Documentation ¶
Index ¶
- func CreateCSR(request CertificateRequest) (*x509.CertificateRequest, any, error)
- func CreateCertificate(certInput CertificateInput) (*x509.Certificate, error)
- func CreateCertificateFromCSR(request *x509.CertificateRequest, notBefore time.Time, validFor time.Duration, ...) (*x509.Certificate, error)
- func DecodeCSR(path string) (*x509.CertificateRequest, error)
- func DecodeCertificate(path string) ([]*x509.Certificate, error)
- func GeneratePrivateKey(signatureAlg x509.SignatureAlgorithm) (keys any, err error)
- func GetCertificateChain(u *url.URL) ([]*x509.Certificate, error)
- func PrintCSR(csr *x509.CertificateRequest) error
- func PrintCertificates(host string, chain []*x509.Certificate) error
- func ReadKey(path string) (any, error)
- func SaveCSR(csr *x509.CertificateRequest, targetPath string) error
- func SaveCertificate(path string, cert *x509.Certificate, certFormat string) error
- func SaveCertificateChain(folderPath string, chain []*x509.Certificate, certFormat string) error
- func SavePrivateKey(privateKey any, targetPath string) error
- func ValidateCertificate(host string, cert *x509.Certificate) (bool, error)
- type CertificateInput
- type CertificateRequest
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func CreateCSR ¶
func CreateCSR(request CertificateRequest) (*x509.CertificateRequest, any, error)
CreateCSR creates a new Certificate Signature Request and returns it as a slice of bytes
func CreateCertificate ¶
func CreateCertificate(certInput CertificateInput) (*x509.Certificate, error)
CreateCertificate generates a self-signed X509 certificate
func CreateCertificateFromCSR ¶
func CreateCertificateFromCSR(request *x509.CertificateRequest, notBefore time.Time, validFor time.Duration, isCA bool, privateKey any) (*x509.Certificate, error)
CreateCertificateFromCSR generates a self-signed X509 certificate from a CSR request
func DecodeCSR ¶
func DecodeCSR(path string) (*x509.CertificateRequest, error)
DecodeCSR reads a PEM .csr file, decodes it
func DecodeCertificate ¶
func DecodeCertificate(path string) ([]*x509.Certificate, error)
DecodeCertificate reads a certificate file, decodes it. The reason for returning a slice is that PKCS7 files are allowed to contain multiple certificates
func GeneratePrivateKey ¶
func GeneratePrivateKey(signatureAlg x509.SignatureAlgorithm) (keys any, err error)
func GetCertificateChain ¶
func GetCertificateChain(u *url.URL) ([]*x509.Certificate, error)
GetCertificateChain gets the certificate chain for the hostname or a URL. In case the certificate chain does not contain the root certificate, we will attend to fetch it using issuer location of the last certificate from the chain.
func PrintCSR ¶
func PrintCSR(csr *x509.CertificateRequest) error
PrintCSR print the content the CSR request to the STDOUT in OpenSSL text format
func PrintCertificates ¶
func PrintCertificates(host string, chain []*x509.Certificate) error
PrintCertificates prints the certificates from the chain to stdout in human-readable format.
func SaveCSR ¶
func SaveCSR(csr *x509.CertificateRequest, targetPath string) error
SaveCSR saves the CSR in PEM format to a location
func SaveCertificate ¶
func SaveCertificate(path string, cert *x509.Certificate, certFormat string) error
SaveCertificate saves a certificate to the location specified by the `path` using a supported format
func SaveCertificateChain ¶
func SaveCertificateChain(folderPath string, chain []*x509.Certificate, certFormat string) error
SaveCertificateChain saves the certificates from the chain into a folder
func SavePrivateKey ¶
SavePrivateKey saves the private key (RSA, EC) in PEM format to a location
func ValidateCertificate ¶
func ValidateCertificate(host string, cert *x509.Certificate) (bool, error)
ValidateCertificate validate server certificate using the following steps: 1. Check the expiration date 2. Check if the certificate is trusted using the trust store from the host machine 3. Check if the certificate is not part of a revocation list
Types ¶
type CertificateInput ¶
type CertificateInput struct { CommonName string NotBefore time.Time ValidFor time.Duration IsCA bool Country *[]string State *[]string City *[]string Street *[]string PostalCode *[]string Organization *[]string OrgUnit *[]string EmailAddresses *[]string OidEmail string SubjectAlternativeHosts *[]string PrivateKey any }