Documentation ¶
Index ¶
- Constants
- Variables
- func CSROrKeyExist(csrDir, name string) bool
- func CertOrKeyExist(pkiPath, name string) bool
- func CertificateRequestFromFile(file string) (*x509.CertificateRequest, error)
- func EncodeCSRPEM(csr *x509.CertificateRequest) []byte
- func EncodeCertPEM(cert *x509.Certificate) []byte
- func EncodePublicKeyPEM(key crypto.PublicKey) ([]byte, error)
- func HasServerAuth(cert *x509.Certificate) bool
- func NewCSR(cfg CertConfig, key crypto.Signer) (*x509.CertificateRequest, error)
- func NewCSRAndKey(config *CertConfig) (*x509.CertificateRequest, crypto.Signer, error)
- func NewCertAndKey(caCert *x509.Certificate, caKey crypto.Signer, config *CertConfig) (*x509.Certificate, crypto.Signer, error)
- func NewCertificateAuthority(config *CertConfig) (*x509.Certificate, crypto.Signer, error)
- func NewPrivateKey(keyType x509.PublicKeyAlgorithm) (crypto.Signer, error)
- func NewSignedCert(cfg *CertConfig, key crypto.Signer, caCert *x509.Certificate, ...) (*x509.Certificate, error)
- func PathsForCertAndKey(pkiPath, name string) (string, string)
- func RemoveDuplicateAltNames(altNames *certutil.AltNames)
- func SetPathForCSR(sf func(pkiPath, name string) string)
- func SetPathForCert(sf func(pkiPath, name string) string)
- func SetPathForKey(sf func(pkiPath, name string) string)
- func SetPathForPublicKey(sf func(pkiPath, name string) string)
- func TryLoadCSRAndKeyFromDisk(pkiPath, name string) (*x509.CertificateRequest, crypto.Signer, error)
- func TryLoadCSRFromDisk(pkiPath, name string) (*x509.CertificateRequest, error)
- func TryLoadCertAndKeyFromDisk(pkiPath, name string) (*x509.Certificate, crypto.Signer, error)
- func TryLoadCertFromDisk(pkiPath, name string) (*x509.Certificate, error)
- func TryLoadKeyFromDisk(pkiPath, name string) (crypto.Signer, error)
- func TryLoadPrivatePublicKeyFromDisk(pkiPath, name string) (*rsa.PrivateKey, *rsa.PublicKey, error)
- func WriteCSR(csrDir, name string, csr *x509.CertificateRequest) error
- func WriteCert(pkiPath, name string, cert *x509.Certificate) error
- func WriteCertAndKey(pkiPath string, name string, cert *x509.Certificate, key crypto.Signer) error
- func WriteKey(pkiPath, name string, key crypto.Signer) error
- func WritePublicKey(pkiPath, name string, key crypto.PublicKey) error
- type CertConfig
Constants ¶
const ( // PrivateKeyBlockType is a possible value for pem.Block.Type. PrivateKeyBlockType = "PRIVATE KEY" // PublicKeyBlockType is a possible value for pem.Block.Type. PublicKeyBlockType = "PUBLIC KEY" // CertificateBlockType is a possible value for pem.Block.Type. CertificateBlockType = "CERTIFICATE" // RSAPrivateKeyBlockType is a possible value for pem.BlockType. RSAPrivateKeyBlockType = "RSA PRIVATE KEY" )
Variables ¶
var (
CertificateValidity = time.Hour * 24 * 365 * 100
)
Functions ¶
func CSROrKeyExist ¶
CSROrKeyExist returns true if one of the CSR or key exists
func CertOrKeyExist ¶
CertOrKeyExist returns a boolean whether the cert or the key exists
func CertificateRequestFromFile ¶
func CertificateRequestFromFile(file string) (*x509.CertificateRequest, error)
CertificateRequestFromFile returns the CertificateRequest from a given PEM-encoded file. Returns an error if the file could not be read or if the CSR could not be parsed.
func EncodeCSRPEM ¶
func EncodeCSRPEM(csr *x509.CertificateRequest) []byte
EncodeCSRPEM returns PEM-encoded CSR data
func EncodeCertPEM ¶
func EncodeCertPEM(cert *x509.Certificate) []byte
EncodeCertPEM returns PEM-endcoded certificate data
func EncodePublicKeyPEM ¶
EncodePublicKeyPEM returns PEM-encoded public data
func HasServerAuth ¶
func HasServerAuth(cert *x509.Certificate) bool
HasServerAuth returns true if the given certificate is a ServerAuth
func NewCSR ¶
func NewCSR(cfg CertConfig, key crypto.Signer) (*x509.CertificateRequest, error)
NewCSR creates a new CSR
func NewCSRAndKey ¶
func NewCSRAndKey(config *CertConfig) (*x509.CertificateRequest, crypto.Signer, error)
NewCSRAndKey generates a new key and CSR and that could be signed to create the given certificate
func NewCertAndKey ¶
func NewCertAndKey(caCert *x509.Certificate, caKey crypto.Signer, config *CertConfig) (*x509.Certificate, crypto.Signer, error)
NewCertAndKey creates new certificate and key by passing the certificate authority certificate and key
func NewCertificateAuthority ¶
func NewCertificateAuthority(config *CertConfig) (*x509.Certificate, crypto.Signer, error)
NewCertificateAuthority creates new certificate and private key for the certificate authority
func NewPrivateKey ¶
func NewPrivateKey(keyType x509.PublicKeyAlgorithm) (crypto.Signer, error)
NewPrivateKey creates an RSA private key
func NewSignedCert ¶
func NewSignedCert(cfg *CertConfig, key crypto.Signer, caCert *x509.Certificate, caKey crypto.Signer) (*x509.Certificate, error)
NewSignedCert creates a signed certificate using the given CA certificate and key
func PathsForCertAndKey ¶
PathsForCertAndKey returns the paths for the certificate and key given the path and basename.
func RemoveDuplicateAltNames ¶
RemoveDuplicateAltNames removes duplicate items in altNames.
func SetPathForCSR ¶
func SetPathForCert ¶
func SetPathForKey ¶
func SetPathForPublicKey ¶
func TryLoadCSRAndKeyFromDisk ¶
func TryLoadCSRAndKeyFromDisk(pkiPath, name string) (*x509.CertificateRequest, crypto.Signer, error)
TryLoadCSRAndKeyFromDisk tries to load the CSR and key from the disk
func TryLoadCSRFromDisk ¶
func TryLoadCSRFromDisk(pkiPath, name string) (*x509.CertificateRequest, error)
TryLoadCSRFromDisk tries to load the CSR from the disk
func TryLoadCertAndKeyFromDisk ¶
TryLoadCertAndKeyFromDisk tries to load a cert and a key from the disk and validates that they are valid
func TryLoadCertFromDisk ¶
func TryLoadCertFromDisk(pkiPath, name string) (*x509.Certificate, error)
TryLoadCertFromDisk tries to load the cert from the disk and validates that it is valid
func TryLoadKeyFromDisk ¶
TryLoadKeyFromDisk tries to load the key from the disk and validates that it is valid
func TryLoadPrivatePublicKeyFromDisk ¶
TryLoadPrivatePublicKeyFromDisk tries to load the key from the disk and validates that it is valid
func WriteCSR ¶
func WriteCSR(csrDir, name string, csr *x509.CertificateRequest) error
WriteCSR writes the pem-encoded CSR data to csrPath. The CSR file will be created with file mode 0600. If the CSR file already exists, it will be overwritten. The parent directory of the csrPath will be created as needed with file mode 0700.
func WriteCert ¶
func WriteCert(pkiPath, name string, cert *x509.Certificate) error
WriteCert stores the given certificate at the given location
func WriteCertAndKey ¶
WriteCertAndKey stores certificate and key at the specified location
Types ¶
type CertConfig ¶
type CertConfig struct { certutil.Config PublicKeyAlgorithm x509.PublicKeyAlgorithm }
CertConfig is a wrapper around certutil.Config extending it with PublicKeyAlgorithm.