cert

package

v0.2.0 Latest Latest Go to latest Published: Mar 28, 2024 License: Apache-2.0 Imports: 18 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/zoumo/golib

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
func NewCSR(cfg Config, key crypto.Signer) (*x509.CertificateRequest, error)
func NewECPrivateKey(curve EllipticCurve) (*ecdsa.PrivateKey, error)
func NewRSAPrivateKey() (*rsa.PrivateKey, error)
func NewSelfSignedCACert(cfg Config, key crypto.Signer) (*x509.Certificate, error)
func NewSelfSignedCert(cfg Config, key crypto.Signer) (*x509.Certificate, error)
func NewSignedCert(cfg Config, key crypto.Signer, caKey crypto.Signer, caCert *x509.Certificate) (*x509.Certificate, error)
func ParseCertPEM(pemBytes []byte) (*x509.Certificate, error)
func ParseCertsPEM(pemBytes []byte) ([]*x509.Certificate, error)
func ParsePrivateKeyPEM(pemBytes []byte) (crypto.Signer, error)
type AltNames
type Config
type EllipticCurve
type PEMBlock
type PkixName
type TLSCertificate

Constants ¶

View Source

const (
	// CertificatePEMBlockType is a possible value for pem.Block.Type.
	CertificatePEMBlockType = "CERTIFICATE"
	// CertificateRequestPEMBlockType is a possible value for pem.Block.Type.
	CertificateRequestPEMBlockType = "CERTIFICATE REQUEST"
	// RASPrivateKeyPEMBlockType is a possible value for pem.Block.Type.
	RASPrivateKeyPEMBlockType = "RSA PRIVATE KEY"
	// ECPrivateKeyPEMBlockType is a possible value for pem.Block.Type.
	ECPrivateKeyPEMBlockType = "EC PRIVATE KEY"
	// PrivateKeyBlockType is a possible value for pem.Block.Type.
	PrivateKeyPEMBlockType = "PRIVATE KEY"
)

Variables ¶

This section is empty.

Functions ¶

func NewCSR ¶ added in v0.2.0

func NewCSR(cfg Config, key crypto.Signer) (*x509.CertificateRequest, error)

NewCSR returns a new x509 certificate request

func NewECPrivateKey ¶ added in v0.2.0

func NewECPrivateKey(curve EllipticCurve) (*ecdsa.PrivateKey, error)

NewECPrivateKey create a new ECDSA provate key by curve

func NewRSAPrivateKey ¶

func NewRSAPrivateKey() (*rsa.PrivateKey, error)

NewRSAPrivateKey creates a new RSA private key

func NewSelfSignedCACert ¶

func NewSelfSignedCACert(cfg Config, key crypto.Signer) (*x509.Certificate, error)

NewSelfSignedCACert returns a new self-signed CA x509 certificate

func NewSelfSignedCert ¶ added in v0.2.0

func NewSelfSignedCert(cfg Config, key crypto.Signer) (*x509.Certificate, error)

NewSelfSignedCert returns a new self-signed x509 certificate

func NewSignedCert ¶

func NewSignedCert(cfg Config, key crypto.Signer, caKey crypto.Signer, caCert *x509.Certificate) (*x509.Certificate, error)

NewSignedCert returns a new certificate signed by given ca key and certificate

func ParseCertPEM ¶

func ParseCertPEM(pemBytes []byte) (*x509.Certificate, error)

ParseCertPEM decode first valid certificate pem blocks to x509 certificate

func ParseCertsPEM ¶

func ParseCertsPEM(pemBytes []byte) ([]*x509.Certificate, error)

ParseCertsPEM decode all valid certificate pem blocks to x509 certificates

func ParsePrivateKeyPEM ¶

func ParsePrivateKeyPEM(pemBytes []byte) (crypto.Signer, error)

ParsePrivateKeyPEM find and decode the first valid private key pem block, then convert it to crypto.PrivateKey(maybe rsa.PrivateKey or ecdsa.PrivateKey)

Types ¶

type AltNames ¶ added in v0.2.0

type AltNames struct {
	DNSNames []string
	IPs      []net.IP
}

AltNames contains the domain names and IP addresses that will be added to the API Server's x509 certificate SubAltNames field. The values will be passed directly to the x509.Certificate object.

type Config ¶ added in v0.2.0

type Config struct {
	CommonName   string
	Organization []string
	AltNames     AltNames
	Usages       []x509.ExtKeyUsage
}

Config contains various common Config for creating a certificate

type EllipticCurve ¶ added in v0.2.0

type EllipticCurve string

const (
	CurveP224 EllipticCurve = "P224"
	CurveP256 EllipticCurve = "P256"
	CurveP384 EllipticCurve = "P384"
	CurveP521 EllipticCurve = "P521"
)

type PEMBlock ¶

type PEMBlock struct {
	*pem.Block
	// contains filtered or unexported fields
}

PEMBlock contains the raw bytes and a block of pem

func DecodeFirstPEM ¶ added in v0.2.0

func DecodeFirstPEM(pemBytes []byte) *PEMBlock

DecodeFirstPEM find valid pem block in bytes and decode the first block.

func DecodePEMs ¶ added in v0.2.0

func DecodePEMs(pemBytes []byte) []*PEMBlock

DecodePEMs decode input pem bytes to pem blocks.

