certs

package

v1.0.2 Latest Latest Go to latest Published: Feb 22, 2024 License: Apache-2.0 Imports: 16 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/bgriddaluru/liwon-moc

Documentation ¶

Overview ¶

Index ¶

Variables
func CalculateRenewTime(certificate string, factor *backOffFactor) (duration *backOffDuration, err error)
func DecodeCertPEM(encoded []byte) (*x509.Certificate, error)
func DecodeCertRequestPEM(encoded []byte) (*x509.CertificateRequest, error)
func DecodePrivateKeyPEM(encoded []byte) (*rsa.PrivateKey, error)
func EncodeCertPEM(cert *x509.Certificate) []byte
func EncodeCertRequestPEM(cert *x509.CertificateRequest) []byte
func EncodePrivateKeyPEM(key *rsa.PrivateKey) []byte
func EncodePublicKeyBytePEM(key []byte) ([]byte, error)
func EncodePublicKeyPEM(key *rsa.PublicKey) ([]byte, error)
func GenerateCertificateRenewRequest(cert *tls.Certificate) (retCsr []byte, retPriv []byte, err error)
func GenerateCertificateRenewRequestSameKey(cert *tls.Certificate) (retCsr []byte, err error)
func GenerateCertificateRequest(conf *Config, privKey []byte) (csr []byte, retPrivKey []byte, err error)
func GenerateClientCertificate(name string) (*x509.Certificate, *rsa.PrivateKey, error)
func IsCertificateExpired(certificate string) (bool, error)
func NewBackOffFactor(renewBackoffFactor, errorBackoffFactor float64) (factor *backOffFactor, err error)
func NewPrivateKey() (*rsa.PrivateKey, error)
func NewSignedCert(key *rsa.PrivateKey, caCert *x509.Certificate, caKey *rsa.PrivateKey, ...) (*x509.Certificate, error)
type AltNames
type CAConfig
type CertificateAuthority
- func NewCertificateAuthority(config *CAConfig) (*CertificateAuthority, error)
- func (ca *CertificateAuthority) SignRequest(csrPem []byte, oldCertPem []byte, conf *SignConfig) (retCert []byte, err error)
- func (ca *CertificateAuthority) VerifyClientCertificate(rawCerts [][]byte) error
type Config
type KeyPair
- func (k *KeyPair) IsValid() bool
type Revocation
type SignConfig

Constants ¶

This section is empty.

Variables ¶

View Source

var (

	// RFC 5755
	OidAccessIdentity = []int{1, 3, 6, 1, 5, 5, 7, 10, 2}
)

Functions ¶

func CalculateRenewTime ¶

func CalculateRenewTime(certificate string, factor *backOffFactor) (duration *backOffDuration, err error)

func DecodeCertPEM ¶

func DecodeCertPEM(encoded []byte) (*x509.Certificate, error)

DecodeCertPEM attempts to return a decoded certificate or nil if the encoded input does not contain a certificate.

func DecodeCertRequestPEM ¶

func DecodeCertRequestPEM(encoded []byte) (*x509.CertificateRequest, error)

DecodeCertRequestPEM attempts to return a decoded certificate request or nil if the encoded input does not contain a certificate request.

func DecodePrivateKeyPEM ¶

func DecodePrivateKeyPEM(encoded []byte) (*rsa.PrivateKey, error)

DecodePrivateKeyPEM attempts to return a decoded key or nil if the encoded input does not contain a private key.

func EncodeCertPEM ¶

func EncodeCertPEM(cert *x509.Certificate) []byte

EncodeCertPEM returns PEM-endcoded certificate data.

func EncodeCertRequestPEM ¶

func EncodeCertRequestPEM(cert *x509.CertificateRequest) []byte

EncodeCertRequestPEM returns PEM-endcoded certificate request data.

func EncodePrivateKeyPEM ¶

func EncodePrivateKeyPEM(key *rsa.PrivateKey) []byte

EncodePrivateKeyPEM returns PEM-encoded private key data.

func EncodePublicKeyBytePEM ¶

func EncodePublicKeyBytePEM(key []byte) ([]byte, error)

