x509util

package
v0.15.2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 4, 2022 License: Apache-2.0 Imports: 24 Imported by: 49

Documentation

Overview

Package x509util implements utilities to build X.509 certificates based on JSON templates.

Index

Constants

View Source 
const (
	MD2WithRSA       = "MD2-RSA"
	MD5WithRSA       = "MD5-RSA"
	SHA1WithRSA      = "SHA1-RSA"
	SHA256WithRSA    = "SHA256-RSA"
	SHA384WithRSA    = "SHA384-RSA"
	SHA512WithRSA    = "SHA512-RSA"
	DSAWithSHA1      = "DSA-SHA1"
	DSAWithSHA256    = "DSA-SHA256"
	ECDSAWithSHA1    = "ECDSA-SHA1"
	ECDSAWithSHA256  = "ECDSA-SHA256"
	ECDSAWithSHA384  = "ECDSA-SHA384"
	ECDSAWithSHA512  = "ECDSA-SHA512"
	SHA256WithRSAPSS = "SHA256-RSAPSS"
	SHA384WithRSAPSS = "SHA384-RSAPSS"
	SHA512WithRSAPSS = "SHA512-RSAPSS"
	PureEd25519      = "Ed25519"
)

List of signature algorithms.

View Source 
const (
	AutoType  = "auto"
	DNSType   = "dns"
	EmailType = "email"
	IPType    = "ip"
	URIType   = "uri"
)

Names used and SubjectAlternativeNames types.

View Source 
const (
	SubjectKey            = "Subject"
	SANsKey               = "SANs"
	TokenKey              = "Token"
	InsecureKey           = "Insecure"
	UserKey               = "User"
	CertificateRequestKey = "CR"
	AuthorizationCrtKey   = "AuthorizationCrt"
	AuthorizationChainKey = "AuthorizationChain"
)

Variables used to hold template data.

View Source 
const CertificateRequestTemplate = `{{ toJson .Insecure.CR }}`

CertificateRequestTemplate is a template that will sign the given certificate request.

View Source 
const DefaultAdminLeafTemplate = `` /* 470-byte string literal not displayed */

DefaultAdminLeafTemplate is a template used by default by K8sSA and admin-OIDC provisioners. This template takes all the SANs and subject from the certificate request.

View Source 
const DefaultCertificateRequestTemplate = `{
	"subject": {{ toJson .Subject }},
	"sans": {{ toJson .SANs }}
}`

DefaultCertificateRequestTemplate is the templated used by default when creating a new certificate request.

View Source 
const DefaultIIDLeafTemplate = `` /* 565-byte string literal not displayed */

DefaultIIDLeafTemplate is the template used by default on instance identity provisioners like AWS, GCP or Azure. By default, those provisioners allow the SANs provided in the certificate request, but the option `DisableCustomSANs` can be provided to force only the verified domains, if the option is true `.SANs` will be set with the verified domains.

View Source 
const DefaultIntermediateTemplate = `` /* 136-byte string literal not displayed */

DefaultIntermediateTemplate is a template that can be used to generate an intermediate certificate.

View Source 
const DefaultLeafTemplate = `` /* 281-byte string literal not displayed */

DefaultLeafTemplate is the default template used to generate a leaf certificate.

View Source 
const DefaultRootTemplate = `` /* 170-byte string literal not displayed */

DefaultRootTemplate is a template that can be used to generate a root certificate.

Variables

View Source 
var (
	KeyUsageDigitalSignature  = convertName("DigitalSignature")
	KeyUsageContentCommitment = convertName("ContentCommitment")
	KeyUsageKeyEncipherment   = convertName("KeyEncipherment")
	KeyUsageDataEncipherment  = convertName("DataEncipherment")
	KeyUsageKeyAgreement      = convertName("KeyAgreement")
	KeyUsageCertSign          = convertName("CertSign")
	KeyUsageCRLSign           = convertName("CRLSign")
	KeyUsageEncipherOnly      = convertName("EncipherOnly")
	KeyUsageDecipherOnly      = convertName("DecipherOnly")
)

Names used for key usages.

