Documentation
¶
Index ¶
- type Certificate
- func (c *Certificate) CertificatePEM() []byte
- func (c *Certificate) GetPrivateKey() *rsa.PrivateKey
- func (c *Certificate) KeyStoreP12(password string, caCerts []*x509.Certificate) (pfxData []byte, err error)
- func (c *Certificate) PrivateKeyPEM() []byte
- func (c *Certificate) SerialNumber() string
- func (c *Certificate) TrustStoreP12(password string, caCerts []*x509.Certificate) ([]byte, error)
- type CertificateAuthority
- func NewCertificateAuthority(root *Certificate) (*CertificateAuthority, error)
- func NewCertificateAuthorityFromData(certPEM []byte, keyPEM []byte) (*CertificateAuthority, error)
- func NewSelfSignedCertificateAuthority(expeiry time.Time, parent *x509.Certificate, parentPrivateKey *rsa.PrivateKey) (*CertificateAuthority, error)
- func (c *CertificateAuthority) CertificatePEM() []byte
- func (c *CertificateAuthority) PublicCertificate() *Certificate
- func (c *CertificateAuthority) Rotate(notAfter time.Time) (*CertificateAuthority, error)
- func (c *CertificateAuthority) SerialNumber() string
- func (c *CertificateAuthority) SignCertificate(addresses []pod_info.Address, extKeyUsage []x509.ExtKeyUsage, ...) (*Certificate, error)
- func (c *CertificateAuthority) SignClientCertificate(addresses []pod_info.Address, notAfter time.Time) (*Certificate, error)
- func (c *CertificateAuthority) SignServerCertificate(addresses []pod_info.Address, notAfter time.Time) (*Certificate, error)
- type CertificateManager
- type PEMkeyPair
- type SubjectAltName
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Certificate ¶
type Certificate struct {
Certificate *x509.Certificate
// contains filtered or unexported fields
}
func NewCertificateFromData ¶
func NewCertificateFromData(certPEM []byte, keyPEM []byte) (*Certificate, error)
func (*Certificate) CertificatePEM ¶
func (c *Certificate) CertificatePEM() []byte
func (*Certificate) GetPrivateKey ¶
func (c *Certificate) GetPrivateKey() *rsa.PrivateKey
func (*Certificate) KeyStoreP12 ¶
func (c *Certificate) KeyStoreP12(password string, caCerts []*x509.Certificate) (pfxData []byte, err error)
func (*Certificate) PrivateKeyPEM ¶
func (c *Certificate) PrivateKeyPEM() []byte
func (*Certificate) SerialNumber ¶
func (c *Certificate) SerialNumber() string
func (*Certificate) TrustStoreP12 ¶
func (c *Certificate) TrustStoreP12(password string, caCerts []*x509.Certificate) ([]byte, error)
type CertificateAuthority ¶
type CertificateAuthority struct {
Certificate *x509.Certificate
// contains filtered or unexported fields
}
func NewCertificateAuthority ¶
func NewCertificateAuthority(root *Certificate) (*CertificateAuthority, error)
NewCertificateAuthorityFromSecret creates a new CertificateAuthority from a secret
func NewCertificateAuthorityFromData ¶
func NewCertificateAuthorityFromData( certPEM []byte, keyPEM []byte, ) (*CertificateAuthority, error)
func NewSelfSignedCertificateAuthority ¶
func NewSelfSignedCertificateAuthority(expeiry time.Time, parent *x509.Certificate, parentPrivateKey *rsa.PrivateKey) (*CertificateAuthority, error)
func (*CertificateAuthority) CertificatePEM ¶
func (c *CertificateAuthority) CertificatePEM() []byte
func (*CertificateAuthority) PublicCertificate ¶
func (c *CertificateAuthority) PublicCertificate() *Certificate
func (*CertificateAuthority) Rotate ¶
func (c *CertificateAuthority) Rotate(notAfter time.Time) (*CertificateAuthority, error)
func (*CertificateAuthority) SerialNumber ¶
func (c *CertificateAuthority) SerialNumber() string
func (*CertificateAuthority) SignCertificate ¶
func (c *CertificateAuthority) SignCertificate( addresses []pod_info.Address, extKeyUsage []x509.ExtKeyUsage, notAfter time.Time) (*Certificate, error)
func (*CertificateAuthority) SignClientCertificate ¶
func (c *CertificateAuthority) SignClientCertificate( addresses []pod_info.Address, notAfter time.Time, ) (*Certificate, error)
func (*CertificateAuthority) SignServerCertificate ¶
func (c *CertificateAuthority) SignServerCertificate( addresses []pod_info.Address, notAfter time.Time, ) (*Certificate, error)
type CertificateManager ¶
type CertificateManager struct {
// contains filtered or unexported fields
}
func NewCertificateManager ¶
func NewCertificateManager( client client.Client, caCertficateLifetime time.Duration, auto bool, name, namespace string, ) *CertificateManager
NewCertificateManager creates a new CertificateManager Get pem key pairs from a secret. If the secret does not exist, and auto is enabled, it will create a new self-signed certificate authority. If the secret does not exist, and auto is disabled, return error. If the secret exists, get certificate authorities from the secret. Now, pem key supports only RSA 256.
func (*CertificateManager) GetCertificateAuthority ¶
func (c *CertificateManager) GetCertificateAuthority(ctx context.Context, atAfter time.Time) (*CertificateAuthority, error)
func (*CertificateManager) GetTrustAnchors ¶
func (c *CertificateManager) GetTrustAnchors() []*Certificate
GetTrustAnchors returns the all ca certificates
type PEMkeyPair ¶
type SubjectAltName ¶
type SubjectAltName struct {
DNSNames []string // Domain Name System, e.g. www.example.com
IPAddresses []net.IP // Internet Protocol, e.g. 172.10.2.9
EmailAddresses []string // Email, e.g. foo@example.com
URIs []string // Uniform Resource Identifier, e.g. https://example.com
}
func (*SubjectAltName) Marshal ¶
func (s *SubjectAltName) Marshal() ([]byte, error)
func (*SubjectAltName) ToExtension ¶
func (s *SubjectAltName) ToExtension() (pkix.Extension, error)
Source Files
Click to show internal directories.
Click to hide internal directories.