Documentation ¶
Index ¶
- Constants
- Variables
- func AlgorithmToString(a Algorithm) string
- func ParsePublicEcdsa(c interface{}) (p *ecdsa.PublicKey, err error)
- func ParsePublicRsa(c interface{}) (p *rsa.PublicKey, err error)
- func ParseX509(b []byte) (crt *x509.Certificate, err error)
- func ValidateCommonName(cn string) error
- func ValidateCountry(c string) error
- func ValidateIPAddress(ip []net.IP) (err error)
- func ValidateLocality(l string) error
- func ValidateOrganization(o string) error
- func ValidateOrganizationalUnit(ou string) error
- func ValidateSerialNumber(sn *big.Int) error
- func ValidateState(s string) error
- func ValidateSubjectAltName(san []string) (err error)
- func ValidateTime(t time.Time) (err error)
- type Algorithm
- type Block
- type Certificate
- func (c *Certificate) CopyPropertiesTo(dst *Certificate, copyUnexported bool)
- func (c *Certificate) CreateEcdsaPrivateKey(curve Curve) (err error)
- func (c *Certificate) CreateEd25519PrivateKey() (err error)
- func (c *Certificate) CreatePrivateKey(keyType string) (err error)
- func (c *Certificate) CreateRsaPrivateKey(size RsaSize) (err error)
- func (c *Certificate) DecryptPrivateKey(pass []byte) (err error)
- func (c *Certificate) Ecdsa() *ecdsa.PrivateKey
- func (c *Certificate) EcdsaPublicKey() (key *ecdsa.PublicKey)
- func (c *Certificate) EcdsaToPem() (p *pem.Block, err error)
- func (c *Certificate) Ed25519() *ed25519.PrivateKey
- func (c *Certificate) Ed25519PublicCryptoKey() (key crypto.PublicKey)
- func (c *Certificate) Ed25519PublicKey() (key *ed25519.PublicKey, err error)
- func (c *Certificate) Ed25519ToPem() (p *pem.Block, err error)
- func (c *Certificate) EnableAutoRelease() *Certificate
- func (c *Certificate) EncryptPrivateKey(pass []byte) (err error)
- func (c *Certificate) GetPrivateKey() Block
- func (c *Certificate) IsUnsafe() bool
- func (c *Certificate) LoadPrivateKey() (err error)
- func (c *Certificate) ParseX509() (crt *x509.Certificate, err error)
- func (c *Certificate) PrivateKeyBlock() (blk pem.Block, err error)
- func (c *Certificate) Release()
- func (c *Certificate) Renew(opts *Options, sc *Certificate) (renewed *Certificate, err error)
- func (c *Certificate) Rsa() *rsa.PrivateKey
- func (c *Certificate) RsaPublicKey() (key *rsa.PublicKey)
- func (c *Certificate) RsaToPem() (p *pem.Block, err error)
- func (c *Certificate) SetUnsafePrivateKey() (err error)
- func (c *Certificate) SignSelf() (err error)
- func (c *Certificate) SignWith(sc *Certificate) (err error)
- func (c *Certificate) ValidateTemplate() (err error)
- type Curve
- type Expiration
- type Options
- type RsaSize
Constants ¶
const ( CertificateKey = "CERTIFICATE" PrivateKeyKey = "PRIVATE KEY" EcPrivateKeyKey = "EC PRIVATE KEY" RsaPrivateKeyKey = "RSA PRIVATE KEY" // MaxSANLen is not an actual RFC5280 constraint, 4096 should suffice. MaxSANLen = 4096 MaxDomainSliceLen = 20 // MaxIPSliceLen is not an actual RFC5280 constraint, 20 should suffice. MaxIPSliceLen = 20 // MaxIPLen can contain either an IPv4 or IPv6 address. MaxIPLen = 39 RFC5280SerialNumberLen = 64 RFC5280CommonNameLen = 64 RFC5280CountryLen = 2 RFC5280OrganizationLen = 64 RFC5280OrganizationalUnitLen = 64 RFC5280StateLen = 128 RFC5280LocalityLen = 128 )
Variables ¶
var ( ErrNoSuchAlgorithm = errors.New("no such algorithm implemented") ErrCipherMsgAuthFailed = errors.New("message authentication failed") )
Functions ¶
func AlgorithmToString ¶
func ParsePublicEcdsa ¶
func ParsePublicRsa ¶
func ValidateCommonName ¶
func ValidateCountry ¶
func ValidateIPAddress ¶
func ValidateLocality ¶
func ValidateOrganization ¶
func ValidateSerialNumber ¶
func ValidateState ¶
func ValidateSubjectAltName ¶
func ValidateTime ¶
Types ¶
type Certificate ¶
type Certificate struct { ID uint64 // Name is the user specified name for this certificate. Name string // PublicKey is the public certificate in DER format. PublicKey []byte // PrivateKey is the private key of this Certificate and may be encrypted. PrivateKey []byte // Algorithm is the used private key algorithm. Algorithm Algorithm // SignerID is the ID of the signing Certificate. SignerID uint64 // IsCA indicates whether the certificate is a certificate authority or not. IsCA bool Iterations uint Nonce []byte Salt []byte // contains filtered or unexported fields }
func New ¶
func New(opts *Options) (c *Certificate, err error)
New creates a new RFC5280 compliant Certificate. The returned c is validated via Certificate.ValidateTemplate.
func NewWithIdentifier ¶
func NewWithIdentifier(id uint64, name string, opts *Options) (c *Certificate, err error)
NewWithIdentifier is like New but assigns the given name and id as well. The returned c is validated via Certificate.ValidateTemplate.
