Documentation
¶
Index ¶
- Constants
- Variables
- type CertificateAuthority
- type PrivKey
- type PubKey
- type RSAPrivKey
- func (k *RSAPrivKey) CSR(role, commonName string, hostList, ipList []string) ([]byte, error)
- func (k *RSAPrivKey) Deserialize(key []byte) error
- func (k *RSAPrivKey) PKCS12(cert *x509.Certificate, ca *CertificateAuthority) ([]byte, error)
- func (k *RSAPrivKey) Pem() []byte
- func (k *RSAPrivKey) Public() PubKey
- func (k *RSAPrivKey) Scheme() string
- func (k *RSAPrivKey) Serialize() ([]byte, error)
- func (k *RSAPrivKey) Signature(payload []byte) (string, error)
- func (k *RSAPrivKey) Signer() crypto.Signer
- func (k *RSAPrivKey) Type() string
- type RSAPubKey
- type Serializable
Constants ¶
View Source
const ( // KeyTypeRSA represents the RSA type of keys KeyTypeRSA = "rsa" // KeySchemeRSASSAPSSSHA256 represents rsassa-pss-sha256 scheme KeySchemeRSASSAPSSSHA256 = "rsassa-pss-sha256" // PKCS12Password is a hard-coded password for PKCS#12 file, it is by // intend to use pre-defined string instead of generated every time, // as the encryption of PKCS#12 it self is weak. The key should be // protected by other means. PKCS12Password = "tiup" )
View Source
const RSAKeyLength = 2048
RSAKeyLength define the length of RSA keys
Variables ¶
View Source
var ( // ErrorKeyUninitialized will be present when key is used before Deserialize called ErrorKeyUninitialized = errors.New("key not initialized, call Deserialize first") // ErrorDeserializeKey means the key format is not valid ErrorDeserializeKey = errors.New("error on deserialize key, check if the key is valid") // ErrorUnsupportedKeyType means we don't supported this type of key ErrorUnsupportedKeyType = errors.New("provided key type not supported") // ErrorUnsupportedKeySchema means we don't support this schema ErrorUnsupportedKeySchema = errors.New("provided schema not supported") )
Functions ¶
This section is empty.
Types ¶
type CertificateAuthority ¶
type CertificateAuthority struct {
ClusterName string
Cert *x509.Certificate
Key PrivKey
}
CertificateAuthority holds the CA of a cluster
func NewCA ¶
func NewCA(clsName string) (*CertificateAuthority, error)
NewCA generates a new CertificateAuthority object
func ReadCA ¶
func ReadCA(clsName, certPath, keyPath string) (*CertificateAuthority, error)
ReadCA reads an existing CA certificate from disk
type PrivKey ¶
type PrivKey interface {
Serializable
// Type returns the type of the key, e.g. RSA
Type() string
// Scheme returns the scheme of signature algorithm, e.g. rsassa-pss-sha256
Scheme() string
// Signature sign a signature with the key for payload
Signature(payload []byte) (string, error)
// Signer returns the signer of the private key
Signer() crypto.Signer
// Public returns public key of the PrivKey
Public() PubKey
// Pem returns the raw private key in PEM format
Pem() []byte
// CSR creates a new CSR from the private key
CSR(role, commonName string, hostList []string, IPList []string) ([]byte, error)
// PKCS12 encodes the certificate to a pfxData
PKCS12(cert *x509.Certificate, ca *CertificateAuthority) ([]byte, error)
}
PrivKey is the private key that provide signature method
func NewKeyPair ¶
NewKeyPair return a pair of key
type PubKey ¶
type PubKey interface {
Serializable
// Type returns the type of the key, e.g. RSA
Type() string
// Scheme returns the scheme of signature algorithm, e.g. rsassa-pss-sha256
Scheme() string
// Key returns the raw public key
Key() crypto.PublicKey
// VerifySignature check the signature is right
VerifySignature(payload []byte, sig string) error
}
PubKey is a public key available to TiUP
type RSAPrivKey ¶
type RSAPrivKey struct {
// contains filtered or unexported fields
}
RSAPrivKey represents the private key of RSA
func (*RSAPrivKey) CSR ¶
func (k *RSAPrivKey) CSR(role, commonName string, hostList, ipList []string) ([]byte, error)
CSR generates a new CSR from given private key
func (*RSAPrivKey) Deserialize ¶
func (k *RSAPrivKey) Deserialize(key []byte) error
Deserialize generate a private key from pem format
func (*RSAPrivKey) PKCS12 ¶
func (k *RSAPrivKey) PKCS12(cert *x509.Certificate, ca *CertificateAuthority) ([]byte, error)
PKCS12 encodes the private and certificate to a PKCS#12 pfxData
func (*RSAPrivKey) Pem ¶
func (k *RSAPrivKey) Pem() []byte
Pem returns the raw private key im PEM format
func (*RSAPrivKey) Public ¶
func (k *RSAPrivKey) Public() PubKey
Public returns public key of the PrivKey
func (*RSAPrivKey) Scheme ¶
func (k *RSAPrivKey) Scheme() string
Scheme returns the scheme of signature algorithm, e.g. rsassa-pss-sha256
func (*RSAPrivKey) Serialize ¶
func (k *RSAPrivKey) Serialize() ([]byte, error)
Serialize generate the pem format for a key
func (*RSAPrivKey) Signature ¶
func (k *RSAPrivKey) Signature(payload []byte) (string, error)
Signature sign a signature with the key for payload
func (*RSAPrivKey) Signer ¶
func (k *RSAPrivKey) Signer() crypto.Signer
Signer returns the signer of the private key
func (*RSAPrivKey) Type ¶
func (k *RSAPrivKey) Type() string
Type returns the type of the key, e.g. RSA
type RSAPubKey ¶
type RSAPubKey struct {
// contains filtered or unexported fields
}
RSAPubKey represents the public key of RSA
func (*RSAPubKey) Deserialize ¶
Deserialize generate a public key from pem format
Source Files
Click to show internal directories.
Click to hide internal directories.