Documentation ¶
Index ¶
- Constants
- func CanReadCertAndKey(certPath, keyPath string) (bool, error)
- func CertsFromFile(file string) ([]*x509.Certificate, error)
- func EncodeCertificates(certs ...*x509.Certificate) ([]byte, error)
- func GenerateSelfSignedCertKey(host string, alternateIPs []net.IP, alternateDNS []string) ([]byte, []byte, error)
- func GenerateSelfSignedCertKeyWithFixtures(host string, alternateIPs []net.IP, alternateDNS []string, ...) ([]byte, []byte, error)
- func GetClientCANames(apiHost string) ([]string, error)
- func GetClientCANamesForURL(kubeConfigURL string) ([]string, error)
- func GetServingCertificates(apiHost, serverName string) ([]*x509.Certificate, [][]byte, error)
- func GetServingCertificatesForURL(kubeConfigURL, serverName string) ([]*x509.Certificate, [][]byte, error)
- func MakeCSR(privateKey interface{}, subject *pkix.Name, dnsSANs []string, ipSANs []net.IP) (csr []byte, err error)
- func MakeCSRFromTemplate(privateKey interface{}, template *x509.CertificateRequest) ([]byte, error)
- func NewPool(filename string) (*x509.CertPool, error)
- func NewPoolFromBytes(pemBlock []byte) (*x509.CertPool, error)
- func NewSelfSignedCACert(cfg Config, key crypto.Signer) (*x509.Certificate, error)
- func ParseCertsPEM(pemCerts []byte) ([]*x509.Certificate, error)
- func WriteCert(certPath string, data []byte) error
- type AltNames
- type Config
Constants ¶
const ( // CertificateBlockType is a possible value for pem.Block.Type. CertificateBlockType = "CERTIFICATE" // CertificateRequestBlockType is a possible value for pem.Block.Type. CertificateRequestBlockType = "CERTIFICATE REQUEST" )
Variables ¶
This section is empty.
Functions ¶
func CanReadCertAndKey ¶
CanReadCertAndKey returns true if the certificate and key files already exists, otherwise returns false. If lost one of cert and key, returns error.
func CertsFromFile ¶
func CertsFromFile(file string) ([]*x509.Certificate, error)
CertsFromFile returns the x509.Certificates contained in the given PEM-encoded file. Returns an error if the file could not be read, a certificate could not be parsed, or if the file does not contain any certificates
func EncodeCertificates ¶
func EncodeCertificates(certs ...*x509.Certificate) ([]byte, error)
EncodeCertificates returns the PEM-encoded byte array that represents by the specified certs.
func GenerateSelfSignedCertKey ¶
func GenerateSelfSignedCertKey(host string, alternateIPs []net.IP, alternateDNS []string) ([]byte, []byte, error)
GenerateSelfSignedCertKey creates a self-signed certificate and key for the given host. Host may be an IP or a DNS name You may also specify additional subject alt names (either ip or dns names) for the certificate.
func GenerateSelfSignedCertKeyWithFixtures ¶
func GenerateSelfSignedCertKeyWithFixtures(host string, alternateIPs []net.IP, alternateDNS []string, fixtureDirectory string) ([]byte, []byte, error)
GenerateSelfSignedCertKeyWithFixtures creates a self-signed certificate and key for the given host. Host may be an IP or a DNS name. You may also specify additional subject alt names (either ip or dns names) for the certificate.
If fixtureDirectory is non-empty, it is a directory path which can contain pre-generated certs. The format is: <host>_<ip>-<ip>_<alternateDNS>-<alternateDNS>.crt <host>_<ip>-<ip>_<alternateDNS>-<alternateDNS>.key Certs/keys not existing in that directory are created.
func GetClientCANames ¶
GetClientCANames gets the CA names for client certs that a server accepts. This is useful when inspecting the state of particular servers. apiHost is "host:port"
func GetClientCANamesForURL ¶
GetClientCANamesForURL is GetClientCANames against a URL string like we use in kubeconfigs
func GetServingCertificates ¶
func GetServingCertificates(apiHost, serverName string) ([]*x509.Certificate, [][]byte, error)
GetServingCertificates returns the x509 certs used by a server as certificates and pem encoded bytes. The serverName is optional for specifying a different name to get SNI certificates. apiHost is "host:port"
func GetServingCertificatesForURL ¶
func GetServingCertificatesForURL(kubeConfigURL, serverName string) ([]*x509.Certificate, [][]byte, error)
GetServingCertificatesForURL is GetServingCertificates against a URL string like we use in kubeconfigs
func MakeCSR ¶
func MakeCSR(privateKey interface{}, subject *pkix.Name, dnsSANs []string, ipSANs []net.IP) (csr []byte, err error)
MakeCSR generates a PEM-encoded CSR using the supplied private key, subject, and SANs. All key types that are implemented via crypto.Signer are supported (This includes *rsa.PrivateKey and *ecdsa.PrivateKey.)
func MakeCSRFromTemplate ¶
func MakeCSRFromTemplate(privateKey interface{}, template *x509.CertificateRequest) ([]byte, error)
MakeCSRFromTemplate generates a PEM-encoded CSR using the supplied private key and certificate request as a template. All key types that are implemented via crypto.Signer are supported (This includes *rsa.PrivateKey and *ecdsa.PrivateKey.)
func NewPool ¶
NewPool returns an x509.CertPool containing the certificates in the given PEM-encoded file. Returns an error if the file could not be read, a certificate could not be parsed, or if the file does not contain any certificates
func NewPoolFromBytes ¶
NewPoolFromBytes returns an x509.CertPool containing the certificates in the given PEM-encoded bytes. Returns an error if the file could not be read, a certificate could not be parsed, or if the file does not contain any certificates
func NewSelfSignedCACert ¶
NewSelfSignedCACert creates a CA certificate
func ParseCertsPEM ¶
func ParseCertsPEM(pemCerts []byte) ([]*x509.Certificate, error)
ParseCertsPEM returns the x509.Certificates contained in the given PEM-encoded byte array Returns an error if a certificate could not be parsed, or if the data does not contain any certificates