cert

package
v0.31.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Aug 13, 2024 License: Apache-2.0 Imports: 20 Imported by: 2,763

Documentation

Index

Constants

View Source
const (
	// CertificateBlockType is a possible value for pem.Block.Type.
	CertificateBlockType = "CERTIFICATE"
	// CertificateRequestBlockType is a possible value for pem.Block.Type.
	CertificateRequestBlockType = "CERTIFICATE REQUEST"
)

Variables

This section is empty.

Functions

func CanReadCertAndKey

func CanReadCertAndKey(certPath, keyPath string) (bool, error)

CanReadCertAndKey returns true if the certificate and key files already exists, otherwise returns false. If lost one of cert and key, returns error.

func CertsFromFile

func CertsFromFile(file string) ([]*x509.Certificate, error)

CertsFromFile returns the x509.Certificates contained in the given PEM-encoded file. Returns an error if the file could not be read, a certificate could not be parsed, or if the file does not contain any certificates

func EncodeCertificates added in v0.17.0

func EncodeCertificates(certs ...*x509.Certificate) ([]byte, error)

EncodeCertificates returns the PEM-encoded byte array that represents by the specified certs.

func GenerateSelfSignedCertKey

func GenerateSelfSignedCertKey(host string, alternateIPs []net.IP, alternateDNS []string) ([]byte, []byte, error)

GenerateSelfSignedCertKey creates a self-signed certificate and key for the given host. Host may be an IP or a DNS name You may also specify additional subject alt names (either ip or dns names) for the certificate.

func GenerateSelfSignedCertKeyWithFixtures

func GenerateSelfSignedCertKeyWithFixtures(host string, alternateIPs []net.IP, alternateDNS []string, fixtureDirectory string) ([]byte, []byte, error)

GenerateSelfSignedCertKeyWithFixtures creates a self-signed certificate and key for the given host. Host may be an IP or a DNS name. You may also specify additional subject alt names (either ip or dns names) for the certificate.

If fixtureDirectory is non-empty, it is a directory path which can contain pre-generated certs. The format is: <host>_<ip>-<ip>_<alternateDNS>-<alternateDNS>.crt <host>_<ip>-<ip>_<alternateDNS>-<alternateDNS>.key Certs/keys not existing in that directory are created.

func GetClientCANames added in v0.17.0

func GetClientCANames(apiHost string) ([]string, error)

GetClientCANames gets the CA names for client certs that a server accepts. This is useful when inspecting the state of particular servers. apiHost is "host:port"

func GetClientCANamesForURL added in v0.17.0

func GetClientCANamesForURL(kubeConfigURL string) ([]string, error)

GetClientCANamesForURL is GetClientCANames against a URL string like we use in kubeconfigs

func GetServingCertificates added in v0.17.0

func GetServingCertificates(apiHost, serverName string) ([]*x509.Certificate, [][]byte, error)

GetServingCertificates returns the x509 certs used by a server as certificates and pem encoded bytes. The serverName is optional for specifying a different name to get SNI certificates. apiHost is "host:port"

func GetServingCertificatesForURL added in v0.17.0

func GetServingCertificatesForURL(kubeConfigURL, serverName string) ([]*x509.Certificate, [][]byte, error)

GetServingCertificatesForURL is GetServingCertificates against a URL string like we use in kubeconfigs

func MakeCSR

func MakeCSR(privateKey interface{}, subject *pkix.Name, dnsSANs []string, ipSANs []net.IP) (csr []byte, err error)

MakeCSR generates a PEM-encoded CSR using the supplied private key, subject, and SANs. All key types that are implemented via crypto.Signer are supported (This includes *rsa.PrivateKey and *ecdsa.PrivateKey.)

func MakeCSRFromTemplate

func MakeCSRFromTemplate(privateKey interface{}, template *x509.CertificateRequest) ([]byte, error)

MakeCSRFromTemplate generates a PEM-encoded CSR using the supplied private key and certificate request as a template. All key types that are implemented via crypto.Signer are supported (This includes *rsa.PrivateKey and *ecdsa.PrivateKey.)

func NewPool

func NewPool(filename string) (*x509.CertPool, error)

NewPool returns an x509.CertPool containing the certificates in the given PEM-encoded file. Returns an error if the file could not be read, a certificate could not be parsed, or if the file does not contain any certificates

func NewPoolFromBytes added in v0.17.0

func NewPoolFromBytes(pemBlock []byte) (*x509.CertPool, error)

NewPoolFromBytes returns an x509.CertPool containing the certificates in the given PEM-encoded bytes. Returns an error if the file could not be read, a certificate could not be parsed, or if the file does not contain any certificates

func NewSelfSignedCACert

func NewSelfSignedCACert(cfg Config, key crypto.Signer) (*x509.Certificate, error)

NewSelfSignedCACert creates a CA certificate

func ParseCertsPEM

func ParseCertsPEM(pemCerts []byte) ([]*x509.Certificate, error)

ParseCertsPEM returns the x509.Certificates contained in the given PEM-encoded byte array Returns an error if a certificate could not be parsed, or if the data does not contain any certificates

func WriteCert

func WriteCert(certPath string, data []byte) error

WriteCert writes the pem-encoded certificate data to certPath. The certificate file will be created with file mode 0644. If the certificate file already exists, it will be overwritten. The parent directory of the certPath will be created as needed with file mode 0755.

Types

type AltNames

type AltNames struct {
	DNSNames []string
	IPs      []net.IP
}

AltNames contains the domain names and IP addresses that will be added to the API Server's x509 certificate SubAltNames field. The values will be passed directly to the x509.Certificate object.

type Config

type Config struct {
	CommonName   string
	Organization []string
	AltNames     AltNames
	Usages       []x509.ExtKeyUsage
	NotBefore    time.Time
}

Config contains the basic fields required for creating a certificate

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL