ¶
func ReconcileSignedCert( secret *corev1.Secret, ca *corev1.Secret, cn string, org []string, extUsages []x509.ExtKeyUsage, crtKey string, keyKey string, caKey string, dnsNames []string, ips []string, o ...func(*CAOpts), ) error
ReconcileSignedCert reconciles a certificate secret using the provided config. It will rotate the cert if there are less than 30 days of validity left.
func SelfSignedCertificate ¶
func SelfSignedCertificate(cfg *CertCfg, key *rsa.PrivateKey) (*x509.Certificate, error)
SelfSignedCertificate creates a self-signed certificate