Documentation ¶
Index ¶
- Constants
- Variables
- func CreateCertificateAuthority(commonName, org, orgUnit, country, keyType string) (*x509.Certificate, crypto.PrivateKey, error)
- func CreateCertificateAuthorityForConfig(conf *configv2.Config) (*x509.Certificate, crypto.PrivateKey, error)
- func CreateCertificateRequest(subject pkix.Name, dnsName []string, privateKey crypto.PrivateKey) ([]byte, error)
- func CreateNewCertificateForClient(name pkix.Name, serial *big.Int, keyType string, keyBits int, password string, ...) ([]byte, *x509.Certificate, error)
- func CreatePrivateKeyAndCertificateRequest(subject pkix.Name, dnsName []string) ([]byte, *ecdsa.PrivateKey, error)
- func GenerateMutualTLSCertificate(ca *x509.Certificate, caPrivateKey crypto.PrivateKey, dnsNames []string, ...) (*x509.Certificate, crypto.PrivateKey, error)
- func GenerateServerCertificate(ca *x509.Certificate, caPrivateKey crypto.PrivateKey, dnsNames []string) (*x509.Certificate, crypto.PrivateKey, error)
- func NewSerialNumber() (*big.Int, error)
- func PemEncode(path, typ string, b []byte, headers map[string]string) error
- func SigningCertificateRequest(r *x509.CertificateRequest, ca *configv2.CertificateAuthority) (*x509.Certificate, error)
- type CertificateAuthority
- func (ca *CertificateAuthority) GetRevokedCertificates(ctx context.Context) ([]*database.RevokedCertificate, error)
- func (ca *CertificateAuthority) GetSignedCertificate(ctx context.Context, serial *big.Int) (*database.SignedCertificate, error)
- func (ca *CertificateAuthority) GetSignedCertificates(ctx context.Context) ([]*database.SignedCertificate, error)
- func (ca *CertificateAuthority) NewAgentCertificate(ctx context.Context, name, password, comment string) (*database.SignedCertificate, error)
- func (ca *CertificateAuthority) NewClientCertificate(ctx context.Context, name, keyType string, keyBits int, ...) (*database.SignedCertificate, error)
- func (ca *CertificateAuthority) NewServerCertificate(commonName string) (*x509.Certificate, crypto.PrivateKey, error)
- func (ca *CertificateAuthority) Revoke(ctx context.Context, certificate *database.SignedCertificate) error
- func (ca *CertificateAuthority) SignCertificateRequest(ctx context.Context, csr *x509.CertificateRequest, comment string, ...) (*database.SignedCertificate, error)
- func (ca *CertificateAuthority) SignCertificateRequestWithoutRecord(ctx context.Context, csr *x509.CertificateRequest) (*x509.Certificate, error)
- func (ca *CertificateAuthority) WatchRevokeCertificate() chan struct{}
Constants ¶
View Source
const (
CertificateExpirationYear = 10 // year
)
Variables ¶
View Source
var ErrCertificateNotFound = errors.New("cert: certificate not found")
Functions ¶
func CreateCertificateAuthority ¶
func CreateCertificateAuthority(commonName, org, orgUnit, country, keyType string) (*x509.Certificate, crypto.PrivateKey, error)
func CreateCertificateAuthorityForConfig ¶
func CreateCertificateAuthorityForConfig(conf *configv2.Config) (*x509.Certificate, crypto.PrivateKey, error)
func CreateCertificateRequest ¶
func CreateCertificateRequest(subject pkix.Name, dnsName []string, privateKey crypto.PrivateKey) ([]byte, error)
CreateCertificateRequest creates CertificateSigningRequest with PrivateKey. The return value is pem-encoded CertificateSigningRequest
func CreatePrivateKeyAndCertificateRequest ¶ added in v0.12.0
func GenerateMutualTLSCertificate ¶
func GenerateMutualTLSCertificate(ca *x509.Certificate, caPrivateKey crypto.PrivateKey, dnsNames []string, ips []string) (*x509.Certificate, crypto.PrivateKey, error)
GenerateMutualTLSCertificate will generate a certificate and a private key for server and client auth.
func GenerateServerCertificate ¶
func GenerateServerCertificate(ca *x509.Certificate, caPrivateKey crypto.PrivateKey, dnsNames []string) (*x509.Certificate, crypto.PrivateKey, error)
GenerateServerCertificate will generate a certificate and a private key for server auth. Generated private key is ecdsa 256-bit. The expiration of the certificate is 1 year.
func NewSerialNumber ¶
func SigningCertificateRequest ¶
func SigningCertificateRequest(r *x509.CertificateRequest, ca *configv2.CertificateAuthority) (*x509.Certificate, error)
Types ¶
type CertificateAuthority ¶
type CertificateAuthority struct {
// contains filtered or unexported fields
}
func NewCertificateAuthority ¶
func NewCertificateAuthority(db database.CertificateAuthority, ca *configv2.CertificateAuthority) (*CertificateAuthority, error)
func (*CertificateAuthority) GetRevokedCertificates ¶
func (ca *CertificateAuthority) GetRevokedCertificates(ctx context.Context) ([]*database.RevokedCertificate, error)
func (*CertificateAuthority) GetSignedCertificate ¶
func (ca *CertificateAuthority) GetSignedCertificate(ctx context.Context, serial *big.Int) (*database.SignedCertificate, error)
func (*CertificateAuthority) GetSignedCertificates ¶
func (ca *CertificateAuthority) GetSignedCertificates(ctx context.Context) ([]*database.SignedCertificate, error)
func (*CertificateAuthority) NewAgentCertificate ¶
func (ca *CertificateAuthority) NewAgentCertificate(ctx context.Context, name, password, comment string) (*database.SignedCertificate, error)
func (*CertificateAuthority) NewClientCertificate ¶
func (ca *CertificateAuthority) NewClientCertificate(ctx context.Context, name, keyType string, keyBits int, password, comment string) (*database.SignedCertificate, error)
func (*CertificateAuthority) NewServerCertificate ¶
func (ca *CertificateAuthority) NewServerCertificate(commonName string) (*x509.Certificate, crypto.PrivateKey, error)
func (*CertificateAuthority) Revoke ¶
func (ca *CertificateAuthority) Revoke(ctx context.Context, certificate *database.SignedCertificate) error
func (*CertificateAuthority) SignCertificateRequest ¶
func (ca *CertificateAuthority) SignCertificateRequest(ctx context.Context, csr *x509.CertificateRequest, comment string, forAgent, forDevice bool) (*database.SignedCertificate, error)
func (*CertificateAuthority) SignCertificateRequestWithoutRecord ¶ added in v0.12.0
func (ca *CertificateAuthority) SignCertificateRequestWithoutRecord(ctx context.Context, csr *x509.CertificateRequest) (*x509.Certificate, error)
func (*CertificateAuthority) WatchRevokeCertificate ¶
func (ca *CertificateAuthority) WatchRevokeCertificate() chan struct{}
Source Files ¶
Click to show internal directories.
Click to hide internal directories.