func DecryptPrivateKeyBytes ¶

func DecryptPrivateKeyBytes(keyPEMBlock []byte, passwd string) (*PEMBlock, error)

DecryptPrivateKeyBytes takes a password encrypted PEM block and the password used to encrypt it and returns a slice of decrypted DER encoded bytes. It inspects the DEK-Info header to determine the algorithm used for decryption. If no DEK-Info header is present, an error is returned. If an incorrect password is detected an IncorrectPasswordError is returned. Because of deficiencies in the encrypted-PEM format, it's not always possible to detect an incorrect password. In these cases no error will be returned but the decrypted DER bytes will be random noise.

func DecryptPrivateKeyFile ¶

func DecryptPrivateKeyFile(keyFile, passwd string) (*PEMBlock, error)

DecryptPrivateKeyFile takes a password encrypted key file and the password

used to encrypt it and returns a slice of decrypted DER encoded bytes.

func MarshalCSRToPEM ¶ added in v0.2.0

func MarshalCSRToPEM(csr *x509.CertificateRequest) *PEMBlock

MarshalCSRToPEM returns a pemBlock for certificate request

func MarshalCertToPEM ¶ added in v0.2.0

func MarshalCertToPEM(crt *x509.Certificate) *PEMBlock

MarshalCertToPEM returns a pemBlock for x509 certificate

func MarshalECPrivateKeyToPEM ¶ added in v0.2.0

func MarshalECPrivateKeyToPEM(key *ecdsa.PrivateKey) (*PEMBlock, error)

MarshalECPrivateKeyToPEM converts an EC private key to SEC 1, ASN.1 DER form.

func MarshalPrivateKeyToPEM ¶ added in v0.2.0

func MarshalPrivateKeyToPEM(key crypto.Signer) (*PEMBlock, error)

MarshalPrivateKeyToPEM converts the private key to PEM block.

func MarshalRSAPrivateKeyToPEM ¶ added in v0.2.0

func MarshalRSAPrivateKeyToPEM(key *rsa.PrivateKey) *PEMBlock

MarshalRSAPrivateKeyToPEM converts an RSA private key to PKCS #1, ASN.1 DER form.

func NewPEMBlock ¶ added in v0.2.0

func NewPEMBlock(b *pem.Block) *PEMBlock

NewPEMBlock creates a new PEM struct from pem.Block

func (*PEMBlock) EncodeToMemory ¶

func (p *PEMBlock) EncodeToMemory() []byte

EncodeToMemory returns the PEM encoding bytes of p.

If b has invalid headers and cannot be encoded, EncodeToMemory returns nil. If it is important to report details about this error case, use Encode instead.

func (*PEMBlock) WriteFile ¶

func (p *PEMBlock) WriteFile(f string) error

WriteFile writes the PEM encoding to a file

func (*PEMBlock) WriteTo ¶ added in v0.2.0

func (p *PEMBlock) WriteTo(out io.Writer) (int64, error)

WriteTo writes the PEM encoding of block to out.

type PkixName ¶

type PkixName struct {
	Organization []string `json:"organization,omitempty"`
	// CommonName
	CommonName string `json:"commonName,omitempty"`
}

PkixName represents an X.509 distinguished name. This only includes the common elements of a DN. When parsing, all elements are stored in Names and non-standard elements can be extracted from there. When marshaling, elements in ExtraNames are appended and override other values with the same OID.

type TLSCertificate ¶

type TLSCertificate struct {
	// certificate is not valid before this time
	NotBefore time.Time `json:"notBefore,omitempty"`
	// certificate is not valid after this time
	NotAfter time.Time `json:"notAfter,omitempty"`
	// Issuer information extracted from X.509 cert
	Issuer PkixName `json:"issuer,omitempty"`
	// Subject information extracted from X.509 cert
	Subject PkixName `json:"subject,omitempty"`

	// Subject Alternate Name values
	DNSNames    []string `json:"dnsNames,omitempty"`
	IPAddresses []net.IP `json:"ipAddresses,omitempty"`

	Cert     tls.Certificate   `json:"-"`
	X509Cert *x509.Certificate `json:"-"`
}

TLSCertificate represents the external cert api secret for https

func LoadX509KeyPair ¶

func LoadX509KeyPair(certFile, keyFile string) (*TLSCertificate, error)

LoadX509KeyPair reads and parses a public/private key pair from a pair of files. The files must contain PEM encoded data.

func LoadX509KeyPairWithPassword ¶

func LoadX509KeyPairWithPassword(certFile, keyFile, passwd string) (*TLSCertificate, error)

LoadX509KeyPairWithPassword parses a encryption public/private key pair from a pair of PEM encoded data.

func X509KeyPair ¶

func X509KeyPair(certPEMBlock, keyPEMBlock []byte) (*TLSCertificate, error)

X509KeyPair parses a public/private key pair from a pair of PEM encoded data.

func X509KeyPairWithPassword ¶

func X509KeyPairWithPassword(certPEMBlock, keyPEMBlock []byte, passwd string) (*TLSCertificate, error)

X509KeyPairWithPassword parses a public/private key pair from a pair of PEM encoded data.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL