Documentation
¶
Index ¶
- func Hash(crt *x509.Certificate) string
- func NewCSRAndIdentity(dnsNames []string, ips []net.IP) (csr *CertificateSigningRequest, identity *PEMEncodedCertificateAndKey, ...)
- func NewSerialNumber() (sn *big.Int, err error)
- type Certificate
- type CertificateAuthority
- func ECDSACertificateAuthority(template *x509.Certificate) (ca *CertificateAuthority, err error)
- func Ed25519CertificateAuthority(template *x509.Certificate) (ca *CertificateAuthority, err error)
- func NewSelfSignedCertificateAuthority(setters ...Option) (ca *CertificateAuthority, err error)
- func RSACertificateAuthority(template *x509.Certificate, opts *Options) (ca *CertificateAuthority, err error)
- type CertificateSigningRequest
- type ECDSAKey
- type Ed25519Key
- type KeyPair
- type Option
- type Options
- type PEMEncodedCertificateAndKey
- func (p *PEMEncodedCertificateAndKey) GetCert() (*x509.Certificate, error)
- func (p *PEMEncodedCertificateAndKey) GetRSAKey() (*rsa.PrivateKey, error)
- func (p *PEMEncodedCertificateAndKey) MarshalYAML() (interface{}, error)
- func (p *PEMEncodedCertificateAndKey) UnmarshalYAML(unmarshal func(interface{}) error) error
- type RSAKey
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func Hash ¶
func Hash(crt *x509.Certificate) string
Hash calculates the SHA-256 hash of the Subject Public Key Information (SPKI) object in an x509 certificate (in DER encoding). It returns the full hash as a hex encoded string (suitable for passing to Set.Allow). See https://github.com/kubernetes/kubernetes/blob/f557e0f7e3ee9089769ed3f03187fdd4acbb9ac1/cmd/kubeadm/app/util/pubkeypin/pubkeypin.go
func NewCSRAndIdentity ¶ added in v0.3.0
func NewCSRAndIdentity(dnsNames []string, ips []net.IP) (csr *CertificateSigningRequest, identity *PEMEncodedCertificateAndKey, err error)
NewCSRAndIdentity generates and PEM encoded certificate and key, along with a CSR for the generated key.
func NewSerialNumber ¶
NewSerialNumber generates a random serial number for an X.509 certificate.
Types ¶
type Certificate ¶
type Certificate struct {
X509Certificate *x509.Certificate
X509CertificatePEM []byte
}
Certificate represents an X.509 certificate.
func NewCertificateFromCSR ¶
func NewCertificateFromCSR(ca *x509.Certificate, key interface{}, csr *x509.CertificateRequest, setters ...Option) (crt *Certificate, err error)
NewCertificateFromCSR creates and signs X.509 certificate using the provided CSR.
func NewCertificateFromCSRBytes ¶
func NewCertificateFromCSRBytes(ca, key, csr []byte, setters ...Option) (crt *Certificate, err error)
NewCertificateFromCSRBytes creates a signed certificate using the provided certificate, key, and CSR.
type CertificateAuthority ¶
type CertificateAuthority struct {
Crt *x509.Certificate
CrtPEM []byte
Key interface{}
KeyPEM []byte
}
CertificateAuthority represents a CA.
func ECDSACertificateAuthority ¶ added in v0.3.0
func ECDSACertificateAuthority(template *x509.Certificate) (ca *CertificateAuthority, err error)
ECDSACertificateAuthority creates an ECDSA CA.
func Ed25519CertificateAuthority ¶ added in v0.3.0
func Ed25519CertificateAuthority(template *x509.Certificate) (ca *CertificateAuthority, err error)
Ed25519CertificateAuthority creates an Ed25519 CA.
func NewSelfSignedCertificateAuthority ¶
func NewSelfSignedCertificateAuthority(setters ...Option) (ca *CertificateAuthority, err error)
NewSelfSignedCertificateAuthority creates a self-signed CA configured for server and client authentication.
func RSACertificateAuthority ¶ added in v0.3.0
func RSACertificateAuthority(template *x509.Certificate, opts *Options) (ca *CertificateAuthority, err error)
RSACertificateAuthority creates an RSA CA.
type CertificateSigningRequest ¶
type CertificateSigningRequest struct {
X509CertificateRequest *x509.CertificateRequest
X509CertificateRequestPEM []byte
}
CertificateSigningRequest represents a CSR.
