generator

Documentation

Overview

Package generator acts as the front-end for certificate generation and should always be the way external packages generate certificates.

The proxy functions defined here take all measures necessary, so that a config.CertificateContent directly yields a cert.CertificateContext. It also ensures that the intended defaults are applied as expected.

Index

• func BuildCertBody(c config.CertificateContent, prk crypto.PrivateKey, ...) (*cert.CertificateContext, error)
• func SignCertBody(ctx *cert.CertificateContext, cfg config.CertificateContent) (*cert.Certificate, error)

Functions

func BuildCertBody

func BuildCertBody(c config.CertificateContent, prk crypto.PrivateKey, req *cert.CertificateRequest) (*cert.CertificateContext, error)

Returns a cert.CertificateContext that corresponds to the supplied config.CertificateContent. This entails calling the Builder() function for each supplied config.ExtensionConfig, so the side offects of these functions also apply. The function will fail, if any call to Builder() or the certificate generation itself fails.

If a crypto.PrivateKey is supplied, it will be used to sign the certificate. Otherwise a new key will be generated. If a cert.CertificateRequest is supplied, the public key of the request will be used instead of generating a new one.

func SignCertBody

func SignCertBody(ctx *cert.CertificateContext, cfg config.CertificateContent) (*cert.Certificate, error)

Returns a cert.Certificate using the suppliec cert.CertificateContext. It also takes care of applying the config.CertificateContent.Manipulations to the certificate. The function will fail, if the signing fails.