EncodePublicKeyPEM returns PEM-encoded public key data.

func EncodePublicKeyPEM ¶

func EncodePublicKeyPEM(key *rsa.PublicKey) ([]byte, error)

EncodePublicKeyPEM returns PEM-encoded public key data.

func GenerateCertificateRenewRequest ¶

func GenerateCertificateRenewRequest(cert *tls.Certificate) (retCsr []byte, retPriv []byte, err error)

GenerateCertificateRenewRequest creates a renew CSR A new private key will be created, used to create CSR and returned

func GenerateCertificateRenewRequestSameKey ¶

func GenerateCertificateRenewRequestSameKey(cert *tls.Certificate) (retCsr []byte, err error)

GenerateCertificateRenewRequestSameKey creates a renew CSR A same private key in cert will be used to create CSR

func GenerateCertificateRequest ¶

func GenerateCertificateRequest(conf *Config, privKey []byte) (csr []byte, retPrivKey []byte, err error)

GenerateCertificateRequest creates a CSR if privKey is not provided, a new one will be created and returned if privKey is provided, it will be used to create csr and the same key will be returned

func GenerateClientCertificate ¶

func GenerateClientCertificate(name string) (*x509.Certificate, *rsa.PrivateKey, error)

func IsCertificateExpired ¶

func IsCertificateExpired(certificate string) (bool, error)

func NewBackOffFactor ¶

func NewBackOffFactor(renewBackoffFactor, errorBackoffFactor float64) (factor *backOffFactor, err error)

func NewPrivateKey ¶

func NewPrivateKey() (*rsa.PrivateKey, error)

NewPrivateKey creates an RSA private key

func NewSignedCert ¶

func NewSignedCert(key *rsa.PrivateKey, caCert *x509.Certificate, caKey *rsa.PrivateKey, conf Config) (*x509.Certificate, error)

Types ¶

type AltNames ¶

type AltNames struct {
	DNSNames []string
	IPs      []net.IP
}

AltNames contains the domain names and IP addresses for a cert

type CAConfig ¶

type CAConfig struct {
	RootSigner      *tls.Certificate
	CrossRootCert   *x509.Certificate   // OPTIONAL
	AdditionalRoots []*x509.Certificate // OPTIONAL
	Revocation      Revocation          // OPTIONAL
}

type CertificateAuthority ¶

type CertificateAuthority struct {
	// contains filtered or unexported fields
}

func NewCertificateAuthority ¶

func NewCertificateAuthority(config *CAConfig) (*CertificateAuthority, error)

NewCertificateAuthority creates a CertificateAuthority

func (*CertificateAuthority) SignRequest ¶

func (ca *CertificateAuthority) SignRequest(csrPem []byte, oldCertPem []byte, conf *SignConfig) (retCert []byte, err error)

SignRequest signs the CSR using Certificate Authority if oldCertPem is provided it is validated against CA

func (*CertificateAuthority) VerifyClientCertificate ¶

func (ca *CertificateAuthority) VerifyClientCertificate(rawCerts [][]byte) error

VerifyClientCertificate verifies rawCerts(ASN encoded) using the CertificateAuthority

type Config ¶

type Config struct {
	CommonName   string
	Organization []string
	AltNames     AltNames
	Usages       []x509.ExtKeyUsage
}

Config contains the basic fields required for creating a certificate.

type KeyPair ¶

type KeyPair struct {
	Cert, Key []byte
}

KeyPair holds the raw bytes for a certificate and key.

func (*KeyPair) IsValid ¶

func (k *KeyPair) IsValid() bool

IsValid returns true if both the certificate and key are non-nil.

type Revocation ¶

type Revocation interface {
	IsRevoked(cert *x509.Certificate) error
}

type SignConfig ¶

type SignConfig struct {
	Offset     time.Duration
	Identity   string
	ServerAuth bool
	IsCA       bool
}

Config contains the basic fields required for signing a certificate.

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
mock Package mock_certs is a generated GoMock package.	Package mock_certs is a generated GoMock package.

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL