Documentation ¶
Overview ¶
Package tls provides methods for common TLS-related tasks
Index ¶
- Constants
- func ExportDER(certificate *Certificate) ([]byte, []byte, error)
- func ExportPEM(certificate *Certificate) ([]byte, []byte, error)
- func ExportPKCS12(certificate *Certificate, issuer *Certificate, password string) ([]byte, error)
- type AlternateName
- type Certificate
- func GenerateCertificate(request CertificateRequest, issuer *Certificate) (*Certificate, error)
- func ImportP12(p12Data []byte, password string) (*Certificate, error)
- func ImportPEM(certData []byte, keyData []byte, password string) (*Certificate, error)
- func ImportPEMCertificate(certData []byte) (*Certificate, error)
- type CertificateRequest
- type DateRange
- type KeyUsage
- type Name
- type StatusProviders
Constants ¶
const ( // AlternateNameTypeDNS enum value for DNS type alternate names AlternateNameTypeDNS = "dns" // AlternateNameTypeEmail enum value for Email type alternate names AlternateNameTypeEmail = "email" // AlternateNameTypeIP enum value for IP type alternate names AlternateNameTypeIP = "ip" // AlternateNameTypeURI enum value for URI type alternate names AlternateNameTypeURI = "uri" )
const ( // RSA with a 2048-bit key KeyTypeRSA_2048 = "rsa2048" // RSA with a 4096-bit key KeyTypeRSA_4096 = "rsa4096" // RSA with a 8192-bit key KeyTypeRSA_8192 = "rsa8192" // ECDSA with a 256-bit curve KeyTypeECDSA_256 = "ecc256" // ECDSA with a 394-bit curve KeyTypeECDSA_384 = "ecc384" )
const ( // SHA 256 SignatureAlgorithmSHA256 = "sha256" // SHA 348 SignatureAlgorithmSHA384 = "sha384" // SHA 512 SignatureAlgorithmSHA512 = "sha512" )
Variables ¶
This section is empty.
Functions ¶
func ExportDER ¶
func ExportDER(certificate *Certificate) ([]byte, []byte, error)
ExportDER will generate DER files for the certificate and private key. Returns the certificate data, key data, and optional error.
func ExportPEM ¶
func ExportPEM(certificate *Certificate) ([]byte, []byte, error)
ExportPEM will generate PEM files for the certificate and private key. Returns the certificate data, key data, and optional error.
func ExportPKCS12 ¶
func ExportPKCS12(certificate *Certificate, issuer *Certificate, password string) ([]byte, error)
ExportPKCS12 will generate a PKCS12 bag for the given certificate and private key.
An optional issuer certificate can be specified. When included the certificate is included in the bag.
A password is required. Providing an empty string will return an error.
Types ¶
type AlternateName ¶
AlternateName describes an alternate name
type Certificate ¶
type Certificate struct { Serial string Subject Name CertificateAuthority bool CertificateData string KeyData string }
Certificate describes a certificate
func GenerateCertificate ¶
func GenerateCertificate(request CertificateRequest, issuer *Certificate) (*Certificate, error)
GenerateCertificate will generate a certificate from the given certificate request
func ImportP12 ¶
func ImportP12(p12Data []byte, password string) (*Certificate, error)
ImportP12 try to import the given P12 data as a certificate object
func ImportPEM ¶
func ImportPEM(certData []byte, keyData []byte, password string) (*Certificate, error)
ImportPEM try to import the given PEM data as a certificate object
func ImportPEMCertificate ¶
func ImportPEMCertificate(certData []byte) (*Certificate, error)
ImportPEMCertificate try to import the given PEM certificate only
func (Certificate) Clone ¶
func (c Certificate) Clone() CertificateRequest
Clone return a certificate request that would match this certificate
func (Certificate) Description ¶
func (c Certificate) Description() string
Description return a script description of the certificate
func (Certificate) PKey ¶
func (c Certificate) PKey() crypto.PrivateKey
pKey return the crypto.PrivateKey structure for this certificate (reading from the KeyData bytes). This will panic on an error, but that shouldn't happen unless KeyData was corrupted.
func (Certificate) X509 ¶
func (c Certificate) X509() *x509.Certificate
x509 return the x509.Certificate data structure for this certificate (reading from the CertificateData bytes). This will panic on an error, but that shouldn't happen unless CertificateData was corrupted.
type CertificateRequest ¶
type CertificateRequest struct { KeyType string SignatureAlgorithm string Subject Name Validity DateRange AlternateNames []AlternateName Usage KeyUsage IsCertificateAuthority bool StatusProviders StatusProviders }
CertificateRequest describes a certificate request
type KeyUsage ¶
type KeyUsage struct { // Basic DigitalSignature bool ContentCommitment bool KeyEncipherment bool DataEncipherment bool KeyAgreement bool CertSign bool CRLSign bool EncipherOnly bool DecipherOnly bool // Extended ServerAuth bool ClientAuth bool CodeSigning bool EmailProtection bool TimeStamping bool OCSPSigning bool CustomEKUs []string }
KeyUsage describes usage properties for an X.509 key
type Name ¶
type Name struct { Organization string City string Province string Country string CommonName string }
Name describes a X.509 name object
type StatusProviders ¶
StatusProviders describes providers for certificate status