Documentation
¶
Index ¶
- Constants
- type Certificate
- func (c *Certificate) Generate() error
- func (c *Certificate) PEM() (cert []byte, key []byte, err error)
- func (c *Certificate) PrivateKey() (crypto.Signer, error)
- func (c *Certificate) PublicKey() (crypto.PublicKey, error)
- func (c *Certificate) TLSCertificate() (tls.Certificate, error)
- func (c *Certificate) WritePEM(certFile, keyFile string) error
- func (c *Certificate) X509Certificate() (x509.Certificate, error)
- type KeyType
Constants ¶
const ( KeyTypeEC = iota KeyTypeRSA )
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Certificate ¶
type Certificate struct {
// Subject defines the distinguished name for the certificate.
// Example: CN=Joe.
Subject string `json:"subject"`
// SubjectAltNames defines an optional list of values for x509 Subject Alternative Name extension.
// Examples: DNS:www.example.com, IP:1.2.3.4, URI:https://www.example.com.
SubjectAltNames []string `json:"sans"`
// KeyType defines the certificate key algorithm.
// Default value is KeyTypeEC (elliptic curve) if KeyType is undefined (when value is 0).
KeyType KeyType `json:"-"`
// KeySize defines the key length in bits.
// Default value is 256 (EC) or 2048 (RSA) if KeySize is undefined (when value is 0).
// Examples: For key_type EC: 256, 384, 521. For key_type RSA: 1024, 2048, 4096.
KeySize int `json:"key_size"`
// Expires automatically defines certificate's NotAfter field by adding duration defined in Expires to the current time.
// Default value is 8760h (one year) if Expires is undefined (when value is nil).
// NotAfter takes precedence over Expires.
Expires *time.Duration `json:"-"`
// KeyUsage defines bitmap of values for x509 key usage extension.
// If KeyUsage is undefined (when value is 0),
// CertSign and CRLSign are set for CA certificates,
// KeyEncipherment and DigitalSignature are set for end-entity certificates.
KeyUsage x509.KeyUsage `json:"-"`
// ExtKeyUsage defines a sequence of x509 extended key usages.
// Not set by default.
ExtKeyUsage []x509.ExtKeyUsage `json:"-"`
// Issuer refers to the issuer Certificate.
// Self-signed certificate is generated if Issuer is undefined (when value is nil).
Issuer *Certificate `json:"-" hash:"-"`
// IsCA defines if certificate is / is not CA.
// If IsCA is undefined (when value is nil), true is set by default for self-signed certificates (Issuer is nil).
IsCA *bool `json:"ca"`
// NotBefore defines certificate not to be valid before this time.
// Default value is current time if NotBefore is undefined (when value is nil).
NotBefore *time.Time `json:"not_before"`
// NotAfter defines certificate not to be valid after this time.
// Default value is current time + Expires if NotAfter is undefined (when value is nil)
NotAfter *time.Time `json:"not_after"`
// SerialNumber defines serial number for the certificate.
// If not set, the default value is current time in nanoseconds.
SerialNumber *big.Int `json:"-" hash:"-"`
// GeneratedCert is a pointer to the generated certificate and private key.
// It is automatically set after calling any of the Certificate functions.
GeneratedCert *tls.Certificate `json:"-" hash:"-"`
}
Certificate defines the properties for generating a certificate.
Note that struct tags are for certyaml command line command to unmarshal manifest file.
func (*Certificate) Generate ¶
func (c *Certificate) Generate() error
Generate forces re-generation of key pair and certificate according to current state of the Certificate. Usually it is automatically called when necessary, e.g. PEM() will internally call Generate(). It can be called explicitly after changing Certificate fields since certificate was last generated, or when a new certificate with same values is needed. Error is not nil if generation fails.
func (*Certificate) PEM ¶
func (c *Certificate) PEM() (cert []byte, key []byte, err error)
PEM returns the Certificate as certificate and private key PEM buffers. Complete certificate chain (up to but not including root) is included for end-entity certificates. A key pair and certificate will be generated at first call of any Certificate functions. Error is not nil if generation fails.
func (*Certificate) PrivateKey ¶
func (c *Certificate) PrivateKey() (crypto.Signer, error)
PrivateKey returns crypto.Signer that represents the PrivateKey associated to the Certificate. A key pair and certificate will be generated at first call of any Certificate functions. Error is not nil if generation fails.
func (*Certificate) PublicKey ¶
func (c *Certificate) PublicKey() (crypto.PublicKey, error)
PublicKey returns crypto.PublicKey associated to the Certificate. A key pair and certificate will be generated at first call of any Certificate functions. Error is not nil if generation fails.
func (*Certificate) TLSCertificate ¶
func (c *Certificate) TLSCertificate() (tls.Certificate, error)
TLSCertificate returns the Certificate as tls.Certificate. Complete certificate chain (up to but not including root) is included for end-entity certificates. A key pair and certificate will be generated at first call of any Certificate functions. Error is not nil if generation fails.
func (*Certificate) WritePEM ¶
func (c *Certificate) WritePEM(certFile, keyFile string) error
WritePEM writes the Certificate as certificate and private key PEM files. Complete certificate chain (up to but not including root) is included for end-entity certificates. A key pair and certificate will be generated at first call of any Certificate functions. Error is not nil if generation fails.
func (*Certificate) X509Certificate ¶
func (c *Certificate) X509Certificate() (x509.Certificate, error)
X509Certificate returns the Certificate as x509.Certificate. A key pair and certificate will be generated at first call of any Certificate functions. Error is not nil if generation fails.
Source Files