Documentation ¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type CACert ¶
type CACert struct {
// contains filtered or unexported fields
}
CACert represents a new self-signed CA certificate
func NewCACert ¶
func NewCACert(opts ...CACertOption) *CACert
NewCACert creates a new CACert object with options
type CACertOption ¶
type CACertOption func(*CACert)
func WithCommonName ¶
func WithCommonName(name string) CACertOption
WithCommonName specifies the CommonName on the CA template.
func WithCountry ¶
func WithCountry(country string) CACertOption
WithCountry specifies the Country on the CA template.
func WithKeyUsage ¶
func WithKeyUsage(usage x509.KeyUsage) CACertOption
WithKeyUsage specifies the X.509 Key Usage on the CA template.
func WithOrganization ¶
func WithOrganization(o string) CACertOption
WithOrganization specifies the Organization on the CA template.
func WithOrganizationalUnit ¶
func WithOrganizationalUnit(ou string) CACertOption
WithOrganizationalUnit specifies the OrganizationalUnit on the CA template.
func WithYears ¶
func WithYears(y int) CACertOption
WithYears specifies the validity date of the CA.
type Depot ¶
type Depot interface { CA(pass []byte) ([]*x509.Certificate, *rsa.PrivateKey, error) Put(name string, crt *x509.Certificate, challenge string) error Serial() (*big.Int, error) HasCN(cn string, allowTime int, cert *x509.Certificate, revokeOldCertificate bool) (bool, error) }
Depot is a repository for managing certificates
type Option ¶
type Option func(*Signer)
Option customizes Signer
func WithAllowRenewalDays ¶
WithAllowRenewalDays sets the allowable renewal time for existing certs
func WithCAPass ¶
WithCAPass specifies the password to use with an encrypted CA key
func WithSeverAttrs ¶
func WithSeverAttrs() Option
func WithSignatureAlgorithm ¶
func WithSignatureAlgorithm(a x509.SignatureAlgorithm) Option
WithSignatureAlgorithm sets the signature algorithm to be used to sign certificates. When set to a non-zero value, this would take preference over the default behaviour of matching the signing algorithm from the x509 CSR.
func WithValidityDays ¶
WithValidityDays sets the validity period new certs will use
type Signer ¶
type Signer struct {
// contains filtered or unexported fields
}
Signer signs x509 certificates and stores them in a Depot
func (*Signer) SignCSR ¶
func (s *Signer) SignCSR(m *scep.CSRReqMessage) (*x509.Certificate, error)
SignCSR signs a certificate using Signer's Depot CA