x509

package
v0.2.0-alpha.3 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jul 22, 2019 License: MPL-2.0 Imports: 17 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func Hash 

func Hash(crt *x509.Certificate) string

Hash calculates the SHA-256 hash of the Subject Public Key Information (SPKI) object in an x509 certificate (in DER encoding). It returns the full hash as a hex encoded string (suitable for passing to Set.Allow). See https://github.com/kubernetes/kubernetes/blob/f557e0f7e3ee9089769ed3f03187fdd4acbb9ac1/cmd/kubeadm/app/util/pubkeypin/pubkeypin.go

func NewSerialNumber 

func NewSerialNumber() (sn *big.Int, err error)

NewSerialNumber generates a random serial number for an X.509 certificate.

Types

type Certificate 

type Certificate struct {
	X509Certificate    *x509.Certificate
	X509CertificatePEM []byte
}

Certificate represents an X.509 certificate.

func NewCertificateFromCSR 

func NewCertificateFromCSR(ca *x509.Certificate, key *ecdsa.PrivateKey, csr *x509.CertificateRequest, setters ...Option) (crt *Certificate, err error)

NewCertificateFromCSR creates and signs X.509 certificate using the provided CSR.

func NewCertificateFromCSRBytes 

func NewCertificateFromCSRBytes(ca, key, csr []byte, setters ...Option) (crt *Certificate, err error)

NewCertificateFromCSRBytes creates a signed certificate using the provided certificate, key, and CSR.

type CertificateAuthority 

type CertificateAuthority struct {
	Crt    *x509.Certificate
	CrtPEM []byte
	Key    interface{}
	KeyPEM []byte
}

CertificateAuthority represents a CA.

func NewSelfSignedCertificateAuthority 

func NewSelfSignedCertificateAuthority(setters ...Option) (ca *CertificateAuthority, err error)

NewSelfSignedCertificateAuthority creates a self-signed CA configured for server and client authentication.

type CertificateSigningRequest 

type CertificateSigningRequest struct {
	X509CertificateRequest    *x509.CertificateRequest
	X509CertificateRequestPEM []byte
}

CertificateSigningRequest represents a CSR.

func NewCertificateSigningRequest 

func NewCertificateSigningRequest(key *ecdsa.PrivateKey, setters ...Option) (csr *CertificateSigningRequest, err error)

NewCertificateSigningRequest creates a CSR. If the IPAddresses or DNSNames options are not specified, the CSR will be generated with the default values set in NewDefaultOptions.

type Key 

type Key struct {
	KeyPEM []byte
	// contains filtered or unexported fields
}

Key represents an ECDSA private key.

func NewKey 

func NewKey() (key *Key, err error)

NewKey generates an ECDSA private key.

type KeyPair 

type KeyPair struct {
	*tls.Certificate
}

KeyPair represents a certificate and key pair.

func NewKeyPair 

func NewKeyPair(ca *x509.Certificate, key *ecdsa.PrivateKey, setters ...Option) (keypair *KeyPair, err error)

NewKeyPair generates a certificate signed by the provided CA, and an ECDSA private key. The certifcate and private key are then used to create an tls.X509KeyPair.

type Option 

type Option func(*Options)

Option is the functional option func.

func Bits 

func Bits(o int) Option

Bits sets the bit size of the RSA key pair.

func DNSNames 

func DNSNames(o []string) Option

DNSNames sets the value for the DNS Names in Subject Alternate Name of the certificate.

func IPAddresses 

func IPAddresses(o []net.IP) Option

IPAddresses sets the value for the IP addresses in Subject Alternate Name of the certificate.

func NotAfter 

func NotAfter(o time.Time) Option

NotAfter sets the validity bound describing when a certificate expires.

func Organization 

func Organization(o string) Option

Organization sets the subject organization of the certificate.

func RSA 

func RSA(o bool) Option

RSA sets a flag for indicating that the requested operation should be performed under the context of RSA instead of the default ECDSA.

func SignatureAlgorithm 

func SignatureAlgorithm(o x509.SignatureAlgorithm) Option

SignatureAlgorithm sets the hash algorithm used to sign the SSL certificate.

type Options 

type Options struct {
	Organization       string
	SignatureAlgorithm x509.SignatureAlgorithm
	IPAddresses        []net.IP
	DNSNames           []string
	Bits               int
	RSA                bool
	NotAfter           time.Time
}

Options is the functional options struct.

func NewDefaultOptions 

func NewDefaultOptions(setters ...Option) *Options

NewDefaultOptions initializes the Options struct with default values.

type PEMEncodedCertificateAndKey 

type PEMEncodedCertificateAndKey struct {
	Crt []byte
	Key []byte
}

PEMEncodedCertificateAndKey represents the PEM encoded certificate and private key pair.

func NewCertificateAndKeyFromFiles 

func NewCertificateAndKeyFromFiles(crt, key string) (p *PEMEncodedCertificateAndKey, err error)

NewCertificateAndKeyFromFiles initializes and returns a PEMEncodedCertificateAndKey from the path to a crt and key.

func (*PEMEncodedCertificateAndKey) MarshalYAML 

func (p *PEMEncodedCertificateAndKey) MarshalYAML() (interface{}, error)

MarshalYAML implements the yaml.Marshaler interface for PEMEncodedCertificateAndKey. It is expected that the Crt and Key are a base64 encoded string in the YAML file. This function encodes the byte slices into strings

func (*PEMEncodedCertificateAndKey) UnmarshalYAML 

func (p *PEMEncodedCertificateAndKey) UnmarshalYAML(unmarshal func(interface{}) error) error

UnmarshalYAML implements the yaml.Unmarshaler interface for PEMEncodedCertificateAndKey. It is expected that the Crt and Key are a base64 encoded string in the YAML file. This function decodes the strings into byte slices.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.