Documentation
¶
Index ¶
- Variables
- func GenerateECDSAKeyInPEM(rand io.Reader, c elliptic.Curve) ([]byte, error)
- func GenerateRSAKeyInPEM(rand io.Reader, size int) ([]byte, error)
- func MakeInvalidCertsChainTSA(t *testing.T, hours int) (crypto.Signer, *x509.Certificate, []*x509.Certificate, *x509.Certificate)
- func MakeSelfCertECDSA(hours int) (*x509.Certificate, crypto.PrivateKey, error)
- func MakeSelfCertECDSAPem(hours int) (pemCert, pemKey []byte, err error)
- func MakeSelfCertRSA(hours int) (*x509.Certificate, crypto.PrivateKey, error)
- func MakeSelfCertRSAPem(hours int) (pemCert, pemKey []byte, err error)
- func MakeValidCertsChainTSA(t *testing.T, hours int, ec bool) (crypto.Signer, *x509.Certificate, []*x509.Certificate, *x509.Certificate)
- func PrivKeyToPEM(priv interface{}) []byte
- func SetSAN(template *x509.Certificate, SAN []string)
- func ToDER(priv interface{}) []byte
- func ToPEM(cert *x509.Certificate) []byte
- func ToPFX(cert *x509.Certificate, priv interface{}, password string) []byte
- func ToPKCS8(priv interface{}) []byte
- type Entity
- func (id *Entity) Chain() []*x509.Certificate
- func (id *Entity) ChainPool() *x509.CertPool
- func (id *Entity) IncrementSN() int64
- func (id *Entity) Issue(opts ...Option) *Entity
- func (id *Entity) KeyAndCertChain() *KeyAndCertChain
- func (id *Entity) PFX(password string) []byte
- func (id *Entity) Root() *x509.Certificate
- func (id *Entity) SaveCertAndKey(certFile string, keyFile string, withChain bool) (err error)
- type KeyAndCertChain
- type Option
- func CrlDpURL(value ...string) Option
- func DNSName(value ...string) Option
- func ExtKeyUsage(value x509.ExtKeyUsage) Option
- func Extensions(value []pkix.Extension) Option
- func Issuer(value *Entity) Option
- func IssuingCertificateURL(value ...string) Option
- func KeyUsage(value x509.KeyUsage) Option
- func NextSerialNumber(value int64) Option
- func NotAfter(value time.Time) Option
- func NotBefore(value time.Time) Option
- func OCSPServer(value ...string) Option
- func PrivateKey(value crypto.Signer) Option
- func Subject(value pkix.Name) Option
Constants ¶
This section is empty.
Variables ¶
var ( // DefaultCountry is the default subject Country. DefaultCountry = []string{"US"} // DefaultProvince is the default subject Province. DefaultProvince = []string{"CA"} // DefaultLocality is the default subject Locality. DefaultLocality = []string{"San Francisco"} // DefaultStreetAddress is the default subject StreetAddress. DefaultStreetAddress = []string(nil) // DefaultPostalCode is the default subject PostalCode. DefaultPostalCode = []string(nil) // DefaultCommonName is the default subject CommonName. DefaultCommonName = "[TEST]" )
Functions ¶
func GenerateECDSAKeyInPEM ¶
GenerateECDSAKeyInPEM returns PEM encoded ECDSA key
func GenerateRSAKeyInPEM ¶
GenerateRSAKeyInPEM returns PEM encoded RSA key
func MakeInvalidCertsChainTSA ¶
func MakeInvalidCertsChainTSA(t *testing.T, hours int) (crypto.Signer, *x509.Certificate, []*x509.Certificate, *x509.Certificate)
MakeInvalidCertsChainTSA creates invalid TSA cert with several critical EKU extensions
func MakeSelfCertECDSA ¶
func MakeSelfCertECDSA(hours int) (*x509.Certificate, crypto.PrivateKey, error)
MakeSelfCertECDSA creates self-signed cert
func MakeSelfCertECDSAPem ¶
MakeSelfCertECDSAPem creates self-signed cert in PEM format
func MakeSelfCertRSA ¶
func MakeSelfCertRSA(hours int) (*x509.Certificate, crypto.PrivateKey, error)
MakeSelfCertRSA creates self-signed cert
func MakeSelfCertRSAPem ¶
MakeSelfCertRSAPem creates self-signed cert in PEM format
func MakeValidCertsChainTSA ¶
func MakeValidCertsChainTSA(t *testing.T, hours int, ec bool) (crypto.Signer, *x509.Certificate, []*x509.Certificate, *x509.Certificate)
MakeValidCertsChainTSA creates valid TSA cert with the only critical EKU extension for timestamping
func PrivKeyToPEM ¶
func PrivKeyToPEM(priv interface{}) []byte
PrivKeyToPEM exports private key to PEM
func SetSAN ¶
func SetSAN(template *x509.Certificate, SAN []string)
SetSAN fills template's IPAddresses, EmailAddresses, and DNSNames with the content of SAN, if it is not nil.
Types ¶
type Entity ¶
type Entity struct {
Issuer *Entity
PrivateKey crypto.Signer
Certificate *x509.Certificate
NextSN int64
}
Entity is a certificate and private key.
func (*Entity) Chain ¶
func (id *Entity) Chain() []*x509.Certificate
Chain builds a slice of *x509.Certificate from this CA and its issuers.
func (*Entity) IncrementSN ¶
IncrementSN returns the next serial number.
func (*Entity) KeyAndCertChain ¶
func (id *Entity) KeyAndCertChain() *KeyAndCertChain
KeyAndCertChain returns chain for the PrivateKey
func (*Entity) PFX ¶
PFX wraps the certificate and private key in an encrypted PKCS#12 packet. The provided password must be alphanumeric.
func (*Entity) Root ¶
func (id *Entity) Root() *x509.Certificate
Root returns root CA for this entity.
type KeyAndCertChain ¶
type KeyAndCertChain struct {
PrivateKey crypto.Signer
Certificate *x509.Certificate
Chain []*x509.Certificate
Root *x509.Certificate
}
KeyAndCertChain provides PrivateKey and its certificates chain
type Option ¶
type Option option
Option is an option that can be passed to New().
Authority is an Option for making an entity a certificate authority.
func CrlDpURL ¶
CrlDpURL is an Option for setting the entity's certificate's CRL Distribution Point.
func ExtKeyUsage ¶
func ExtKeyUsage(value x509.ExtKeyUsage) Option
ExtKeyUsage is an Option for setting the extended key usage.
func Extensions ¶
Extensions is an Option for setting extensions.
func IssuingCertificateURL ¶
IssuingCertificateURL is an Option for setting the entity's certificate's IssuingCertificateURL.
func NextSerialNumber ¶
NextSerialNumber is an Option that determines the SN of the next issued certificate.
func OCSPServer ¶
OCSPServer is an Option for setting the entity's certificate's OCSPServer.
func PrivateKey ¶
PrivateKey is an Option for setting the entity's private key.
Source Files