func NewCertificateSigningRequest ¶
func NewCertificateSigningRequest(key interface{}, setters ...Option) (csr *CertificateSigningRequest, err error)
NewCertificateSigningRequest creates a CSR. If the IPAddresses or DNSNames options are not specified, the CSR will be generated with the default values set in NewDefaultOptions.
type ECDSAKey ¶ added in v0.3.0
type ECDSAKey struct {
KeyPEM []byte
// contains filtered or unexported fields
}
ECDSAKey represents an ECDSA key.
func NewECDSAKey ¶ added in v0.3.0
NewECDSAKey generates an ECDSA key pair.
type Ed25519Key ¶ added in v0.3.0
type Ed25519Key struct {
PublicKey ed25519.PublicKey
PrivateKey ed25519.PrivateKey
PublicKeyPEM []byte
PrivateKeyPEM []byte
}
Ed25519Key represents an Ed25519 key.
func NewEd25519Key ¶ added in v0.3.0
func NewEd25519Key() (key *Ed25519Key, err error)
NewEd25519Key generates an Ed25519 key pair.
type KeyPair ¶
type KeyPair struct {
*tls.Certificate
}
KeyPair represents a certificate and key pair.
func NewKeyPair ¶
func NewKeyPair(ca *x509.Certificate, key interface{}, setters ...Option) (keypair *KeyPair, err error)
NewKeyPair generates a certificate signed by the provided CA, and a private key. The certifcate and private key are then used to create an tls.X509KeyPair.
type Option ¶
type Option func(*Options)
Option is the functional option func.
func CommonName ¶ added in v0.3.0
CommonName sets the common name of the certificate.
func DNSNames ¶
DNSNames sets the value for the DNS Names in Subject Alternate Name of the certificate.
func IPAddresses ¶
IPAddresses sets the value for the IP addresses in Subject Alternate Name of the certificate.
func Organization ¶
Organization sets the subject organization of the certificate.
func RSA ¶
RSA sets a flag for indicating that the requested operation should be performed under the context of RSA instead of the default ECDSA.
func SignatureAlgorithm ¶
func SignatureAlgorithm(o x509.SignatureAlgorithm) Option
SignatureAlgorithm sets the hash algorithm used to sign the SSL certificate.
type Options ¶
type Options struct {
CommonName string
Organization string
SignatureAlgorithm x509.SignatureAlgorithm
IPAddresses []net.IP
DNSNames []string
Bits int
RSA bool
NotAfter time.Time
}
Options is the functional options struct.
func NewDefaultOptions ¶
NewDefaultOptions initializes the Options struct with default values.
type PEMEncodedCertificateAndKey ¶
PEMEncodedCertificateAndKey represents a PEM encoded certificate and private key pair.
func NewCertficateAndKey ¶ added in v0.3.0
func NewCertficateAndKey(crt *x509.Certificate, key interface{}, setters ...Option) (p *PEMEncodedCertificateAndKey, err error)
NewCertficateAndKey generates a new key and certificate signed by a CA.
nolint: gocyclo
func NewCertificateAndKeyFromFiles ¶
func NewCertificateAndKeyFromFiles(crt, key string) (p *PEMEncodedCertificateAndKey, err error)
NewCertificateAndKeyFromFiles initializes and returns a PEMEncodedCertificateAndKey from the path to a crt and key.
func (*PEMEncodedCertificateAndKey) GetCert ¶ added in v0.4.0
func (p *PEMEncodedCertificateAndKey) GetCert() (*x509.Certificate, error)
GetCert parses PEM-encoded certificate as x509.Certificate.
func (*PEMEncodedCertificateAndKey) GetRSAKey ¶ added in v0.4.0
func (p *PEMEncodedCertificateAndKey) GetRSAKey() (*rsa.PrivateKey, error)
GetRSAKey parses PEM-encoded RSA key.
func (*PEMEncodedCertificateAndKey) MarshalYAML ¶
func (p *PEMEncodedCertificateAndKey) MarshalYAML() (interface{}, error)
MarshalYAML implements the yaml.Marshaler interface for PEMEncodedCertificateAndKey. It is expected that the Crt and Key are a base64 encoded string in the YAML file. This function encodes the byte slices into strings
func (*PEMEncodedCertificateAndKey) UnmarshalYAML ¶
func (p *PEMEncodedCertificateAndKey) UnmarshalYAML(unmarshal func(interface{}) error) error
UnmarshalYAML implements the yaml.Unmarshaler interface for PEMEncodedCertificateAndKey. It is expected that the Crt and Key are a base64 encoded string in the YAML file. This function decodes the strings into byte slices.
Source Files