Documentation ¶
Index ¶
- Variables
- func MarshalCertificate(crt *x509.Certificate) (string, error)
- func MarshalCertificateRequest(csr *x509.CertificateRequest) (string, error)
- func MarshalCertificateSerial(serial *big.Int) string
- func MarshalPrivateKey(key crypto.PrivateKey) (string, error)
- func MarshalPublicKey(key crypto.PublicKey) (string, error)
- func MarshalPublicKeySSH(key crypto.PublicKey) (string, error)
- func MarshalYubiKeySerial(serial uint32) string
- func NewCertificate(template *x509.Certificate, pub crypto.PublicKey) (*dto.Certificate, error)
- func NewCertificateRequest(tpl *x509.CertificateRequest, priv interface{}) (*x509.CertificateRequest, error)
- func NewPrivateKey() (*ecdsa.PrivateKey, error)
- func NewRevocationList(revoke ...pkix.RevokedCertificate) error
- func NewTemplate(opts ...CertificateOption) (*x509.Certificate, error)
- func ReadCertificate(filename string) (*x509.Certificate, error)
- func ReadPrivateKey(filename string) (crypto.PrivateKey, error)
- func ReadRevocationList(filename string) (*x509.RevocationList, error)
- func Revoke(crt *dto.Certificate, reason CRLReason, when time.Time) error
- func Setup(cfg *Config) (err error)
- func UnmarshalCertificate(raw string) (*x509.Certificate, error)
- func UnmarshalCertificateRequest(raw string) (*x509.CertificateRequest, error)
- func UnmarshalCertificateSerial(serial string) *big.Int
- func UnmarshalPrivateKey(raw string) (crypto.PrivateKey, error)
- func UnmarshalRevocationList(raw string) (*x509.RevocationList, error)
- func WriteCertificate(filename string, crt *x509.Certificate) error
- func WriteCertificateRequest(filename string, csr *x509.CertificateRequest) error
- func WritePrivateKey(filename string, key crypto.PrivateKey) error
- func WritePublicKey(filename string, key crypto.PublicKey) error
- func WritePublicKeySSH(filename string, key crypto.PublicKey) error
- type CRLReason
- type CertificateOption
- type Config
- type PEMType
Constants ¶
This section is empty.
Variables ¶
var ( // EllipticCurve is the default curve used for key generation EllipticCurve = elliptic.P256() )
Functions ¶
func MarshalCertificate ¶
func MarshalCertificate(crt *x509.Certificate) (string, error)
MarshalCertificate returns PEM encoding of certificate
func MarshalCertificateRequest ¶
func MarshalCertificateRequest(csr *x509.CertificateRequest) (string, error)
MarshalCertificateRequest returns PEM encoding of certificate request
func MarshalCertificateSerial ¶
MarshalCertificateSerial converts certificate serial to string
func MarshalPrivateKey ¶
func MarshalPrivateKey(key crypto.PrivateKey) (string, error)
MarshalPrivateKey returns PEM encoding of key
func MarshalPublicKey ¶
MarshalPublicKey returns PEM encoding of key
func MarshalPublicKeySSH ¶
MarshalPublicKeySSH returns OpenSSH encoding of key
func MarshalYubiKeySerial ¶
MarshalYubiKeySerial converts YubiKey serial to string
func NewCertificate ¶
func NewCertificate(template *x509.Certificate, pub crypto.PublicKey) (*dto.Certificate, error)
NewCertificate issues a new certificate using the given template
func NewCertificateRequest ¶
func NewCertificateRequest(tpl *x509.CertificateRequest, priv interface{}) (*x509.CertificateRequest, error)
NewCertificateRequest creates new signed certificate request using the given key
func NewPrivateKey ¶
func NewPrivateKey() (*ecdsa.PrivateKey, error)
NewPrivateKey generates new private key using `EllipticCurve`
func NewRevocationList ¶
func NewRevocationList(revoke ...pkix.RevokedCertificate) error
NewRevocationList issues a new certificate revocation list
func NewTemplate ¶
func NewTemplate(opts ...CertificateOption) (*x509.Certificate, error)
NewTemplate generates new x509 certificate with the given options
func ReadCertificate ¶
func ReadCertificate(filename string) (*x509.Certificate, error)
ReadCertificate loads certificate from file
func ReadPrivateKey ¶
func ReadPrivateKey(filename string) (crypto.PrivateKey, error)
ReadPrivateKey loads private key from file
func ReadRevocationList ¶
func ReadRevocationList(filename string) (*x509.RevocationList, error)
ReadRevocationList loads certificate revocation list from file
func UnmarshalCertificate ¶
func UnmarshalCertificate(raw string) (*x509.Certificate, error)
UnmarshalCertificate parses certificate from PEM-encoded string
func UnmarshalCertificateRequest ¶
func UnmarshalCertificateRequest(raw string) (*x509.CertificateRequest, error)
UnmarshalCertificateRequest parses certificate request from PEM-encoded string
func UnmarshalCertificateSerial ¶
MarshalCertificateSerial converts string to certificate serial
func UnmarshalPrivateKey ¶
func UnmarshalPrivateKey(raw string) (crypto.PrivateKey, error)
UnmarshalPrivateKey parses private key from PEM-encoded string
func UnmarshalRevocationList ¶
func UnmarshalRevocationList(raw string) (*x509.RevocationList, error)
UnmarshalRevocationList parses certificate revocation list from PEM-encoded string
func WriteCertificate ¶
func WriteCertificate(filename string, crt *x509.Certificate) error
WriteCertificate saves certificate to file
func WriteCertificateRequest ¶
func WriteCertificateRequest(filename string, csr *x509.CertificateRequest) error
WriteCertificateRequest saves certificate request to file
func WritePrivateKey ¶
func WritePrivateKey(filename string, key crypto.PrivateKey) error
WritePrivateKey saves private key to file
func WritePublicKey ¶
WritePublicKey saves public key to file
Types ¶
type CRLReason ¶
type CRLReason string
CRLReason is used for designating certificate revocation reason. See
type CertificateOption ¶
type CertificateOption func(*x509.Certificate) error
CertificateOption are used for easier template generation
func WithName ¶
func WithName(name pkix.Name) CertificateOption
WithName sets certificate subject to the given PKIX name
type Config ¶
type Config struct { Certificate string `yaml:"certificate"` PrivateKey string `yaml:"privateKey"` ExpirationDays int `yaml:"expirationDays"` CertificateURL string `yaml:"certificateUrl" bind:"required"` CRL string `yaml:"crl"` CRLExpirationDays int `yaml:"crlExpirationDays"` CRLURL string `yaml:"crlUrl" bind:"required"` }
Config holds CA configuration