View Source 
var (
	ExtKeyUsageAny                            = convertName("Any")
	ExtKeyUsageServerAuth                     = convertName("ServerAuth")
	ExtKeyUsageClientAuth                     = convertName("ClientAuth")
	ExtKeyUsageCodeSigning                    = convertName("CodeSigning")
	ExtKeyUsageEmailProtection                = convertName("EmailProtection")
	ExtKeyUsageIPSECEndSystem                 = convertName("IPSECEndSystem")
	ExtKeyUsageIPSECTunnel                    = convertName("IPSECTunnel")
	ExtKeyUsageIPSECUser                      = convertName("IPSECUser")
	ExtKeyUsageTimeStamping                   = convertName("TimeStamping")
	ExtKeyUsageOCSPSigning                    = convertName("OCSPSigning")
	ExtKeyUsageMicrosoftServerGatedCrypto     = convertName("MicrosoftServerGatedCrypto")
	ExtKeyUsageNetscapeServerGatedCrypto      = convertName("NetscapeServerGatedCrypto")
	ExtKeyUsageMicrosoftCommercialCodeSigning = convertName("MicrosoftCommercialCodeSigning")
	ExtKeyUsageMicrosoftKernelCodeSigning     = convertName("MicrosoftKernelCodeSigning")
)

Names used for extended key usages.

Functions

func CreateCertificate 

func CreateCertificate(template, parent *x509.Certificate, pub crypto.PublicKey, signer crypto.Signer) (*x509.Certificate, error)

CreateCertificate signs the given template using the parent private key and returns it.

func CreateCertificateRequest 

func CreateCertificateRequest(commonName string, sans []string, signer crypto.Signer) (*x509.CertificateRequest, error)

CreateCertificateRequest creates a simple X.509 certificate request with the given common name and sans.

func CreateCertificateTemplate added in v0.7.0 

func CreateCertificateTemplate(cr *x509.CertificateRequest) (*x509.Certificate, error)

CreateCertificateTemplate creates a X.509 certificate template from the given certificate request.

func EncodedFingerprint added in v0.1.1 

func EncodedFingerprint(cert *x509.Certificate, encoding FingerprintEncoding) string

EncodedFingerprint returns an encoded the SHA-256 fingerprint of the certificate using the specified encoding. In an invalid encoding is passed, the return value will be an empty string.

func Fingerprint added in v0.1.1 

func Fingerprint(cert *x509.Certificate) string

Fingerprint returns the SHA-256 fingerprint of the certificate.

func ReadCertPool added in v0.8.2 

func ReadCertPool(path string) (*x509.CertPool, error)

ReadCertPool loads a certificate pool from disk. The given path can be a file, a directory, or a comma-separated list of files.

func SplitSANs 

func SplitSANs(sans []string) (dnsNames []string, ips []net.IP, emails []string, uris []*url.URL)

SplitSANs splits a slice of Subject Alternative Names into slices of IP Addresses and DNS Names. If an element is not an IP address, then it is bucketed as a DNS Name.

Types

type AuthorityKeyID 

type AuthorityKeyID []byte

AuthorityKeyID represents the binary value of the authority key identifier extension. It should be the subject key identifier of the parent certificate. In JSON this value should be a base64-encoded string, and in most cases it should not be set, as it will be automatically provided.

func (AuthorityKeyID) Set 

func (id AuthorityKeyID) Set(c *x509.Certificate)

Set sets the authority key identifier to the given certificate.

type BasicConstraints 

type BasicConstraints struct {
	IsCA       bool `json:"isCA"`
	MaxPathLen int  `json:"maxPathLen"`
}

