Documentation ¶
Index ¶
- Constants
- func CommonNameForCertificate(crt *v1alpha1.Certificate) string
- func DNSNamesForCertificate(crt *v1alpha1.Certificate) []string
- func DecodeDERCertificateBytes(derBytes []byte) (*x509.Certificate, error)
- func DecodePKCS1PrivateKeyBytes(keyBytes []byte) (*rsa.PrivateKey, error)
- func DecodePrivateKeyBytes(keyBytes []byte) (crypto.PrivateKey, error)
- func DecodeX509CertificateBytes(certBytes []byte) (*x509.Certificate, error)
- func EncodeCSR(template *x509.CertificateRequest, key interface{}) ([]byte, error)
- func EncodeECPrivateKey(pk *ecdsa.PrivateKey) ([]byte, error)
- func EncodePKCS1PrivateKey(pk *rsa.PrivateKey) []byte
- func EncodePrivateKey(pk crypto.PrivateKey) ([]byte, error)
- func GenerateCSR(issuer v1alpha1.GenericIssuer, crt *v1alpha1.Certificate) (*x509.CertificateRequest, error)
- func GenerateECPrivateKey(keySize int) (*ecdsa.PrivateKey, error)
- func GeneratePrivateKeyForCertificate(crt *v1alpha1.Certificate) (crypto.PrivateKey, error)
- func GenerateRSAPrivateKey(keySize int) (*rsa.PrivateKey, error)
- func GenerateTemplate(issuer v1alpha1.GenericIssuer, crt *v1alpha1.Certificate, serialNo *big.Int) (*x509.Certificate, error)
- func OrganizationForCertificate(crt *v1alpha1.Certificate) []string
- func PublicKeyForPrivateKey(pk crypto.PrivateKey) (crypto.PublicKey, error)
- func PublicKeyMatchesCertificate(check crypto.PublicKey, crt *x509.Certificate) (bool, error)
- func SignCertificate(template *x509.Certificate, issuerCert *x509.Certificate, ...) ([]byte, *x509.Certificate, error)
- func SignatureAlgorithm(crt *v1alpha1.Certificate) (x509.SignatureAlgorithm, error)
Constants ¶
const ( MinRSAKeySize = 2048 MaxRSAKeySize = 8192 ECCurve256 = 256 ECCurve384 = 384 ECCurve521 = 521 )
Variables ¶
This section is empty.
Functions ¶
func CommonNameForCertificate ¶
func CommonNameForCertificate(crt *v1alpha1.Certificate) string
func DNSNamesForCertificate ¶
func DNSNamesForCertificate(crt *v1alpha1.Certificate) []string
func DecodeDERCertificateBytes ¶
func DecodeDERCertificateBytes(derBytes []byte) (*x509.Certificate, error)
func DecodePKCS1PrivateKeyBytes ¶
func DecodePKCS1PrivateKeyBytes(keyBytes []byte) (*rsa.PrivateKey, error)
func DecodePrivateKeyBytes ¶ added in v0.5.0
func DecodePrivateKeyBytes(keyBytes []byte) (crypto.PrivateKey, error)
func DecodeX509CertificateBytes ¶
func DecodeX509CertificateBytes(certBytes []byte) (*x509.Certificate, error)
func EncodeCSR ¶ added in v0.4.0
func EncodeCSR(template *x509.CertificateRequest, key interface{}) ([]byte, error)
func EncodeECPrivateKey ¶ added in v0.5.0
func EncodeECPrivateKey(pk *ecdsa.PrivateKey) ([]byte, error)
func EncodePKCS1PrivateKey ¶
func EncodePKCS1PrivateKey(pk *rsa.PrivateKey) []byte
func EncodePrivateKey ¶ added in v0.5.0
func EncodePrivateKey(pk crypto.PrivateKey) ([]byte, error)
func GenerateCSR ¶
func GenerateCSR(issuer v1alpha1.GenericIssuer, crt *v1alpha1.Certificate) (*x509.CertificateRequest, error)
func GenerateECPrivateKey ¶ added in v0.5.0
func GenerateECPrivateKey(keySize int) (*ecdsa.PrivateKey, error)
func GeneratePrivateKeyForCertificate ¶ added in v0.5.0
func GeneratePrivateKeyForCertificate(crt *v1alpha1.Certificate) (crypto.PrivateKey, error)
func GenerateRSAPrivateKey ¶
func GenerateRSAPrivateKey(keySize int) (*rsa.PrivateKey, error)
func GenerateTemplate ¶ added in v0.4.0
func GenerateTemplate(issuer v1alpha1.GenericIssuer, crt *v1alpha1.Certificate, serialNo *big.Int) (*x509.Certificate, error)
GenerateTemplate will create a x509.Certificate for the given Certificate resource. This should create a Certificate template that is equivalent to the CertificateRequest generated by GenerateCSR. The PublicKey field must be populated by the caller.
func OrganizationForCertificate ¶ added in v0.5.0
func OrganizationForCertificate(crt *v1alpha1.Certificate) []string
func PublicKeyForPrivateKey ¶ added in v0.5.0
func PublicKeyForPrivateKey(pk crypto.PrivateKey) (crypto.PublicKey, error)
func PublicKeyMatchesCertificate ¶ added in v0.4.1
PublicKeyMatchesCertificate can be used to verify the given public key is the correct counter-part to the given x509 Certificate. It will return false and no error if the public key is *not* valid for the given Certificate. It will return true if the public key *is* valid for the given Certificate. It will return an error if either of the passed parameters are of an unrecognised type (i.e. non RSA/ECDSA)
func SignCertificate ¶ added in v0.4.0
func SignCertificate(template *x509.Certificate, issuerCert *x509.Certificate, publicKey interface{}, signerKey interface{}) ([]byte, *x509.Certificate, error)
SignCertificate returns a signed x509.Certificate object for the given *v1alpha1.Certificate crt. publicKey is the public key of the signee, and signerKey is the private key of the signer.
func SignatureAlgorithm ¶ added in v0.5.0
func SignatureAlgorithm(crt *v1alpha1.Certificate) (x509.SignatureAlgorithm, error)
Return the appropriate signature algorithm for the certificate Adapted from https://github.com/cloudflare/cfssl/blob/master/csr/csr.go#L102
Types ¶
This section is empty.