func (*Certificate) CopyPropertiesTo ¶
func (c *Certificate) CopyPropertiesTo(dst *Certificate, copyUnexported bool)
func (*Certificate) CreateEcdsaPrivateKey ¶
func (c *Certificate) CreateEcdsaPrivateKey(curve Curve) (err error)
CreateEcdsaPrivateKey creates an ECDSA private key.
func (*Certificate) CreateEd25519PrivateKey ¶
func (c *Certificate) CreateEd25519PrivateKey() (err error)
CreateEd25519PrivateKey creates an ED25519 private key.
func (*Certificate) CreatePrivateKey ¶
func (c *Certificate) CreatePrivateKey(keyType string) (err error)
CreatePrivateKey generates a private key for the certificate from keyType. The keyType is built via the syntax {{Algorithm}}.{{Option}}. The option can be omitted if the type does not have any option. Examples: RSA.4096, ECDSA.P521, ED25519.
func (*Certificate) CreateRsaPrivateKey ¶
func (c *Certificate) CreateRsaPrivateKey(size RsaSize) (err error)
CreateRsaPrivateKey creates an RSA private key.
func (*Certificate) DecryptPrivateKey ¶
func (c *Certificate) DecryptPrivateKey(pass []byte) (err error)
DecryptPrivateKey decrypts the private key.
func (*Certificate) Ecdsa ¶
func (c *Certificate) Ecdsa() *ecdsa.PrivateKey
func (*Certificate) EcdsaPublicKey ¶
func (c *Certificate) EcdsaPublicKey() (key *ecdsa.PublicKey)
EcdsaPublicKey returns the ecdsa.PublicKey of the Certificate.
func (*Certificate) EcdsaToPem ¶
func (c *Certificate) EcdsaToPem() (p *pem.Block, err error)
func (*Certificate) Ed25519 ¶
func (c *Certificate) Ed25519() *ed25519.PrivateKey
func (*Certificate) Ed25519PublicCryptoKey ¶
func (c *Certificate) Ed25519PublicCryptoKey() (key crypto.PublicKey)
Ed25519PublicCryptoKey returns the uncasted crypto.PublicKey of the Certificate.
func (*Certificate) Ed25519PublicKey ¶
func (c *Certificate) Ed25519PublicKey() (key *ed25519.PublicKey, err error)
Ed25519PublicKey returns the ed25519.PublicKey of the Certificate.
func (*Certificate) Ed25519ToPem ¶
func (c *Certificate) Ed25519ToPem() (p *pem.Block, err error)
func (*Certificate) EnableAutoRelease ¶
func (c *Certificate) EnableAutoRelease() *Certificate
EnableAutoRelease raises Certificate.Release automatically after calling Certificate.EncryptPrivateKey or Certificate.SetUnsafePrivateKey.
func (*Certificate) EncryptPrivateKey ¶
func (c *Certificate) EncryptPrivateKey(pass []byte) (err error)
EncryptPrivateKey encrypts the private key with the given pass.
func (*Certificate) GetPrivateKey ¶
func (c *Certificate) GetPrivateKey() Block
GetPrivateKey gets the private key. The returned Block contains any of the available private key forms (rsa, ...). Note that the private key might be encrypted.
func (*Certificate) IsUnsafe ¶
func (c *Certificate) IsUnsafe() bool
func (*Certificate) LoadPrivateKey ¶
func (c *Certificate) LoadPrivateKey() (err error)
LoadPrivateKey loads the private key. Note that the private key might be encrypted. Get the key via *Certificate.GetPrivateKey or *Certificate.PrivateKey.
func (*Certificate) ParseX509 ¶
func (c *Certificate) ParseX509() (crt *x509.Certificate, err error)
func (*Certificate) PrivateKeyBlock ¶
func (c *Certificate) PrivateKeyBlock() (blk pem.Block, err error)
PrivateKeyBlock returns the private key as a pem.Block.
func (*Certificate) Release ¶
func (c *Certificate) Release()
Release releases private key data. After calling, the private key needs to be loaded / decrypted again.
func (*Certificate) Renew ¶
func (c *Certificate) Renew(opts *Options, sc *Certificate) (renewed *Certificate, err error)
Renew renews the Certificate with the provided options. The caller must ensure, that the private key of sc is decrypted.
func (*Certificate) Rsa ¶
func (c *Certificate) Rsa() *rsa.PrivateKey
func (*Certificate) RsaPublicKey ¶
func (c *Certificate) RsaPublicKey() (key *rsa.PublicKey)
RsaPublicKey returns the rsa.PublicKey of the Certificate.
func (*Certificate) SetUnsafePrivateKey ¶
func (c *Certificate) SetUnsafePrivateKey() (err error)
SetUnsafePrivateKey sets the private key without encrypting it.
func (*Certificate) SignSelf ¶
func (c *Certificate) SignSelf() (err error)
SignSelf signs the certificate itself.
func (*Certificate) SignWith ¶
func (c *Certificate) SignWith(sc *Certificate) (err error)
SignWith signs the certificate with the given *Certificate.
func (*Certificate) ValidateTemplate ¶
func (c *Certificate) ValidateTemplate() (err error)
ValidateTemplate validates the certificate's template via RFC5280. Source: https://www.ietf.org/rfc/rfc5280.txt.
type Expiration ¶
type Options ¶
type Options struct { CommonName string `json:"CommonName"` Organization string `json:"Organization"` OrganizationalUnit string `json:"OrganizationalUnit"` Country string `json:"Country"` State string `json:"State"` Locality string `json:"Locality"` DNSNames []string `json:"DNSNames"` IPAddresses []string `json:"IPAddresses"` IsCA bool `json:"IsCA"` Expiration }
func ParseCertificateOptions ¶
func ParseCertificateOptions(crt *x509.Certificate) (opts *Options, err error)