Documentation
¶
Index ¶
- func DecodeCertificates(certBytes []byte) ([]*x509.Certificate, error)
- func DecodePrivateKey(keyBytes []byte) (*rsa.PrivateKey, error)
- func EncodeCertificates(certificates ...*x509.Certificate) ([]byte, error)
- func EncodePrivateKey(key *rsa.PrivateKey) ([]byte, error)
- func FilterOutDuplicateCertificates(certs []*x509.Certificate) []*x509.Certificate
- func FilterOutExpiredCertificates(certs []*x509.Certificate, now time.Time) []*x509.Certificate
- func GetTLSCertificatesFromBytes(certBytes, keyBytes []byte) ([]*x509.Certificate, *rsa.PrivateKey, error)
- func HasCertificate(certs []*x509.Certificate, cert *x509.Certificate) bool
- func MakeCABundle(currentCert *x509.Certificate, previousCerts []*x509.Certificate, ...) []*x509.Certificate
- func SignCertificate(template *x509.Certificate, requestKey *rsa.PublicKey, ...) (*x509.Certificate, error)
- type CACertCreatorConfig
- type CertCreator
- type CertificateAuthority
- func (ca *CertificateAuthority) GetCert() *x509.Certificate
- func (ca *CertificateAuthority) GetPublicKey() *rsa.PublicKey
- func (ca *CertificateAuthority) Now() time.Time
- func (ca *CertificateAuthority) SignCertificate(template *x509.Certificate, requestKey *rsa.PublicKey) (*x509.Certificate, error)
- func (ca *CertificateAuthority) VerifyCertificate(cert *x509.Certificate) error
- type ClientCertCreatorConfig
- type DesiredCertTemplate
- type RSAKeyGenerator
- type RSAKeyGetter
- type SelfSignedSigner
- type ServingCertCreatorConfig
- type Signer
- type X509CertCreator
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func DecodeCertificates ¶
func DecodeCertificates(certBytes []byte) ([]*x509.Certificate, error)
func DecodePrivateKey ¶
func DecodePrivateKey(keyBytes []byte) (*rsa.PrivateKey, error)
func EncodeCertificates ¶
func EncodeCertificates(certificates ...*x509.Certificate) ([]byte, error)
func EncodePrivateKey ¶
func EncodePrivateKey(key *rsa.PrivateKey) ([]byte, error)
func FilterOutDuplicateCertificates ¶
func FilterOutDuplicateCertificates(certs []*x509.Certificate) []*x509.Certificate
func FilterOutExpiredCertificates ¶
func FilterOutExpiredCertificates(certs []*x509.Certificate, now time.Time) []*x509.Certificate
func GetTLSCertificatesFromBytes ¶
func GetTLSCertificatesFromBytes(certBytes, keyBytes []byte) ([]*x509.Certificate, *rsa.PrivateKey, error)
func HasCertificate ¶
func HasCertificate(certs []*x509.Certificate, cert *x509.Certificate) bool
func MakeCABundle ¶
func MakeCABundle(currentCert *x509.Certificate, previousCerts []*x509.Certificate, now time.Time) []*x509.Certificate
func SignCertificate ¶
func SignCertificate(template *x509.Certificate, requestKey *rsa.PublicKey, issuer *x509.Certificate, issuerKey *rsa.PrivateKey) (*x509.Certificate, error)
Types ¶
type CACertCreatorConfig ¶
func (*CACertCreatorConfig) ToCreator ¶
func (c *CACertCreatorConfig) ToCreator() *X509CertCreator
type CertCreator ¶
type CertCreator interface {
MakeCertificateTemplate(now time.Time, validity time.Duration) *x509.Certificate
MakeCertificate(ctx context.Context, keyGetter RSAKeyGetter, signer Signer, validity time.Duration) (*x509.Certificate, *rsa.PrivateKey, error)
}
type CertificateAuthority ¶
type CertificateAuthority struct {
// contains filtered or unexported fields
}
func NewCertificateAuthority ¶
func NewCertificateAuthority(cert *x509.Certificate, key *rsa.PrivateKey, nowFunc func() time.Time) (*CertificateAuthority, error)
func (*CertificateAuthority) GetCert ¶
func (ca *CertificateAuthority) GetCert() *x509.Certificate
func (*CertificateAuthority) GetPublicKey ¶
func (ca *CertificateAuthority) GetPublicKey() *rsa.PublicKey
func (*CertificateAuthority) Now ¶
func (ca *CertificateAuthority) Now() time.Time
func (*CertificateAuthority) SignCertificate ¶
func (ca *CertificateAuthority) SignCertificate(template *x509.Certificate, requestKey *rsa.PublicKey) (*x509.Certificate, error)
func (*CertificateAuthority) VerifyCertificate ¶
func (ca *CertificateAuthority) VerifyCertificate(cert *x509.Certificate) error
type ClientCertCreatorConfig ¶
func (*ClientCertCreatorConfig) ToCreator ¶
func (c *ClientCertCreatorConfig) ToCreator() *X509CertCreator
type DesiredCertTemplate ¶
type DesiredCertTemplate struct {
Subject pkixName
KeyUsage x509.KeyUsage
ExtKeyUsage []x509.ExtKeyUsage
BasicConstraintsValid bool
IsCA bool
MaxPathLen int
MaxPathLenZero bool
// RFC 5280, 4.2.2.1 (Authority Information Access)
OCSPServer []string
IssuingCertificateURL []string
// Subject Alternate Name values.
DNSNames []string
EmailAddresses []string
IPAddresses []net.IP
URIs []*url.URL
// Name constraints
PermittedDNSDomainsCritical bool // if true then the name constraints are marked critical.
PermittedDNSDomains []string
ExcludedDNSDomains []string
PermittedIPRanges []*net.IPNet
ExcludedIPRanges []*net.IPNet
PermittedEmailAddresses []string
ExcludedEmailAddresses []string
PermittedURIDomains []string
ExcludedURIDomains []string
// CRL Distribution Points
CRLDistributionPoints []string
PolicyIdentifiers []asn1.ObjectIdentifier
}
DesiredCertTemplate holds desired fields from a certificate that are not dependent on time.
func ExtractDesiredFieldsFromTemplate ¶
func ExtractDesiredFieldsFromTemplate(template *x509.Certificate) *DesiredCertTemplate
func (*DesiredCertTemplate) StringOrDie ¶
func (t *DesiredCertTemplate) StringOrDie() string
func (*DesiredCertTemplate) ToJson ¶
func (t *DesiredCertTemplate) ToJson() ([]byte, error)
type RSAKeyGenerator ¶ added in v1.9.0
type RSAKeyGenerator struct {
itemgenerator.Generator[rsa.PrivateKey]
}
func NewRSAKeyGenerator ¶ added in v1.9.0
func NewRSAKeyGenerator(min, max int, delay time.Duration) (*RSAKeyGenerator, error)
func (*RSAKeyGenerator) GetNewKey ¶ added in v1.9.0
func (g *RSAKeyGenerator) GetNewKey(ctx context.Context) (*rsa.PrivateKey, error)
type RSAKeyGetter ¶ added in v1.9.0
type RSAKeyGetter interface {
GetNewKey(ctx context.Context) (*rsa.PrivateKey, error)
}
type SelfSignedSigner ¶
type SelfSignedSigner struct {
// contains filtered or unexported fields
}
func NewSelfSignedSigner ¶
func NewSelfSignedSigner(nowFunc func() time.Time) *SelfSignedSigner
func NewSelfSignedSignerWithKey ¶
func NewSelfSignedSignerWithKey(nowFunc func() time.Time, privateKey *rsa.PrivateKey) *SelfSignedSigner
func (*SelfSignedSigner) GetPublicKey ¶
func (s *SelfSignedSigner) GetPublicKey() *rsa.PublicKey
func (*SelfSignedSigner) Now ¶
func (s *SelfSignedSigner) Now() time.Time
func (*SelfSignedSigner) SignCertificate ¶
func (s *SelfSignedSigner) SignCertificate(template *x509.Certificate, requestKey *rsa.PublicKey) (*x509.Certificate, error)
func (*SelfSignedSigner) VerifyCertificate ¶
func (s *SelfSignedSigner) VerifyCertificate(cert *x509.Certificate) error
type ServingCertCreatorConfig ¶
func (*ServingCertCreatorConfig) ToCreator ¶
func (c *ServingCertCreatorConfig) ToCreator() *X509CertCreator
type Signer ¶
type Signer interface {
Now() time.Time
GetPublicKey() *rsa.PublicKey
SignCertificate(template *x509.Certificate, requestKey *rsa.PublicKey) (*x509.Certificate, error)
VerifyCertificate(cert *x509.Certificate) error
}
type X509CertCreator ¶
type X509CertCreator struct {
Subject pkix.Name
IPAddresses []net.IP
DNSNames []string
KeyUsage x509.KeyUsage
ExtKeyUsage []x509.ExtKeyUsage
IsCA bool
}
func (*X509CertCreator) MakeCertificate ¶
func (c *X509CertCreator) MakeCertificate(ctx context.Context, keyGetter RSAKeyGetter, signer Signer, validity time.Duration) (*x509.Certificate, *rsa.PrivateKey, error)
func (*X509CertCreator) MakeCertificateTemplate ¶
func (c *X509CertCreator) MakeCertificateTemplate(now time.Time, validity time.Duration) *x509.Certificate
Source Files
¶
Directories
Click to show internal directories.
Click to hide internal directories.