certutil

package

v0.1.0 Latest Latest Go to latest Published: Oct 18, 2019 License: MIT Imports: 22 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/fhofherr/acmeproxy

Links

Open Source Insights

Documentation ¶

Overview ¶

Package certutil contains utility code to parse and inspect cryptographic certificates.

In addition to utility code certutil defines all key types supported by acmeproxy.

The contents of certutil are intended for use in production as well as in test code.

Index ¶

func AssertCertificateValid(t *testing.T, domain string, issuerCerts, certificate []byte)
func AssertKeyBelongsToCertificate(t *testing.T, kt KeyType, certificate, key []byte)
func CreateOpenSSLPrivateKey(t *testing.T, kt KeyType, keyPath string, pemEncode bool)
func CreateOpenSSLSelfSignedCertificate(t *testing.T, commonName, keyFile, certFile string, pemEncode bool)
func CreateSelfSignedCertificate(t *testing.T, cn string, pk crypto.PrivateKey) *x509.Certificate
func KeyMust(key crypto.PrivateKey, err error) crypto.PrivateKey
func NewPrivateKey(kt KeyType) (crypto.PrivateKey, error)
func ParseCertificate(certificate []byte, pemDecode bool) (*x509.Certificate, error)
func ReadCertificate(r io.Reader, pemDecode bool) (*x509.Certificate, error)
func ReadCertificateFromFile(path string, pemDecode bool) (*x509.Certificate, error)
func ReadPrivateKey(kt KeyType, r io.Reader, pemDecode bool) (crypto.PrivateKey, error)
func ReadPrivateKeyFromFile(kt KeyType, path string, pemDecode bool) (crypto.PrivateKey, error)
func WriteCertificate(cert *x509.Certificate, w io.Writer, pemEncode bool) error
func WriteCertificateForTesting(t *testing.T, certFile string, cn string, pk crypto.PrivateKey, pemEncode bool) *x509.Certificate
func WriteCertificateToFile(cert *x509.Certificate, path string, pemEncode bool) error
func WritePrivateKey(key crypto.PrivateKey, w io.Writer, pemEncode bool) error
func WritePrivateKeyForTesting(t *testing.T, keyFile string, kt KeyType, pemEncode bool) crypto.PrivateKey
func WritePrivateKeyToFile(key crypto.PrivateKey, path string, pemEncode bool) error
type KeyType
- func DetermineKeyType(key crypto.PrivateKey) (KeyType, error)

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func AssertCertificateValid ¶

func AssertCertificateValid(t *testing.T, domain string, issuerCerts, certificate []byte)

AssertCertificateValid asserts that the certificate was signed by using the issuerCerts for the domain.

func AssertKeyBelongsToCertificate ¶

func AssertKeyBelongsToCertificate(t *testing.T, kt KeyType, certificate, key []byte)

AssertKeyBelongsToCertificate asserts that the key belongs to the certificate.

func CreateOpenSSLPrivateKey ¶

func CreateOpenSSLPrivateKey(t *testing.T, kt KeyType, keyPath string, pemEncode bool)

CreateOpenSSLPrivateKey creates private key files using OpenSSL.

This is especially useful for testing: in order to test reading key files we need such files. Writing them with our own code seems awkward. Therefore we use openssl to write those files. The files are checked into version control to allow the tests to succeed on systems where openssl is not available.

func CreateOpenSSLSelfSignedCertificate ¶

func CreateOpenSSLSelfSignedCertificate(t *testing.T, commonName, keyFile, certFile string, pemEncode bool)

CreateOpenSSLSelfSignedCertificate creates a self-signed certificate using OpenSSL.

This is especially useful for testing: in order to test reading certificate files we need such files. Writing them with our own code seems awkward. Therefore we use openssl to write those files. The files are checked into version control to allow the tests to succeed on systems where openssl is not available.

func CreateSelfSignedCertificate ¶

func CreateSelfSignedCertificate(t *testing.T, cn string, pk crypto.PrivateKey) *x509.Certificate

CreateSelfSignedCertificate uses pk to create a self-signed x509 certificate.

func KeyMust ¶

func KeyMust(key crypto.PrivateKey, err error) crypto.PrivateKey

KeyMust panics err != nil. It returns key otherwise. KeyMust should not be called in production code unless the caller is absolutely sure that a panic is warranted.

func NewPrivateKey ¶

func NewPrivateKey(kt KeyType) (crypto.PrivateKey, error)

NewPrivateKey creates a new private key for the specified key type.

It uses crypto/rand.Reader as the source for cryptographically secure random numbers.

func ParseCertificate ¶

func ParseCertificate(certificate []byte, pemDecode bool) (*x509.Certificate, error)

ParseCertificate reads an x509 certificate. If pemDecode is true ParseCertificate attempts to PEM decode the data before parsing the certificate.

func ReadCertificate ¶

func ReadCertificate(r io.Reader, pemDecode bool) (*x509.Certificate, error)

ReadCertificate reads an x509 certificate from the passed reader. If pemDecode is true ReadCertificateFromFile attempts to PEM decode the file before parsing the certificate.

func ReadCertificateFromFile ¶

func ReadCertificateFromFile(path string, pemDecode bool) (*x509.Certificate, error)

ReadCertificateFromFile reads an x509 certificate from the passed file. If pemDecode is true ReadCertificateFromFile attempts to PEM decode the file before parsing the certificate.

func ReadPrivateKey ¶

func ReadPrivateKey(kt KeyType, r io.Reader, pemDecode bool) (crypto.PrivateKey, error)

ReadPrivateKey reads an private key from r using either ReadECDSAPrivateKey or ReadRSAPrivateKey.

The value of kt determines which the type of key to be read. To read an ECDSA private key any of the EC* values can be used. Likewise to read an RSA private key any of the RSA* values can be passed.

func ReadPrivateKeyFromFile ¶

func ReadPrivateKeyFromFile(kt KeyType, path string, pemDecode bool) (crypto.PrivateKey, error)

ReadPrivateKeyFromFile reads a private key of type kt from the file at the specified path. If pemDecode is true ReadPrivateKeyFromFile assumes the key is PEM encoded and decodes it accordingly.

func WriteCertificate ¶

func WriteCertificate(cert *x509.Certificate, w io.Writer, pemEncode bool) error

WriteCertificate writes cert to w. If pemEncode is true the certificate is PEM encoded before writing. Otherwise the certificate is written in ASN.1 DER encoded form.

func WriteCertificateForTesting ¶

func WriteCertificateForTesting(
	t *testing.T, certFile string, cn string, pk crypto.PrivateKey, pemEncode bool,
) *x509.Certificate

WriteCertificateForTesting creates and writes a self-signed certificate for use during unit tests. See CreateSelfSignedCertificate for details about how the certificate is created.

func WriteCertificateToFile ¶

func WriteCertificateToFile(cert *x509.Certificate, path string, pemEncode bool) error

WriteCertificateToFile writes the passed certificate to the file specified by path. If pemEncode is true the certificate is PEM encoded before writing. Otherwise the certificate is written in ASN.1 DER encoded form.

func WritePrivateKey ¶

func WritePrivateKey(key crypto.PrivateKey, w io.Writer, pemEncode bool) error

WritePrivateKey writes a private key to a file.

WritePrivateKey returns an error if the writing the key to w fails or if WritePrivateKey does not support the type of private key passed.

If pemEncode is true WritePrivateKey PEM-encodes the private key before it writes it to w.

func WritePrivateKeyForTesting ¶

func WritePrivateKeyForTesting(t *testing.T, keyFile string, kt KeyType, pemEncode bool) crypto.PrivateKey

WritePrivateKeyForTesting generates a private key of type kt and writes it to keyFile. If pemEncode is true the key is PEM encoded.

func WritePrivateKeyToFile ¶

func WritePrivateKeyToFile(key crypto.PrivateKey, path string, pemEncode bool) error

WritePrivateKeyToFile writes the private key into the file given by path.

If pemEncode is true it will PEM encode the private key before writing it.

WritePrivateKeyToFile creates any missing intermediate directories.

Types ¶

type KeyType ¶

type KeyType int

KeyType represents the types of cryptographic keys supported by acmeproxy.

The supported key types are dictated by what our ACME client library supports.

const (
	// EC256 represents an ECDSA key using an elliptic curve implementing P-256.
	EC256 KeyType = iota
	// EC384 represents an ECDSA key using an elliptic curve implementing P-384.
	EC384
	// RSA2048 represents an RSA key with a size of 2048 bits.
	RSA2048
	// RSA4096 represents an RSA key with a size of 4096 bits.
	RSA4096
	// RSA8192 represents an RSA key with a size of 8192 bits.
	RSA8192
)

func DetermineKeyType ¶

func DetermineKeyType(key crypto.PrivateKey) (KeyType, error)

DetermineKeyType inspects the passed key and returns the appropriate KeyType. It returns an error if it could not determine the passed key type. In this case the returned key type is wrong and has to be ignored.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL