cert

package
v0.14.0-rc.2 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jan 2, 2022 License: MIT Imports: 22 Imported by: 0

Documentation

Index

Constants

View Source
const (
	CertificateExpirationYear = 10 // year
)

Variables

View Source
var ErrCertificateNotFound = errors.New("cert: certificate not found")

Functions

func CreateCertificateAuthority

func CreateCertificateAuthority(commonName, org, orgUnit, country, keyType string) (*x509.Certificate, crypto.PrivateKey, error)

func CreateCertificateAuthorityForConfig

func CreateCertificateAuthorityForConfig(conf *configv2.Config) (*x509.Certificate, crypto.PrivateKey, error)

func CreateCertificateRequest

func CreateCertificateRequest(subject pkix.Name, dnsName []string, privateKey crypto.PrivateKey) ([]byte, error)

CreateCertificateRequest creates CertificateSigningRequest with PrivateKey. The return value is pem-encoded CertificateSigningRequest

func CreateNewCertificateForClient

func CreateNewCertificateForClient(name pkix.Name, serial *big.Int, keyType string, keyBits int, password string, ca *configv2.CertificateAuthority) ([]byte, *x509.Certificate, error)

func CreatePrivateKeyAndCertificateRequest added in v0.12.0

func CreatePrivateKeyAndCertificateRequest(subject pkix.Name, dnsName []string) ([]byte, *ecdsa.PrivateKey, error)

func GenerateMutualTLSCertificate

func GenerateMutualTLSCertificate(ca *x509.Certificate, caPrivateKey crypto.PrivateKey, dnsNames []string, ips []string) (*x509.Certificate, crypto.PrivateKey, error)

GenerateMutualTLSCertificate will generate a certificate and a private key for server and client auth.

func GenerateServerCertificate

func GenerateServerCertificate(ca *x509.Certificate, caPrivateKey crypto.PrivateKey, dnsNames []string) (*x509.Certificate, crypto.PrivateKey, error)

GenerateServerCertificate will generate a certificate and a private key for server auth. Generated private key is ecdsa 256-bit. The expiration of the certificate is 1 year.

func NewSerialNumber

func NewSerialNumber() (*big.Int, error)

func PemEncode

func PemEncode(path, typ string, b []byte, headers map[string]string) error

Types

type CertificateAuthority

type CertificateAuthority struct {
	// contains filtered or unexported fields
}

func (*CertificateAuthority) GetRevokedCertificates

func (ca *CertificateAuthority) GetRevokedCertificates(ctx context.Context) ([]*database.RevokedCertificate, error)

func (*CertificateAuthority) GetSignedCertificate

func (ca *CertificateAuthority) GetSignedCertificate(ctx context.Context, serial *big.Int) (*database.SignedCertificate, error)

func (*CertificateAuthority) GetSignedCertificates

func (ca *CertificateAuthority) GetSignedCertificates(ctx context.Context) ([]*database.SignedCertificate, error)

func (*CertificateAuthority) NewAgentCertificate

func (ca *CertificateAuthority) NewAgentCertificate(ctx context.Context, name, password, comment string) (*database.SignedCertificate, error)

func (*CertificateAuthority) NewClientCertificate

func (ca *CertificateAuthority) NewClientCertificate(ctx context.Context, name, keyType string, keyBits int, password, comment string) (*database.SignedCertificate, error)

func (*CertificateAuthority) NewServerCertificate

func (ca *CertificateAuthority) NewServerCertificate(commonName string) (*x509.Certificate, crypto.PrivateKey, error)

func (*CertificateAuthority) Revoke

func (ca *CertificateAuthority) Revoke(ctx context.Context, certificate *database.SignedCertificate) error

func (*CertificateAuthority) SignCertificateRequest

func (ca *CertificateAuthority) SignCertificateRequest(ctx context.Context, csr *x509.CertificateRequest, comment string, forAgent, forDevice bool) (*database.SignedCertificate, error)

func (*CertificateAuthority) SignCertificateRequestWithoutRecord added in v0.12.0

func (ca *CertificateAuthority) SignCertificateRequestWithoutRecord(ctx context.Context, csr *x509.CertificateRequest) (*x509.Certificate, error)

func (*CertificateAuthority) WatchRevokeCertificate

func (ca *CertificateAuthority) WatchRevokeCertificate() chan struct{}

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL