Documentation ¶
Index ¶
- Constants
- func GenCSR(key []byte, options CertOptions) ([]byte, error)
- func GenCustomExtendCSR(pemKey []byte, id *spiffe.IDGIdentity, opts *CertOptions, ...) ([]byte, error)
- func GenExtendWorkloadCSR(key []byte, id *spiffe.IDGIdentity, csrConf CSRConf) ([]byte, error)
- func GenKey(sigAlg SupportedSignatureAlgorithms) (priv interface{}, key []byte, err error)
- func GenWorkloadCSR(key []byte, id *spiffe.IDGIdentity) ([]byte, error)
- type CSRConf
- type CertOptions
- type KeySize
- type SupportedSignatureAlgorithms
Constants ¶
View Source
const ( EcdsaSigAlg SupportedSignatureAlgorithms = "ECDSA" RsaSigAlg SupportedSignatureAlgorithms = "RSA" RsaKeySize2048 KeySize = 2048 EcdsaKeySize256 KeySize = 256 )
Variables ¶
This section is empty.
Functions ¶
func GenCSR ¶
func GenCSR(key []byte, options CertOptions) ([]byte, error)
Generate CSR through key Support custom CSR requests
func GenCustomExtendCSR ¶
func GenCustomExtendCSR(pemKey []byte, id *spiffe.IDGIdentity, opts *CertOptions, exts []pkix.Extension) ([]byte, error)
GenCustomExtendCSR Generate business custom CSR with extended fields
func GenExtendWorkloadCSR ¶
GenExtendWorkloadCSR Support custom CSR parameters
func GenKey ¶
func GenKey(sigAlg SupportedSignatureAlgorithms) (priv interface{}, key []byte, err error)
Generate Private Key
func GenWorkloadCSR ¶
func GenWorkloadCSR(key []byte, id *spiffe.IDGIdentity) ([]byte, error)
Types ¶
type CertOptions ¶
type CertOptions struct { CN string // Comma-separated hostnames and IPs to generate a certificate for. // This can also be set to the identity running the workload, // like kubernetes service account. Host string // The NotBefore field of the issued certificate. NotBefore time.Time // TTL of the certificate. NotAfter - NotBefore. TTL time.Duration // Signer certificate. SignerCert *x509.Certificate // Signer private key. SignerPriv crypto.PrivateKey // Signer private key (PEM encoded). SignerPrivPem []byte // Organization for this certificate. Org string // Whether this certificate is used as signing cert for CA. IsCA bool // The type of Elliptical Signature algorithm to use // when generating private keys. Currently only ECDSA is supported. // If empty, RSA is used, otherwise ECC is used. SigAlg SupportedSignatureAlgorithms }
type SupportedSignatureAlgorithms ¶
type SupportedSignatureAlgorithms string
Click to show internal directories.
Click to hide internal directories.