BasicConstraints represents the X509 basic constraints extension and defines if a certificate is a CA and then maximum depth of valid certification paths that include the certificate. A MaxPathLen of zero indicates that no non- self-issued intermediate CA certificates may follow in a valid certification path. To do not impose a limit the MaxPathLen should be set to -1.

func (BasicConstraints) Set 

func (b BasicConstraints) Set(c *x509.Certificate)

Set sets the basic constraints to the given certificate.

type CRLDistributionPoints 

type CRLDistributionPoints MultiString

CRLDistributionPoints contains the list of CRL distribution points that will be encoded in the CRL distribution points extension.

func (CRLDistributionPoints) Set 

func (u CRLDistributionPoints) Set(c *x509.Certificate)

Set sets the CRL distribution points to the given certificate.

func (*CRLDistributionPoints) UnmarshalJSON 

func (u *CRLDistributionPoints) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaler interface in CRLDistributionPoints.

type Certificate 

type Certificate struct {
	Version               int                      `json:"version"`
	Subject               Subject                  `json:"subject"`
	Issuer                Issuer                   `json:"issuer"`
	SerialNumber          SerialNumber             `json:"serialNumber"`
	DNSNames              MultiString              `json:"dnsNames"`
	EmailAddresses        MultiString              `json:"emailAddresses"`
	IPAddresses           MultiIP                  `json:"ipAddresses"`
	URIs                  MultiURL                 `json:"uris"`
	SANs                  []SubjectAlternativeName `json:"sans"`
	Extensions            []Extension              `json:"extensions"`
	KeyUsage              KeyUsage                 `json:"keyUsage"`
	ExtKeyUsage           ExtKeyUsage              `json:"extKeyUsage"`
	UnknownExtKeyUsage    UnknownExtKeyUsage       `json:"unknownExtKeyUsage"`
	SubjectKeyID          SubjectKeyID             `json:"subjectKeyId"`
	AuthorityKeyID        AuthorityKeyID           `json:"authorityKeyId"`
	OCSPServer            OCSPServer               `json:"ocspServer"`
	IssuingCertificateURL IssuingCertificateURL    `json:"issuingCertificateURL"`
	CRLDistributionPoints CRLDistributionPoints    `json:"crlDistributionPoints"`
	PolicyIdentifiers     PolicyIdentifiers        `json:"policyIdentifiers"`
	BasicConstraints      *BasicConstraints        `json:"basicConstraints"`
	NameConstraints       *NameConstraints         `json:"nameConstraints"`
	SignatureAlgorithm    SignatureAlgorithm       `json:"signatureAlgorithm"`
	PublicKeyAlgorithm    x509.PublicKeyAlgorithm  `json:"-"`
	PublicKey             interface{}              `json:"-"`
}

Certificate is the JSON representation of a X.509 certificate. It is used to build a certificate from a template.

func NewCertificate 

func NewCertificate(cr *x509.CertificateRequest, opts ...Option) (*Certificate, error)

NewCertificate creates a new Certificate from an x509.Certificate request and some template options.

func (*Certificate) GetCertificate 

func (c *Certificate) GetCertificate() *x509.Certificate

GetCertificate returns the x509.Certificate representation of the certificate.

type CertificateRequest 

type CertificateRequest struct {
	Version            int                      `json:"version"`
	Subject            Subject                  `json:"subject"`
	DNSNames           MultiString              `json:"dnsNames"`
	EmailAddresses     MultiString              `json:"emailAddresses"`
	IPAddresses        MultiIP                  `json:"ipAddresses"`
	URIs               MultiURL                 `json:"uris"`
	SANs               []SubjectAlternativeName `json:"sans"`
	Extensions         []Extension              `json:"extensions"`
	SignatureAlgorithm SignatureAlgorithm       `json:"signatureAlgorithm"`
	PublicKey          interface{}              `json:"-"`
	PublicKeyAlgorithm x509.PublicKeyAlgorithm  `json:"-"`
	Signature          []byte                   `json:"-"`
	Signer             crypto.Signer            `json:"-"`
}

CertificateRequest is the JSON representation of an X.509 certificate. It is used to build a certificate request from a template.

func NewCertificateRequest added in v0.4.0 

func NewCertificateRequest(signer crypto.Signer, opts ...Option) (*CertificateRequest, error)

NewCertificateRequest creates a certificate request from a template.

func (*CertificateRequest) GetCertificate 

func (c *CertificateRequest) GetCertificate() *Certificate

GetCertificate returns the Certificate representation of the CertificateRequest.

GetCertificate will not specify a SignatureAlgorithm, it's not possible to guarantee that the certificate signer can sign with the CertificateRequest SignatureAlgorithm.

func (*CertificateRequest) GetCertificateRequest added in v0.4.0 

func (c *CertificateRequest) GetCertificateRequest() (*x509.CertificateRequest, error)

GetCertificateRequest returns the equivalent x509.CertificateRequest.

func (*CertificateRequest) GetLeafCertificate 

func (c *CertificateRequest) GetLeafCertificate() *Certificate

GetLeafCertificate returns the Certificate representation of the CertificateRequest, including KeyUsage and ExtKeyUsage extensions.

GetLeafCertificate will not specify a SignatureAlgorithm, it's not possible to guarantee that the certificate signer can sign with the CertificateRequest SignatureAlgorithm.

type ExtKeyUsage 

type ExtKeyUsage []x509.ExtKeyUsage

ExtKeyUsage represents a JSON array of extended key usages.

func (ExtKeyUsage) Set 

func (k ExtKeyUsage) Set(c *x509.Certificate)

Set sets the extended key usages in the given certificate.

func (*ExtKeyUsage) UnmarshalJSON 

func (k *ExtKeyUsage) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaler interface and coverts a string or a list of strings into a list of extended key usages.

type Extension 

type Extension struct {
	ID       ObjectIdentifier `json:"id"`
	Critical bool             `json:"critical"`
	Value    []byte           `json:"value"`
}

Extension is the JSON representation of a raw X.509 extensions.

func (Extension) Set 

func (e Extension) Set(c *x509.Certificate)

Set adds the extension to the given X509 certificate.

type FingerprintEncoding added in v0.1.1 

type FingerprintEncoding int

FingerprintEncoding defines the supported encodigns in certificate fingerprints. 

const (
	HexFingerprint FingerprintEncoding = iota
	Base64Fingerprint
	Base64UrlFingerprint
)

Supported fingerprint encodings.

type Issuer 

type Issuer Name

Issuer is the JSON representation of the X.509 issuer field.

func (Issuer) Set 

func (i Issuer) Set(c *x509.Certificate)

Set sets the issuer in the given certificate.

func (*Issuer) UnmarshalJSON 

func (i *Issuer) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshal interface and unmarshals a JSON object in the Issuer struct or a string as just the subject common name.

type IssuingCertificateURL 

type IssuingCertificateURL MultiString

IssuingCertificateURL contains the list of the issuing certificate url that will be encoded in the authority information access extension.

func (IssuingCertificateURL) Set 

func (u IssuingCertificateURL) Set(c *x509.Certificate)

Set sets the list of issuing certificate urls to the given certificate.

func (*IssuingCertificateURL) UnmarshalJSON 

func (u *IssuingCertificateURL) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaler interface in IssuingCertificateURL.

type KeyUsage 

type KeyUsage x509.KeyUsage

KeyUsage type represents the JSON array used to represent the key usages of a X509 certificate.

func (KeyUsage) Set 

func (k KeyUsage) Set(c *x509.Certificate)

Set sets the key usage to the given certificate.

func (*KeyUsage) UnmarshalJSON 

func (k *KeyUsage) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaler interface and coverts a string or a list of strings into a key usage.

type MultiIP 

type MultiIP []net.IP

MultiIP is a type used to unmarshal a JSON string or an array of strings into a []net.IP.

func (*MultiIP) UnmarshalJSON 

func (m *MultiIP) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaler interface for MultiIP.

type MultiIPNet 

type MultiIPNet []*net.IPNet

MultiIPNet is a type used to unmarshal a JSON string or an array of strings into a []*net.IPNet.

func (MultiIPNet) MarshalJSON 

func (m MultiIPNet) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaler interface for MultiIPNet.

func (*MultiIPNet) UnmarshalJSON 

func (m *MultiIPNet) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaler interface for MultiIPNet.

type MultiObjectIdentifier 

type MultiObjectIdentifier []asn1.ObjectIdentifier

MultiObjectIdentifier is a type used to unmarshal a JSON string or an array of strings into a []asn1.ObjectIdentifier.

func (MultiObjectIdentifier) MarshalJSON 

func (m MultiObjectIdentifier) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaler interface for MultiObjectIdentifier.

func (*MultiObjectIdentifier) UnmarshalJSON 

func (m *MultiObjectIdentifier) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaler interface for MultiObjectIdentifier.

type MultiString 

type MultiString []string

MultiString is a type used to unmarshal a JSON string or an array of strings into a []string.

func (*MultiString) UnmarshalJSON 

func (m *MultiString) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaler interface for MultiString.

type MultiURL 

type MultiURL []*url.URL

MultiURL is a type used to unmarshal a JSON string or an array of strings into a []*url.URL.

func (MultiURL) MarshalJSON 

func (m MultiURL) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaler interface for MultiURL.

func (*MultiURL) UnmarshalJSON 

func (m *MultiURL) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaler interface for MultiURL.

type Name 

type Name struct {
	Country            MultiString `json:"country,omitempty"`
	Organization       MultiString `json:"organization,omitempty"`
	OrganizationalUnit MultiString `json:"organizationalUnit,omitempty"`
	Locality           MultiString `json:"locality,omitempty"`
	Province           MultiString `json:"province,omitempty"`
	StreetAddress      MultiString `json:"streetAddress,omitempty"`
	PostalCode         MultiString `json:"postalCode,omitempty"`
	SerialNumber       string      `json:"serialNumber,omitempty"`
	CommonName         string      `json:"commonName,omitempty"`
}

Name is the JSON representation of X.501 type Name, used in the X.509 subject and issuer fields.

func (*Name) UnmarshalJSON 

func (n *Name) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshal interface and unmarshals a JSON object in the Name struct or a string as just the subject common name.

type NameConstraints 

type NameConstraints struct {
	Critical                bool        `json:"critical"`
	PermittedDNSDomains     MultiString `json:"permittedDNSDomains"`
	ExcludedDNSDomains      MultiString `json:"excludedDNSDomains"`
	PermittedIPRanges       MultiIPNet  `json:"permittedIPRanges"`
	ExcludedIPRanges        MultiIPNet  `json:"excludedIPRanges"`
	PermittedEmailAddresses MultiString `json:"permittedEmailAddresses"`
	ExcludedEmailAddresses  MultiString `json:"excludedEmailAddresses"`
	PermittedURIDomains     MultiString `json:"permittedURIDomains"`
	ExcludedURIDomains      MultiString `json:"excludedURIDomains"`
}

NameConstraints represents the X509 Name constraints extension and defines a names space within which all subject names in subsequent certificates in a certificate path must be located. The name constraints extension must be used only in a CA.

func (NameConstraints) Set 

func (n NameConstraints) Set(c *x509.Certificate)

Set sets the name constraints in the given certificate.

type OCSPServer 

type OCSPServer MultiString

OCSPServer contains the list of OSCP servers that will be encoded in the authority information access extension.

func (OCSPServer) Set 

func (o OCSPServer) Set(c *x509.Certificate)

Set sets the list of OSCP servers to the given certificate.

func (*OCSPServer) UnmarshalJSON 

func (o *OCSPServer) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaler interface in OCSPServer.

