Versions in this module Expand all Collapse all v0 v0.0.2 Feb 8, 2023 v0.0.1 Feb 8, 2023 Changes in this version + func AppendRootCerts(pemCert []byte, rootCertFile string) ([]byte, error) + func BuildSANExtension(identites []Identity) (*pkix.Extension, error) + func BuildSubjectAltNameExtension(hosts string) (*pkix.Extension, error) + func CertificateFromPEM(pemBytes []byte) (*x509.Certificate, error) + func CertificateToString(cert *x509.Certificate) string + func CertificatesFromPEM(pemBytes []byte) ([]*x509.Certificate, error) + func DualUseCommonName(host string) (string, error) + func ExtractIDs(exts []pkix.Extension) ([]string, error) + func ExtractSANExtension(exts []pkix.Extension) *pkix.Extension + func ExtractSCT(sctData *x509.SerializedSCT) (*ct.SignedCertificateTimestamp, error) + func GenCSR(options CertOptions) ([]byte, []byte, error) + func GenCSRTemplate(options CertOptions) (*x509.CertificateRequest, error) + func GenCertFromCSR(csr *x509.CertificateRequest, signingCert *x509.Certificate, ...) (cert []byte, err error) + func GenCertKeyFromOptions(options CertOptions) (pemCert []byte, pemKey []byte, err error) + func GenRootCertFromExistingKey(options CertOptions) (pemCert []byte, pemKey []byte, err error) + func GeneralNamesToString(gname *x509.GeneralNames) string + func GetRSAKeySize(privKey crypto.PrivateKey) (int, error) + func IsSupportedECPrivateKey(privKey *crypto.PrivateKey) bool + func LoadSignerCredsFromFiles(signerCertFile string, signerPrivFile string) (*x509.Certificate, crypto.PrivateKey, error) + func MarshalSCTsIntoSCTList(scts []*ct.SignedCertificateTimestamp) (*x509.SignedCertificateTimestampList, error) + func NameToString(name pkix.Name) string + func OIDForStandardExtension(oid asn1.ObjectIdentifier) bool + func OIDInExtensions(oid asn1.ObjectIdentifier, extensions []pkix.Extension) (int, bool) + func OtherNameToString(other x509.OtherName) string + func ParsePemEncodedCSR(csrBytes []byte) (*x509.CertificateRequest, error) + func ParsePemEncodedCertificate(certBytes []byte) (*x509.Certificate, error) + func ParsePemEncodedKey(keyBytes []byte) (crypto.PrivateKey, error) + func ParseSCTsFromCertificate(certBytes []byte) ([]*ct.SignedCertificateTimestamp, error) + func ParseSCTsFromSCTList(sctList *x509.SignedCertificateTimestampList) ([]*ct.SignedCertificateTimestamp, error) + func TimeBeforeCertExpires(certBytes []byte, now time.Time) (time.Duration, error) + func Verify(certBytes, privKeyBytes, certChainBytes, rootCertBytes []byte) error + func VerifyCertificate(privPem []byte, certChainPem []byte, rootCertPem []byte, ...) error + type CertOptions struct + ECSigAlg SupportedECSignatureAlgorithms + Host string + IsCA bool + IsClient bool + IsDualUse bool + IsSelfSigned bool + IsServer bool + NotBefore time.Time + Org string + PKCS8Key bool + RSAKeySize int + SignerCert *x509.Certificate + SignerPriv crypto.PrivateKey + SignerPrivPem []byte + TTL time.Duration + func GetCertOptionsFromExistingCert(certBytes []byte) (opts CertOptions, err error) + func MergeCertOptions(defaultOpts, deltaOpts CertOptions) CertOptions + type Identity struct + Type IdentityType + Value []byte + func ExtractIDsFromSAN(sanExt *pkix.Extension) ([]Identity, error) + type IdentityType int + const TypeDNS + const TypeIP + const TypeURI + type KeyCertBundle interface + CertOptions func() (*CertOptions, error) + ExtractCACertExpiryTimestamp func() (float64, error) + ExtractRootCertExpiryTimestamp func() (float64, error) + GetAll func() (cert *x509.Certificate, privKey *crypto.PrivateKey, ...) + GetAllPem func() (certBytes, privKeyBytes, certChainBytes, rootCertBytes []byte) + GetCertChainPem func() []byte + GetRootCertPem func() []byte + VerifyAndSetAll func(certBytes, privKeyBytes, certChainBytes, rootCertBytes []byte) error + type KeyCertBundleImpl struct + func NewKeyCertBundleWithRootCertFromFile(rootCertFile string) (*KeyCertBundleImpl, error) + func NewVerifiedKeyCertBundleFromFile(certFile, privKeyFile, certChainFile, rootCertFile string) (*KeyCertBundleImpl, error) + func NewVerifiedKeyCertBundleFromPem(certBytes, privKeyBytes, certChainBytes, rootCertBytes []byte) (*KeyCertBundleImpl, error) + func (b *KeyCertBundleImpl) CertOptions() (*CertOptions, error) + func (b *KeyCertBundleImpl) ExtractCACertExpiryTimestamp() (float64, error) + func (b *KeyCertBundleImpl) ExtractRootCertExpiryTimestamp() (float64, error) + func (b *KeyCertBundleImpl) GetAll() (cert *x509.Certificate, privKey *crypto.PrivateKey, ...) + func (b *KeyCertBundleImpl) GetAllPem() (certBytes, privKeyBytes, certChainBytes, rootCertBytes []byte) + func (b *KeyCertBundleImpl) GetCertChainPem() []byte + func (b *KeyCertBundleImpl) GetRootCertPem() []byte + func (b *KeyCertBundleImpl) VerifyAndSetAll(certBytes, privKeyBytes, certChainBytes, rootCertBytes []byte) error + type SupportedECSignatureAlgorithms string + const EcdsaSigAlg + type VerifyFields struct + CommonName string + ExtKeyUsage []x509.ExtKeyUsage + Host string + IsCA bool + KeyUsage x509.KeyUsage + NotBefore time.Time + Org string + TTL time.Duration