pki

package

v0.3.0 Latest Latest Go to latest Published: Jun 20, 2023 License: Apache-2.0 Imports: 17 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/kubernetes-sigs/kwok

Links

Open Source Insights

Documentation ¶

Overview ¶

Package pki is the package that provides functions to generate certificates

Index ¶

Constants
Variables
func EncodeCertToPEM(cert *x509.Certificate) []byte
func EncodePrivateKeyToPEM(privateKey crypto.PrivateKey) ([]byte, error)
func GenerateCA(cn string, notBefore, notAfter time.Time) (cert *x509.Certificate, key crypto.Signer, err error)
func GeneratePki(pkiPath string, sans ...string) error
func GenerateSignCert(cn string, caCert *x509.Certificate, caKey crypto.Signer, ...) (cert *x509.Certificate, key crypto.Signer, err error)
func NewCertAndKey(caCert *x509.Certificate, caKey crypto.Signer, config CertConfig) (*x509.Certificate, crypto.Signer, error)
func NewCertificateAuthority(config CertConfig) (*x509.Certificate, crypto.Signer, error)
func NewIntermediateCertificateAuthority(parentCert *x509.Certificate, parentKey crypto.Signer, config CertConfig) (*x509.Certificate, crypto.Signer, error)
func NewSelfSignedCACert(cfg CertConfig, key crypto.Signer) (*x509.Certificate, error)
func NewSignedCert(cfg CertConfig, key crypto.Signer, caCert *x509.Certificate, ...) (*x509.Certificate, error)
func ReadCertAndKey(pkiPath string, name string) (*x509.Certificate, crypto.Signer, error)
func WriteCertAndKey(pkiPath string, name string, cert *x509.Certificate, key crypto.Signer) error
type AltNames
type CertConfig

Constants ¶

View Source

const (
	// CertificateBlockType is a possible value for pem.Block.Type.
	CertificateBlockType = "CERTIFICATE"
	// ECPrivateKeyBlockType is a possible value for pem.Block.Type.
	ECPrivateKeyBlockType = "EC PRIVATE KEY"
	// RSAPrivateKeyBlockType is a possible value for pem.Block.Type.
	RSAPrivateKeyBlockType = "RSA PRIVATE KEY"

	// CertificateValidity is the validity period of a certificate.
	CertificateValidity = 100 * 365 * 24 * time.Hour
)

Variables ¶

View Source

var (
	// DefaultUser is the default user for the admin user
	DefaultUser = "kwok-admin"
	// DefaultGroups is the default groups for the admin user
	DefaultGroups = []string{
		"system:masters",
	}
	// DefaultAltNames is the default alt names for the admin user
	DefaultAltNames = []string{
		"kubernetes",
		"kubernetes.default",
		"kubernetes.default.svc",
		"kubernetes.default.svc.cluster.local",
		"localhost",
		"127.0.0.1",
		"::1",
	}
)

Functions ¶

func EncodeCertToPEM ¶ added in v0.3.0

func EncodeCertToPEM(cert *x509.Certificate) []byte

EncodeCertToPEM returns PEM-encoded certificate data

func EncodePrivateKeyToPEM ¶ added in v0.3.0

func EncodePrivateKeyToPEM(privateKey crypto.PrivateKey) ([]byte, error)

EncodePrivateKeyToPEM converts a known private key type of RSA or ECDSA to a PEM encoded block or returns an error.

func GenerateCA ¶ added in v0.3.0

func GenerateCA(cn string, notBefore, notAfter time.Time) (cert *x509.Certificate, key crypto.Signer, err error)

GenerateCA generates a CA certificate and key.

func GeneratePki ¶ added in v0.1.0

func GeneratePki(pkiPath string, sans ...string) error

GeneratePki generates the pki for kwokctl

func GenerateSignCert ¶ added in v0.3.0

func GenerateSignCert(cn string, caCert *x509.Certificate, caKey crypto.Signer, notBefore, notAfter time.Time, organizations []string, sans []string) (cert *x509.Certificate, key crypto.Signer, err error)

GenerateSignCert generates a certificate and key signed by the given CA.

func NewCertAndKey ¶ added in v0.1.0

func NewCertAndKey(caCert *x509.Certificate, caKey crypto.Signer, config CertConfig) (*x509.Certificate, crypto.Signer, error)

NewCertAndKey creates new certificate and key by passing the certificate authority certificate and key

func NewCertificateAuthority ¶ added in v0.1.0

func NewCertificateAuthority(config CertConfig) (*x509.Certificate, crypto.Signer, error)

NewCertificateAuthority creates new certificate and private key for the certificate authority

func NewIntermediateCertificateAuthority ¶ added in v0.1.0

func NewIntermediateCertificateAuthority(parentCert *x509.Certificate, parentKey crypto.Signer, config CertConfig) (*x509.Certificate, crypto.Signer, error)

NewIntermediateCertificateAuthority creates new certificate and private key for an intermediate certificate authority

func NewSelfSignedCACert ¶ added in v0.1.0

func NewSelfSignedCACert(cfg CertConfig, key crypto.Signer) (*x509.Certificate, error)

NewSelfSignedCACert creates a CA certificate

func NewSignedCert ¶ added in v0.1.0

func NewSignedCert(cfg CertConfig, key crypto.Signer, caCert *x509.Certificate, caKey crypto.Signer, isCA bool) (*x509.Certificate, error)

NewSignedCert creates a signed certificate using the given CA certificate and key

func ReadCertAndKey ¶ added in v0.3.0

func ReadCertAndKey(pkiPath string, name string) (*x509.Certificate, crypto.Signer, error)

ReadCertAndKey reads certificate and key from the specified location

func WriteCertAndKey ¶ added in v0.3.0

func WriteCertAndKey(pkiPath string, name string, cert *x509.Certificate, key crypto.Signer) error

WriteCertAndKey stores certificate and key at the specified location

Types ¶

type AltNames ¶ added in v0.1.0

type AltNames struct {
	DNSNames []string
	IPs      []net.IP
}

AltNames contains the domain names and IP addresses that will be added to the API Server's x509 certificate SubAltNames field. The values will be passed directly to the x509.Certificate object.

type CertConfig ¶ added in v0.1.0

type CertConfig struct {
	CommonName         string
	Organization       []string
	AltNames           AltNames
	Usages             []x509.ExtKeyUsage
	PublicKeyAlgorithm x509.PublicKeyAlgorithm
	NotBefore          time.Time
	NotAfter           time.Time
}

CertConfig contains the basic fields required for creating a certificate

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL