triple

package

v0.21.0 Latest Latest Go to latest Published: Sep 12, 2023 License: Apache-2.0 Imports: 17 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/qinqon/kube-admission-webhook

Links

Open Source Insights

Documentation ¶

Overview ¶

Package triple generates key-certificate pairs for the triple (CA, Server, Client).

Index ¶

Constants
Variables
func AddCertToPEM(cert *x509.Certificate, pemCerts []byte, maxListSize int) ([]byte, error)
func EncodeCertPEM(cert *x509.Certificate) []byte
func EncodeCertsPEM(certs []*x509.Certificate) []byte
func EncodePrivateKeyPEM(key *rsa.PrivateKey) []byte
func EncodePublicKeyPEM(key *rsa.PublicKey) ([]byte, error)
func MakeEllipticPrivateKeyPEM() ([]byte, error)
func NewPrivateKey() (*rsa.PrivateKey, error)
func NewSelfSignedCACert(cfg *Config, key crypto.Signer, duration time.Duration) (*x509.Certificate, error)
func NewSignedCert(cfg *Config, key crypto.Signer, caCert *x509.Certificate, caKey crypto.Signer, ...) (*x509.Certificate, error)
func ParseCertsPEM(pemCerts []byte) ([]*x509.Certificate, error)
func ParsePrivateKeyPEM(keyData []byte) (interface{}, error)
func ParsePublicKeysPEM(keyData []byte) ([]interface{}, error)
func VerifyTLS(certsPEM, keyPEM, caBundle []byte) error
type AltNames
type Config
type KeyPair

Constants ¶

View Source

const (
	// ECPrivateKeyBlockType is a possible value for pem.Block.Type.
	ECPrivateKeyBlockType = "EC PRIVATE KEY"
	// RSAPrivateKeyBlockType is a possible value for pem.Block.Type.
	RSAPrivateKeyBlockType = "RSA PRIVATE KEY"
	// PrivateKeyBlockType is a possible value for pem.Block.Type.
	PrivateKeyBlockType = "PRIVATE KEY"
	// PublicKeyBlockType is a possible value for pem.Block.Type.
	PublicKeyBlockType = "PUBLIC KEY"
	// CertificateBlockType is a possible value for pem.Block.Type.
	CertificateBlockType = "CERTIFICATE"
	// CertificateRequestBlockType is a possible value for pem.Block.Type.
	CertificateRequestBlockType = "CERTIFICATE REQUEST"
	// CertsListSizeLimit sets the max size of a certs list
	CertsListSizeLimit = 100
)

Variables ¶

View Source

var (
	Now = time.Now
)

Functions ¶

func AddCertToPEM ¶ added in v0.13.0

func AddCertToPEM(cert *x509.Certificate, pemCerts []byte, maxListSize int) ([]byte, error)

func EncodeCertPEM ¶

func EncodeCertPEM(cert *x509.Certificate) []byte

EncodeCertPEM returns PEM-endcoded certificate data

func EncodeCertsPEM ¶ added in v0.10.0

func EncodeCertsPEM(certs []*x509.Certificate) []byte

EncodeCertsPEM returns PEM-endcoded certificates data

func EncodePrivateKeyPEM ¶

func EncodePrivateKeyPEM(key *rsa.PrivateKey) []byte

EncodePrivateKeyPEM returns PEM-encoded private key data

func EncodePublicKeyPEM ¶

func EncodePublicKeyPEM(key *rsa.PublicKey) ([]byte, error)

EncodePublicKeyPEM returns PEM-encoded public data

func MakeEllipticPrivateKeyPEM ¶

func MakeEllipticPrivateKeyPEM() ([]byte, error)

MakeEllipticPrivateKeyPEM creates an ECDSA private key

func NewPrivateKey ¶

func NewPrivateKey() (*rsa.PrivateKey, error)

NewPrivateKey creates an RSA private key

func NewSelfSignedCACert ¶

func NewSelfSignedCACert(cfg *Config, key crypto.Signer, duration time.Duration) (*x509.Certificate, error)

NewSelfSignedCACert creates a CA certificate

func NewSignedCert ¶

func NewSignedCert(cfg *Config, key crypto.Signer, caCert *x509.Certificate,
	caKey crypto.Signer, duration time.Duration) (*x509.Certificate, error)

NewSignedCert creates a signed certificate using the given CA certificate and key

func ParseCertsPEM ¶

func ParseCertsPEM(pemCerts []byte) ([]*x509.Certificate, error)

ParseCertsPEM returns the x509.Certificates contained in the given PEM-encoded byte array Returns an error if a certificate could not be parsed, or if the data does not contain any certificates

func ParsePrivateKeyPEM ¶

func ParsePrivateKeyPEM(keyData []byte) (interface{}, error)

ParsePrivateKeyPEM returns a private key parsed from a PEM block in the supplied data. Recognizes PEM blocks for "EC PRIVATE KEY", "RSA PRIVATE KEY", or "PRIVATE KEY"

func ParsePublicKeysPEM ¶

func ParsePublicKeysPEM(keyData []byte) ([]interface{}, error)

ParsePublicKeysPEM is a helper function for reading an array of rsa.PublicKey or ecdsa.PublicKey from a PEM-encoded byte array. Reads public keys from both public and private key files.

func VerifyTLS ¶

func VerifyTLS(certsPEM, keyPEM, caBundle []byte) error

Types ¶

type AltNames ¶

type AltNames struct {
	DNSNames []string
	IPs      []net.IP
}

AltNames contains the domain names and IP addresses that will be added to the API Server's x509 certificate SubAltNames field. The values will be passed directly to the x509.Certificate object.

type Config ¶

type Config struct {
	CommonName   string
	Organization []string
	AltNames     AltNames
	Usages       []x509.ExtKeyUsage
}

Config contains the basic fields required for creating a certificate

type KeyPair ¶

type KeyPair struct {
	Key  *rsa.PrivateKey
	Cert *x509.Certificate
}

func NewCA ¶

func NewCA(name string, duration time.Duration) (*KeyPair, error)

func NewClientKeyPair ¶

func NewClientKeyPair(ca *KeyPair, commonName string, organizations []string, duration time.Duration) (*KeyPair, error)

func NewServerKeyPair ¶

func NewServerKeyPair(ca *KeyPair, commonName, svcName, svcNamespace,
	dnsDomain string, ips, hostnames []string, duration time.Duration) (*KeyPair, error)

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL