Documentation
¶
Overview ¶
Package pki provides types and functions to support the public key infrastructure of the Ivory Operator. It enforces a two layer system of certificate authorities and certificates.
NewRootCertificateAuthority() creates a new root CA. GenerateLeafCertificate() creates a new leaf certificate.
Certificate and PrivateKey are primitives that can be marshaled.
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func RootIsValid ¶
func RootIsValid(root *RootCertificateAuthority) bool
RootIsValid checks if root is valid according to this package's policies.
Types ¶
type Certificate ¶
type Certificate struct {
// contains filtered or unexported fields
}
Certificate represents an X.509 certificate that conforms to the Internet PKI Profile, RFC 5280.
func (Certificate) CommonName ¶
func (c Certificate) CommonName() string
CommonName returns a copy of the certificate common name (ASN.1 OID 2.5.4.3).
func (Certificate) DNSNames ¶
func (c Certificate) DNSNames() []string
DNSNames returns a copy of the certificate subject alternative names (ASN.1 OID 2.5.29.17) that are DNS names.
func (Certificate) Equal ¶
func (c Certificate) Equal(other Certificate) bool
Equal reports whether c and other have the same value.
func (Certificate) MarshalText ¶
func (c Certificate) MarshalText() ([]byte, error)
MarshalText returns a PEM encoding of c that OpenSSL understands.
func (*Certificate) UnmarshalText ¶
func (c *Certificate) UnmarshalText(data []byte) error
UnmarshalText populates c from its PEM encoding.
type LeafCertificate ¶
type LeafCertificate struct {
Certificate Certificate
PrivateKey PrivateKey
}
LeafCertificate is a certificate and private key pair that can be validated by RootCertificateAuthority.
type PrivateKey ¶
type PrivateKey struct {
// contains filtered or unexported fields
}
PrivateKey represents the private key of a Certificate.
func (PrivateKey) Equal ¶
func (k PrivateKey) Equal(other PrivateKey) bool
Equal reports whether k and other have the same value.
func (PrivateKey) MarshalText ¶
func (k PrivateKey) MarshalText() ([]byte, error)
MarshalText returns a PEM encoding of k that OpenSSL understands.
func (*PrivateKey) UnmarshalText ¶
func (k *PrivateKey) UnmarshalText(data []byte) error
UnmarshalText populates k from its PEM encoding.
type RootCertificateAuthority ¶
type RootCertificateAuthority struct {
Certificate Certificate
PrivateKey PrivateKey
}
RootCertificateAuthority is a certificate and private key pair that can generate other certificates.
func NewRootCertificateAuthority ¶
func NewRootCertificateAuthority() (*RootCertificateAuthority, error)
NewRootCertificateAuthority generates a new key and self-signed certificate for issuing other certificates.
func (*RootCertificateAuthority) GenerateLeafCertificate ¶
func (root *RootCertificateAuthority) GenerateLeafCertificate( commonName string, dnsNames []string, ) (*LeafCertificate, error)
GenerateLeafCertificate generates a new key and certificate signed by root.
func (*RootCertificateAuthority) RegenerateLeafWhenNecessary ¶
func (root *RootCertificateAuthority) RegenerateLeafWhenNecessary( leaf *LeafCertificate, commonName string, dnsNames []string, ) (*LeafCertificate, error)
RegenerateLeafWhenNecessary returns leaf when it is valid according to this package's policies, signed by root, and has commonName and dnsNames in its subject. Otherwise, it returns a new key and certificate signed by root.
Source Files