Documentation ¶
Overview ¶
Package certsetup with creation of self signed certificate chain using ECDSA signing Credits: https://gist.github.com/shaneutt/5e1995295cff6721c89a71d13a71c251
Index ¶
- Constants
- func CertDerToPEM(derCertBytes []byte) string
- func CertFromPEM(certPEM string) (*x509.Certificate, error)
- func CreateCertificateBundle(hostname string, certFolder string) error
- func CreateClientCert(clientID string, ou string, clientPubKeyPEM, caCertPEM string, caKeyPEM string, ...) (certPEM string, err error)
- func CreateHubCA() (certPEM string, keyPEM string)
- func CreateHubCert(hosts string, hubPublicKeyPEM string, caCertPEM string, caKeyPEM string) (certPEM string, err error)
- func LoadOrCreateCertKey(certFolder string, keyFile string) (*ecdsa.PrivateKey, error)
- func LoadPEM(certFolder string, fileName string) (pem string, err error)
- func SaveCertToPEM(pem string, certFolder string, fileName string) error
- func SaveKeyToPEM(pem string, certFolder string, fileName string) error
Constants ¶
const ( CaCertFile = "caCert.pem" // CA that signed the server and client certificates CaKeyFile = "caKey.pem" ServerCertFile = "hubCert.pem" ServerKeyFile = "hubKey.pem" ClientCertFile = "clientCert.pem" ClientKeyFile = "clientKey.pem" )
Standard client and server certificate filenames all stored in PEM format
const DefaultCertDurationDays = 365
const TempCertDurationDays = 1
Variables ¶
This section is empty.
Functions ¶
func CertDerToPEM ¶
Convert certificate DER encoding to PEM
derBytes is the output of x509.CreateCertificate
func CertFromPEM ¶
func CertFromPEM(certPEM string) (*x509.Certificate, error)
Convert a PEM certificate to x509 instance
func CreateCertificateBundle ¶
CreateCertificateBundle is a convenience function to create the Hub CA, server and (plugin) client certificates into the given folder. Intended for testing. This only creates missing certificates.
func CreateClientCert ¶
func CreateClientCert(clientID string, ou string, clientPubKeyPEM, caCertPEM string, caKeyPEM string, durationDays int) (certPEM string, err error)
CreateClientCert creates a client side Hub certificate for mutual authentication from client's public key The client role is intended to indicate authorization by role. It is stored in the certificate OrganizationalUnit. See RoleXxx in api
This generates a certificate using the client's public key in PEM format
clientID used as the CommonName ou of the client, stored as the OrganizationalUnit clientPubKeyPEM with the client's public key caCertPEM CA's certificate in PEM format. caKeyPEM CA's ECDSA key used in signing.
Returns the signed certificate or error
func CreateHubCA ¶
CreateHubCA creates WoST Hub Root CA certificate and private key for signing server certificates Source: https://shaneutt.com/blog/golang-ca-and-signed-cert-go/ This creates a CA certificate used for signing client and server certificates. CA is valid for 'caDurationYears'
temporary set to generate a temporary CA for one-off signing
func CreateHubCert ¶
func CreateHubCert(hosts string, hubPublicKeyPEM string, caCertPEM string, caKeyPEM string) (certPEM string, err error)
CreateHubCert creates Wost server certificate
hosts contains one or more DNS or IP addresses to add tot he certificate. Localhost is always added pubKey is the Hub public key in PEM format caCertPEM is the CA to sign the server certificate
returns the signed Hub certificate in PEM format
func LoadOrCreateCertKey ¶
func LoadOrCreateCertKey(certFolder string, keyFile string) (*ecdsa.PrivateKey, error)
LoadOrCreateCertKey is a helper to load a public/private key pair for certificate management If the keys don't exist, they are created.
certFolder location where key file is stored keyFile is the name of the key file, certsetup.ClientKeyFile, ServerKeyFile or CAKeyFile
Returns ECDSA private key
func SaveCertToPEM ¶
SaveCertToPEM saves the certificate in pem format to file in the certificate folder permissions will be 0644 Return error
Types ¶
This section is empty.