tls

package
v0.1.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Nov 23, 2019 License: Apache-2.0 Imports: 12 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	Duration           = 3650 // 10 years = 3650 days
	OrganizationalUnit = "KubeKit"
	Organization       = "LifeRaft"
	Locality           = "San Diego"
	Province           = "California"
	Country            = "US"
)

Constants used to create the certificate

View Source 
const EnvCAKeyPassword = "KUBEKIT_CA_KEY_PASSWORD"

EnvCAKeyPassword is the environment variable to store the password used to encrypt the provided CA Key file

Variables

View Source 
var (
	GenericDNSNames = []string{
		"localhost",
	}
	GenericIPAddresses = []string{
		"127.0.0.1",
	}
)

Temporal: DNS and IPs to include in the certificates

Functions

func GenCAPrivateKey 

func GenCAPrivateKey(filename string) (caKey *rsa.PrivateKey, caKeyBytes []byte, err error)

GenCAPrivateKey generates a CA RSA Key or returns the CA Key from the given filename. The file (if provided) should contain a PEM encoded CA RSA Key

func GenRSAPrivateKey 

func GenRSAPrivateKey() (key *rsa.PrivateKey, err error)

GenRSAPrivateKey generates a RSA private key

func NewSelfSignedCACert 

func NewSelfSignedCACert(caKey *rsa.PrivateKey, cn string) (*x509.Certificate, error)

NewSelfSignedCACert creates a Self Signed CA Certificate with a given CA Private Key and a Common Name

func NewSignedCert 

func NewSignedCert(privKey *rsa.PrivateKey, caKeyPair *KeyPair, cn, o string, dns, ips []string, extKeyUsage []x509.ExtKeyUsage) (*x509.Certificate, error)

NewSignedCert creates a Self Signed Certificate with a given private key, the CA key pair (key and cert) and a Common Name

func SelfSignedCACert 

func SelfSignedCACert(filename string, caKey *rsa.PrivateKey, cn string) (*x509.Certificate, []byte, error)

SelfSignedCACert generates a CA x509 Certificate from a CA RSA Key or returns the CA x509 Certificate from the given filename. The file (if provided) should contain a PEM encoded CA x509 Certificate

func SignedCert 

func SignedCert(privKey *rsa.PrivateKey, caKeyPair *KeyPair, cn, o string, dns, ips []string, extKeyUsage []x509.ExtKeyUsage) (*x509.Certificate, []byte, error)

SignedCert generates a Self Signed Certificate and returns also the pem decoded bytes

Types

type KeyPair 

type KeyPair struct {
	Name           string
	KeyFile        string
	PrivateKey     *rsa.PrivateKey
	PrivateKeyPEM  []byte
	CN             string
	O              string
	DNSNames       []string
	IPAddresses    []string
	CertFile       string
	Certificate    *x509.Certificate
	CertificatePEM []byte
	IsCA           bool
	ExtKeyUsage    []x509.ExtKeyUsage
}

KeyPair encapsulate the Private Key and Certificate key pair

func Load 

func Load(baseCertsDir, name, cn string) (*KeyPair, error)

Load creates and loads the key pair from the key and cert files located in the given directory

func NewCAKeyPair 

func NewCAKeyPair(fromCAKeyPair *KeyPair, baseCertsDir, name, cn string) (*KeyPair, error)

NewCAKeyPair creates a new CA Key Pair from the given filenames or generates them if the files does not exists

func NewEmptyKeyPair 

func NewEmptyKeyPair(baseCertsDir, name, cn, o string, dns, ips []string, extKeyUsage []x509.ExtKeyUsage) *KeyPair

NewEmptyKeyPair creates a KeyPair with everything but the key and cert

func NewKeyPair 

func NewKeyPair(baseCertsDir, name, cn, o string, dns, ips []string, caKeyPair *KeyPair, extKeyUsage []x509.ExtKeyUsage) (*KeyPair, error)

NewKeyPair creates a new KeyPair with the key and cert

func (*KeyPair) GenCAKeyPair 

func (kp *KeyPair) GenCAKeyPair(fromCAKeyPair *KeyPair) error

GenCAKeyPair reads the CA Key and Certificate from the given files or generates them if the file names are empty or does not exists

func (*KeyPair) GenKeyPair 

func (kp *KeyPair) GenKeyPair(caKeyPair *KeyPair) error

GenKeyPair creates the key and cert

func (*KeyPair) Load 

func (kp *KeyPair) Load() error

Load loads the keypair from the files in the given directory, if they exists

func (*KeyPair) NewFilenames 

func (kp *KeyPair) NewFilenames(baseCertsDir, name string) (prevKeyFile string, prevCertFile string)

NewFilenames updates the Key Pair filenames (key and cert) using a new base directory and name. If name is empty will use the current Key Pair name. It returns the previous filenames

func (*KeyPair) PEMEncodeCert 

func (kp *KeyPair) PEMEncodeCert() []byte

PEMEncodeCert returns the PEM encode of the given certificate

func (*KeyPair) PEMEncodePrivateKey 

func (kp *KeyPair) PEMEncodePrivateKey() []byte

PEMEncodePrivateKey returns the PEM encode of the given private key

func (*KeyPair) SaveCertificate 

func (kp *KeyPair) SaveCertificate(overwrite bool) error

SaveCertificate saves the certificate file from this key pair

func (*KeyPair) SavePrivateKey 

func (kp *KeyPair) SavePrivateKey(overwrite bool) error

SavePrivateKey saves the private key file from this key pair

type KeyPairs 

type KeyPairs map[string]*KeyPair

KeyPairs is a list of KeyPair

func (KeyPairs) Save 

func (kps KeyPairs) Save(overwrite bool) error

Save saves all the private keys and certificates (if not empty) for all the Key Pairs

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.