derivecert

package

v0.25.2 Latest Latest Go to latest Published: Apr 5, 2024 License: Apache-2.0 Imports: 15 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/pomerium/pomerium

Links

Open Source Insights

Documentation ¶

Overview ¶

Package derivecert is used to deterministically generate TLS certificate authority and certificates out of pre-shared key

Index ¶

type CA
- func CAFromPEM(p PEM) (*CA, string, error)
- func NewCA(psk []byte) (*CA, error)
type PEM
- func ToPEM(key *ecdsa.PrivateKey, certDer []byte) (*PEM, error)
- func (p *PEM) KeyCert() (*ecdsa.PrivateKey, *x509.Certificate, error)
- func (p *PEM) TLS() (tls.Certificate, error)

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type CA ¶

type CA struct {
	// contains filtered or unexported fields
}

CA is certificate authority

func NewCA ¶

func NewCA(psk []byte) (*CA, error)

NewCA creates new certificate authority using a pre-shared key. This certificate authority is generated on the fly and would yield the same private key every time for the given PSK.

That allows services that have a certain pre-shared key (i.e. shared_secret) to have automatic TLS without need to share and distribute certs, and provides a better alternative to plaintext communication, but is not a replacement for proper mTLS.

func (*CA) Key ¶

func (ca *CA) Key() *ecdsa.PrivateKey

Key returns CA private key

func (*CA) NewServerCert ¶

func (ca *CA) NewServerCert(domains []string, configure ...func(*x509.Certificate)) (*PEM, error)

NewServerCert generates certificate for the given domain name(s)

func (*CA) PEM ¶

func (ca *CA) PEM() (*PEM, error)

PEM returns PEM-encoded cert and key

type PEM ¶

type PEM struct {
	Cert []byte
	Key  []byte
}

PEM representation of certificate authority data, serializable to JSON

func ToPEM ¶

func ToPEM(key *ecdsa.PrivateKey, certDer []byte) (*PEM, error)

ToPEM converts private key and certificate into PEM representation

func (*PEM) KeyCert ¶

func (p *PEM) KeyCert() (*ecdsa.PrivateKey, *x509.Certificate, error)

KeyCert parses private key and cert from PEM encoded format

func (*PEM) TLS ¶

func (p *PEM) TLS() (tls.Certificate, error)

TLS parses PEM and returns TLS certificate

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
config Package config implements derived certs in the Pomerium Configuration	Package config implements derived certs in the Pomerium Configuration

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL

Documentation ¶

Overview ¶

Index ¶

Constants ¶

Variables ¶

Functions ¶

Types ¶

type CA ¶

func CAFromPEM ¶

func NewCA ¶

func (*CA) Key ¶

func (*CA) NewServerCert ¶

func (*CA) PEM ¶

type PEM ¶

func ToPEM ¶

func (*PEM) KeyCert ¶

func (*PEM) TLS ¶

Source Files ¶

Directories ¶