Documentation ¶
Overview ¶
Package cert4now provides functions to generate tls.Certificate.
Example ¶
// Generating a self signed certificate as a CA. ca, err := cert4now.Generate( cert4now.CommonName("Root CA"), cert4now.AddDate(20, 0, 0), cert4now.KeyUsage(x509.KeyUsageDigitalSignature|x509.KeyUsageCertSign|x509.KeyUsageCRLSign), cert4now.ExtKeyUsage(), cert4now.IsCA(true), ) if err != nil { panic(err) } ln, err := net.Listen("tcp", "127.0.0.1:") if err != nil { panic(err) } defer ln.Close() server := func() (exec func() error, intr func(error)) { // Generating a certificate signed by CA for the TLS-enabled http server. cert, err := cert4now.Generate( cert4now.Authority(ca), cert4now.CommonName("Leaf certificate"), cert4now.Names("localhost", "127.0.0.1"), cert4now.IsCA(false), ) if err != nil { panic(err) } http.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) { fmt.Fprintln(w, "hello world") }) srv := http.Server{ TLSConfig: &tls.Config{ Certificates: []tls.Certificate{cert}, }, } exec = func() error { return srv.ServeTLS(ln, "", "") } intr = func(error) { ctx, cancel := context.WithTimeout(context.Background(), 3*time.Second) _ = srv.Shutdown(ctx) cancel() } return } client := func() (exec func() error, intr func(error)) { exec = func() error { ca, err := x509.ParseCertificate(ca.Certificate[0]) if err != nil { return err } rootCAs := x509.NewCertPool() rootCAs.AddCert(ca) client := &http.Client{ Transport: &http.Transport{ TLSClientConfig: &tls.Config{ RootCAs: rootCAs, VerifyPeerCertificate: func(_ [][]byte, verifiedChains [][]*x509.Certificate) error { for i, x := range verifiedChains { for j, y := range x { fmt.Println(i, j, y.Subject.CommonName) } } return nil }, }, }, } resp, err := client.Get("https://" + ln.Addr().String()) if err != nil { return err } p, err := ioutil.ReadAll(resp.Body) if err != nil { return err } resp.Body.Close() fmt.Println(string(p)) return nil } intr = func(error) {} return } var g run.Group g.Add(server()) g.Add(client()) if err := g.Run(); err != nil { panic(err) }
Output: 0 0 Leaf certificate 0 1 Root CA hello world
Index ¶
- Variables
- func EncodeCertificateToPEM(cert tls.Certificate) ([]byte, error)
- func EncodePrivateKeyToPEM(cert tls.Certificate) ([]byte, error)
- func Generate(options ...Option) (cert tls.Certificate, err error)
- func WriteCertificate(w io.Writer, cert tls.Certificate) error
- func WriteCertificateFile(filename string, cert tls.Certificate, perm fs.FileMode) error
- func WritePrivateKey(w io.Writer, cert tls.Certificate) error
- func WritePrivateKeyFile(filename string, cert tls.Certificate, perm fs.FileMode) error
- type Option
- func AddDate(years, months, days int) Option
- func Authority(cert tls.Certificate) Option
- func BasicConstraintsValid(flag bool) Option
- func CommonName(name string) Option
- func DNSNames(names ...string) Option
- func DNSNamesReset(names ...string) Option
- func ECDSA(c elliptic.Curve) Option
- func EmailAddresses(emails ...string) Option
- func EmailAddressesReset(emails ...string) Option
- func ExtKeyUsage(usage ...x509.ExtKeyUsage) Option
- func IPAddresses(ips ...net.IP) Option
- func IPAddressesReset(ips ...net.IP) Option
- func IsCA(isCA bool) Option
- func KeyUsage(usage x509.KeyUsage) Option
- func Names(names ...string) Option
- func NotAfter(t time.Time) Option
- func NotBefore(t time.Time) Option
- func RSA(bits int) Option
- func SerialNumber(serialNumber *big.Int) Option
- func Signer(signer crypto.Signer) Option
- func Subject(name pkix.Name) Option
Examples ¶
Constants ¶
This section is empty.
Variables ¶
var ErrInvalidAuthorityKey = errors.New("authority's PrivateKey is not type of crypto.Signer")
ErrInvalidAuthorityKey represents the authority certificate has an invalid private key.
Functions ¶
func EncodeCertificateToPEM ¶
func EncodeCertificateToPEM(cert tls.Certificate) ([]byte, error)
EncodeCertificateToPEM encode the certificate of cert into PEM format.
func EncodePrivateKeyToPEM ¶
func EncodePrivateKeyToPEM(cert tls.Certificate) ([]byte, error)
EncodePrivateKeyToPEM encodes the private key of cert into PEM format.
func Generate ¶
func Generate(options ...Option) (cert tls.Certificate, err error)
Generate generates a new certificate.
func WriteCertificate ¶
func WriteCertificate(w io.Writer, cert tls.Certificate) error
WriteCertificate writes the certificate into w in PEM format.
func WriteCertificateFile ¶
WriteCertificateFile writes the certificate into the file of filename in PEM format.
func WritePrivateKey ¶
func WritePrivateKey(w io.Writer, cert tls.Certificate) error
WritePrivateKey writes the private key into w in PEM format.
func WritePrivateKeyFile ¶
WritePrivateKeyFile writes the private key into the file of filename in PEM format.
Types ¶
type Option ¶
type Option func(*param)
Option represents an option for generating a certificate.
func Authority ¶
func Authority(cert tls.Certificate) Option
Authority returns an option of setting the authority.
func BasicConstraintsValid ¶
BasicConstraintsValid returns an option of setting the BasicConstraintsValid.
func CommonName ¶
CommonName returns an option of setting the common name.
func DNSNamesReset ¶
DNSNamesReset returns an option of setting the DNSNames.
func EmailAddresses ¶
EmailAddresses returns an option of appending the EmailAddresses.
func EmailAddressesReset ¶
EmailAddressesReset returns an option of setting the EmailAddresses.
func ExtKeyUsage ¶
func ExtKeyUsage(usage ...x509.ExtKeyUsage) Option
ExtKeyUsage returns an option of setting an ExtKeyUsage.
func IPAddresses ¶
IPAddresses returns an option of appending the IPAddresses.
func IPAddressesReset ¶
IPAddressesReset returns an option of setting the IPAddresses.
func Names ¶
Names returns an option of appending DNSNames and IPAddresses. For each of names, the name that success to net.ParseIP is appended to IPAddresses. The name that failed to net.ParseIP is appended to DNSNames.
func SerialNumber ¶
SerialNumber returns an option of setting the serial number.