type ObjectIdentifier 

type ObjectIdentifier asn1.ObjectIdentifier

ObjectIdentifier represents a JSON strings that unmarshals into an ASN1 object identifier or OID.

func (ObjectIdentifier) MarshalJSON 

func (o ObjectIdentifier) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaler interface and returns the string version of the asn1.ObjectIdentifier.

func (*ObjectIdentifier) UnmarshalJSON 

func (o *ObjectIdentifier) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaler interface and coverts a strings like "2.5.29.17" into an ASN1 object identifier.

type Option 

type Option func(cr *x509.CertificateRequest, o *Options) error

Option is the type used as a variadic argument in NewCertificate.

func WithTemplate 

func WithTemplate(text string, data TemplateData) Option

WithTemplate is an options that executes the given template text with the given data.

func WithTemplateBase64 

func WithTemplateBase64(s string, data TemplateData) Option

WithTemplateBase64 is an options that executes the given template base64 string with the given data.

func WithTemplateFile 

func WithTemplateFile(path string, data TemplateData) Option

WithTemplateFile is an options that reads the template file and executes it with the given data.

type Options 

type Options struct {
	CertBuffer *bytes.Buffer
}

Options are the options that can be passed to NewCertificate.

type PolicyIdentifiers 

type PolicyIdentifiers MultiObjectIdentifier

PolicyIdentifiers represents the list of OIDs to set in the certificate policies extension.

func (PolicyIdentifiers) MarshalJSON 

func (p PolicyIdentifiers) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaler interface in PolicyIdentifiers.

func (PolicyIdentifiers) Set 

func (p PolicyIdentifiers) Set(c *x509.Certificate)

Set sets the policy identifiers to the given certificate.

func (*PolicyIdentifiers) UnmarshalJSON 

func (p *PolicyIdentifiers) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaler interface in PolicyIdentifiers.

type SerialNumber 

type SerialNumber struct {
	*big.Int
}

SerialNumber is the JSON representation of the X509 serial number.

func (*SerialNumber) MarshalJSON 

func (s *SerialNumber) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaler interface, and encodes a SerialNumber using the big.Int marshaler.

func (SerialNumber) Set 

func (s SerialNumber) Set(c *x509.Certificate)

Set sets the serial number in the given certificate.

func (*SerialNumber) UnmarshalJSON 

func (s *SerialNumber) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshal interface and unmarshals an integer or a string into a serial number. If a string is used, a prefix of “0b” or “0B” selects base 2, “0”, “0o” or “0O” selects base 8, and “0x” or “0X” selects base 16. Otherwise, the selected base is 10 and no prefix is accepted.

type SignatureAlgorithm 

type SignatureAlgorithm x509.SignatureAlgorithm

SignatureAlgorithm is the JSON representation of the X509 signature algorithms

func (SignatureAlgorithm) MarshalJSON added in v0.4.0 

func (s SignatureAlgorithm) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface.

func (SignatureAlgorithm) Set 

func (s SignatureAlgorithm) Set(c *x509.Certificate)

Set sets the signature algorithm in the given certificate.

func (*SignatureAlgorithm) UnmarshalJSON 

func (s *SignatureAlgorithm) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshal interface and unmarshals and validates a string as a SignatureAlgorithm.

type Subject 

type Subject Name

Subject is the JSON representation of the X.509 subject field.

func (Subject) Set 

func (s Subject) Set(c *x509.Certificate)

Set sets the subject in the given certificate.

func (*Subject) UnmarshalJSON 

func (s *Subject) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshal interface and unmarshals a JSON object in the Subject struct or a string as just the subject common name.

type SubjectAlternativeName 

type SubjectAlternativeName struct {
	Type  string `json:"type"`
	Value string `json:"value"`
}

SubjectAlternativeName represents a X.509 subject alternative name. Types supported are "dns", "email", "ip", "uri". A special type "auto" or "" can be used to try to guess the type of the value.

func CreateSANs 

func CreateSANs(sans []string) []SubjectAlternativeName

CreateSANs splits the given sans and returns a list of SubjectAlternativeName structs.

func (SubjectAlternativeName) Set 

func (s SubjectAlternativeName) Set(c *x509.Certificate)

Set sets the subject alternative name in the given x509.Certificate.

type SubjectKeyID 

type SubjectKeyID []byte

SubjectKeyID represents the binary value of the subject key identifier extension, this should be the SHA-1 hash of the public key. In JSON this value should be a base64-encoded string, and in most cases it should not be set because it will be automatically generated.

func (SubjectKeyID) Set 

func (id SubjectKeyID) Set(c *x509.Certificate)

Set sets the subject key identifier to the given certificate.

type TemplateData 

type TemplateData map[string]interface{}

TemplateData is an alias for map[string]interface{}. It represents the data passed to the templates.

func CreateTemplateData 

func CreateTemplateData(commonName string, sans []string) TemplateData

CreateTemplateData creates a new TemplateData with the given common name and SANs.

func NewTemplateData 

func NewTemplateData() TemplateData

NewTemplateData creates a new map for templates data.

func (TemplateData) Set 

func (t TemplateData) Set(key string, v interface{})

Set sets a key-value pair in the template data.

func (TemplateData) SetAuthorizationCertificate added in v0.14.0 

func (t TemplateData) SetAuthorizationCertificate(crt interface{})

SetAuthorizationCertificate sets the given certificate in the template. This certificate is generally present in a token header.

func (TemplateData) SetAuthorizationCertificateChain added in v0.14.0 

func (t TemplateData) SetAuthorizationCertificateChain(chain interface{})

SetAuthorizationCertificateChain sets a the given certificate chain in the template. These certificates are generally present in a token header.

func (TemplateData) SetCertificateRequest 

func (t TemplateData) SetCertificateRequest(cr *x509.CertificateRequest)

SetCertificateRequest sets the given certificate request in the insecure template data.

func (TemplateData) SetCommonName 

func (t TemplateData) SetCommonName(cn string)

SetCommonName sets the given common name in the subject in the template data.

func (TemplateData) SetInsecure 

func (t TemplateData) SetInsecure(key string, v interface{})

SetInsecure sets a key-value pair in the insecure template data.

func (TemplateData) SetSANs 

func (t TemplateData) SetSANs(sans []string)

SetSANs sets the given SANs in the template data.

func (TemplateData) SetSubject 

func (t TemplateData) SetSubject(v Subject)

SetSubject sets the given subject in the template data.

func (TemplateData) SetToken 

func (t TemplateData) SetToken(v interface{})

SetToken sets the given token in the template data.

func (TemplateData) SetUserData 

func (t TemplateData) SetUserData(v interface{})

SetUserData sets the given user provided object in the insecure template data.

type TemplateError 

type TemplateError struct {
	Message string
}

TemplateError represents an error in a template produced by the fail function.

func (*TemplateError) Error 

func (e *TemplateError) Error() string

Error implements the error interface and returns the error string when a template executes the `fail "message"` function.

type UnknownExtKeyUsage added in v0.5.0 

type UnknownExtKeyUsage MultiObjectIdentifier

UnknownExtKeyUsage represents the list of OIDs of extended key usages unknown to crypto/x509.

func (UnknownExtKeyUsage) MarshalJSON added in v0.5.0 

func (u UnknownExtKeyUsage) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaler interface in UnknownExtKeyUsage.

func (UnknownExtKeyUsage) Set added in v0.5.0 

func (u UnknownExtKeyUsage) Set(c *x509.Certificate)

Set sets the policy identifiers to the given certificate.

func (*UnknownExtKeyUsage) UnmarshalJSON added in v0.5.0 

func (u *UnknownExtKeyUsage) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaler interface in UnknownExtKeyUsage.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.