x509

package
v0.1.0-alpha.23 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Apr 24, 2019 License: MPL-2.0 Imports: 17 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func Hash

func Hash(crt *x509.Certificate) string

Hash calculates the SHA-256 hash of the Subject Public Key Information (SPKI) object in an x509 certificate (in DER encoding). It returns the full hash as a hex encoded string (suitable for passing to Set.Allow). See https://github.com/kubernetes/kubernetes/blob/f557e0f7e3ee9089769ed3f03187fdd4acbb9ac1/cmd/kubeadm/app/util/pubkeypin/pubkeypin.go

func NewSerialNumber

func NewSerialNumber() (sn *big.Int, err error)

NewSerialNumber generates a random serial number for an X.509 certificate.

Types

type Certificate

type Certificate struct {
	X509Certificate    *x509.Certificate
	X509CertificatePEM []byte
}

Certificate represents an X.509 certificate.

func NewCertificateFromCSR

func NewCertificateFromCSR(ca *x509.Certificate, key *ecdsa.PrivateKey, csr *x509.CertificateRequest, setters ...Option) (crt *Certificate, err error)

NewCertificateFromCSR creates and signs X.509 certificate using the provided CSR.

func NewCertificateFromCSRBytes

func NewCertificateFromCSRBytes(ca, key, csr []byte, setters ...Option) (crt *Certificate, err error)

NewCertificateFromCSRBytes creates a signed certificate using the provided certificate, key, and CSR.

type CertificateAuthority

type CertificateAuthority struct {
	Crt    *x509.Certificate
	CrtPEM []byte
	Key    interface{}
	KeyPEM []byte
}

CertificateAuthority represents a CA.

func NewSelfSignedCertificateAuthority

func NewSelfSignedCertificateAuthority(setters ...Option) (ca *CertificateAuthority, err error)

NewSelfSignedCertificateAuthority creates a self-signed CA configured for server and client authentication.

type CertificateSigningRequest

type CertificateSigningRequest struct {
	X509CertificateRequest    *x509.CertificateRequest
	X509CertificateRequestPEM []byte
}

CertificateSigningRequest represents a CSR.

func NewCertificateSigningRequest

func NewCertificateSigningRequest(key *ecdsa.PrivateKey, setters ...Option) (csr *CertificateSigningRequest, err error)

NewCertificateSigningRequest creates a CSR. If the IPAddresses or DNSNames options are not specified, the CSR will be generated with the default values set in NewDefaultOptions.

type Key

type Key struct {
	KeyPEM []byte
	// contains filtered or unexported fields
}

Key represents an ECDSA private key.

func NewKey

func NewKey() (key *Key, err error)

NewKey generates an ECDSA private key.

type KeyPair

type KeyPair struct {
	*tls.Certificate
}

KeyPair represents a certificate and key pair.

func NewKeyPair

func NewKeyPair(ca *x509.Certificate, key *ecdsa.PrivateKey, setters ...Option) (keypair *KeyPair, err error)

NewKeyPair generates a certificate signed by the provided CA, and an ECDSA private key. The certifcate and private key are then used to create an tls.X509KeyPair.

type Option

type Option func(*Options)

Option is the functional option func.

func Bits

func Bits(o int) Option

Bits sets the bit size of the RSA key pair.

func DNSNames

func DNSNames(o []string) Option

DNSNames sets the value for the DNS Names in Subject Alternate Name of the certificate.

func IPAddresses

func IPAddresses(o []net.IP) Option

IPAddresses sets the value for the IP addresses in Subject Alternate Name of the certificate.

func NotAfter

func NotAfter(o time.Time) Option

NotAfter sets the validity bound describing when a certificate expires.

func Organization

func Organization(o string) Option

Organization sets the subject organization of the certificate.

func RSA

func RSA(o bool) Option

RSA sets a flag for indicating that the requested operation should be performed under the context of RSA instead of the default ECDSA.

func SignatureAlgorithm

func SignatureAlgorithm(o x509.SignatureAlgorithm) Option

SignatureAlgorithm sets the hash algorithm used to sign the SSL certificate.

type Options

type Options struct {
	Organization       string
	SignatureAlgorithm x509.SignatureAlgorithm
	IPAddresses        []net.IP
	DNSNames           []string
	Bits               int
	RSA                bool
	NotAfter           time.Time
}

Options is the functional options struct.

func NewDefaultOptions

func NewDefaultOptions(setters ...Option) *Options

NewDefaultOptions initializes the Options struct with default values.

type PEMEncodedCertificateAndKey

type PEMEncodedCertificateAndKey struct {
	Crt []byte
	Key []byte
}

PEMEncodedCertificateAndKey represents the PEM encoded certificate and private key pair.

func NewCertificateAndKeyFromFiles

func NewCertificateAndKeyFromFiles(crt, key string) (p *PEMEncodedCertificateAndKey, err error)

NewCertificateAndKeyFromFiles initializes and returns a PEMEncodedCertificateAndKey from the path to a crt and key.

func (*PEMEncodedCertificateAndKey) MarshalYAML

func (p *PEMEncodedCertificateAndKey) MarshalYAML() (interface{}, error)

MarshalYAML implements the yaml.Marshaler interface for PEMEncodedCertificateAndKey. It is expected that the Crt and Key are a base64 encoded string in the YAML file. This function encodes the byte slices into strings

func (*PEMEncodedCertificateAndKey) UnmarshalYAML

func (p *PEMEncodedCertificateAndKey) UnmarshalYAML(unmarshal func(interface{}) error) error

UnmarshalYAML implements the yaml.Unmarshaler interface for PEMEncodedCertificateAndKey. It is expected that the Crt and Key are a base64 encoded string in the YAML file. This function decodes the strings into byte slices.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL