Documentation ¶
Index ¶
- Constants
- func NewCSR(cfg Config, key crypto.Signer) (*x509.CertificateRequest, error)
- func NewECPrivateKey(curve EllipticCurve) (*ecdsa.PrivateKey, error)
- func NewRSAPrivateKey() (*rsa.PrivateKey, error)
- func NewSelfSignedCACert(cfg Config, key crypto.Signer) (*x509.Certificate, error)
- func NewSelfSignedCert(cfg Config, key crypto.Signer) (*x509.Certificate, error)
- func NewSignedCert(cfg Config, key crypto.Signer, caKey crypto.Signer, caCert *x509.Certificate) (*x509.Certificate, error)
- func ParseCertPEM(pemBytes []byte) (*x509.Certificate, error)
- func ParseCertsPEM(pemBytes []byte) ([]*x509.Certificate, error)
- func ParsePrivateKeyPEM(pemBytes []byte) (crypto.Signer, error)
- type AltNames
- type Config
- type EllipticCurve
- type PEMBlock
- func DecodeFirstPEM(pemBytes []byte) *PEMBlock
- func DecodePEMs(pemBytes []byte) []*PEMBlock
- func DecryptPrivateKeyBytes(keyPEMBlock []byte, passwd string) (*PEMBlock, error)
- func DecryptPrivateKeyFile(keyFile, passwd string) (*PEMBlock, error)
- func MarshalCSRToPEM(csr *x509.CertificateRequest) *PEMBlock
- func MarshalCertToPEM(crt *x509.Certificate) *PEMBlock
- func MarshalECPrivateKeyToPEM(key *ecdsa.PrivateKey) (*PEMBlock, error)
- func MarshalPrivateKeyToPEM(key crypto.Signer) (*PEMBlock, error)
- func MarshalRSAPrivateKeyToPEM(key *rsa.PrivateKey) *PEMBlock
- func NewPEMBlock(b *pem.Block) *PEMBlock
- type PkixName
- type TLSCertificate
- func LoadX509KeyPair(certFile, keyFile string) (*TLSCertificate, error)
- func LoadX509KeyPairWithPassword(certFile, keyFile, passwd string) (*TLSCertificate, error)
- func X509KeyPair(certPEMBlock, keyPEMBlock []byte) (*TLSCertificate, error)
- func X509KeyPairWithPassword(certPEMBlock, keyPEMBlock []byte, passwd string) (*TLSCertificate, error)
Constants ¶
const ( // CertificatePEMBlockType is a possible value for pem.Block.Type. CertificatePEMBlockType = "CERTIFICATE" // CertificateRequestPEMBlockType is a possible value for pem.Block.Type. CertificateRequestPEMBlockType = "CERTIFICATE REQUEST" // RASPrivateKeyPEMBlockType is a possible value for pem.Block.Type. RASPrivateKeyPEMBlockType = "RSA PRIVATE KEY" // ECPrivateKeyPEMBlockType is a possible value for pem.Block.Type. ECPrivateKeyPEMBlockType = "EC PRIVATE KEY" // PrivateKeyBlockType is a possible value for pem.Block.Type. PrivateKeyPEMBlockType = "PRIVATE KEY" )
Variables ¶
This section is empty.
Functions ¶
func NewECPrivateKey ¶ added in v0.2.0
func NewECPrivateKey(curve EllipticCurve) (*ecdsa.PrivateKey, error)
NewECPrivateKey create a new ECDSA provate key by curve
func NewRSAPrivateKey ¶
func NewRSAPrivateKey() (*rsa.PrivateKey, error)
NewRSAPrivateKey creates a new RSA private key
func NewSelfSignedCACert ¶
NewSelfSignedCACert returns a new self-signed CA x509 certificate
func NewSelfSignedCert ¶ added in v0.2.0
NewSelfSignedCert returns a new self-signed x509 certificate
func NewSignedCert ¶
func NewSignedCert(cfg Config, key crypto.Signer, caKey crypto.Signer, caCert *x509.Certificate) (*x509.Certificate, error)
NewSignedCert returns a new certificate signed by given ca key and certificate
func ParseCertPEM ¶
func ParseCertPEM(pemBytes []byte) (*x509.Certificate, error)
ParseCertPEM decode first valid certificate pem blocks to x509 certificate
func ParseCertsPEM ¶
func ParseCertsPEM(pemBytes []byte) ([]*x509.Certificate, error)
ParseCertsPEM decode all valid certificate pem blocks to x509 certificates
Types ¶
type AltNames ¶ added in v0.2.0
AltNames contains the domain names and IP addresses that will be added to the API Server's x509 certificate SubAltNames field. The values will be passed directly to the x509.Certificate object.
type Config ¶ added in v0.2.0
type Config struct { CommonName string Organization []string AltNames AltNames Usages []x509.ExtKeyUsage }
Config contains various common Config for creating a certificate
type EllipticCurve ¶ added in v0.2.0
type EllipticCurve string
const ( CurveP224 EllipticCurve = "P224" CurveP256 EllipticCurve = "P256" CurveP384 EllipticCurve = "P384" CurveP521 EllipticCurve = "P521" )
type PEMBlock ¶
PEMBlock contains the raw bytes and a block of pem
func DecodeFirstPEM ¶ added in v0.2.0
DecodeFirstPEM find valid pem block in bytes and decode the first block.
func DecodePEMs ¶ added in v0.2.0
DecodePEMs decode input pem bytes to pem blocks.
func DecryptPrivateKeyBytes ¶
DecryptPrivateKeyBytes takes a password encrypted PEM block and the password used to encrypt it and returns a slice of decrypted DER encoded bytes. It inspects the DEK-Info header to determine the algorithm used for decryption. If no DEK-Info header is present, an error is returned. If an incorrect password is detected an IncorrectPasswordError is returned. Because of deficiencies in the encrypted-PEM format, it's not always possible to detect an incorrect password. In these cases no error will be returned but the decrypted DER bytes will be random noise.
func DecryptPrivateKeyFile ¶
DecryptPrivateKeyFile takes a password encrypted key file and the password
used to encrypt it and returns a slice of decrypted DER encoded bytes.
func MarshalCSRToPEM ¶ added in v0.2.0
func MarshalCSRToPEM(csr *x509.CertificateRequest) *PEMBlock
MarshalCSRToPEM returns a pemBlock for certificate request
func MarshalCertToPEM ¶ added in v0.2.0
func MarshalCertToPEM(crt *x509.Certificate) *PEMBlock
MarshalCertToPEM returns a pemBlock for x509 certificate
func MarshalECPrivateKeyToPEM ¶ added in v0.2.0
func MarshalECPrivateKeyToPEM(key *ecdsa.PrivateKey) (*PEMBlock, error)
MarshalECPrivateKeyToPEM converts an EC private key to SEC 1, ASN.1 DER form.
func MarshalPrivateKeyToPEM ¶ added in v0.2.0
MarshalPrivateKeyToPEM converts the private key to PEM block.
func MarshalRSAPrivateKeyToPEM ¶ added in v0.2.0
func MarshalRSAPrivateKeyToPEM(key *rsa.PrivateKey) *PEMBlock
MarshalRSAPrivateKeyToPEM converts an RSA private key to PKCS #1, ASN.1 DER form.
func NewPEMBlock ¶ added in v0.2.0
NewPEMBlock creates a new PEM struct from pem.Block
func (*PEMBlock) EncodeToMemory ¶
EncodeToMemory returns the PEM encoding bytes of p.
If b has invalid headers and cannot be encoded, EncodeToMemory returns nil. If it is important to report details about this error case, use Encode instead.
type PkixName ¶
type PkixName struct { Organization []string `json:"organization,omitempty"` // CommonName CommonName string `json:"commonName,omitempty"` }
PkixName represents an X.509 distinguished name. This only includes the common elements of a DN. When parsing, all elements are stored in Names and non-standard elements can be extracted from there. When marshaling, elements in ExtraNames are appended and override other values with the same OID.
type TLSCertificate ¶
type TLSCertificate struct { // certificate is not valid before this time NotBefore time.Time `json:"notBefore,omitempty"` // certificate is not valid after this time NotAfter time.Time `json:"notAfter,omitempty"` // Issuer information extracted from X.509 cert Issuer PkixName `json:"issuer,omitempty"` // Subject information extracted from X.509 cert Subject PkixName `json:"subject,omitempty"` // Subject Alternate Name values DNSNames []string `json:"dnsNames,omitempty"` IPAddresses []net.IP `json:"ipAddresses,omitempty"` Cert tls.Certificate `json:"-"` X509Cert *x509.Certificate `json:"-"` }
TLSCertificate represents the external cert api secret for https
func LoadX509KeyPair ¶
func LoadX509KeyPair(certFile, keyFile string) (*TLSCertificate, error)
LoadX509KeyPair reads and parses a public/private key pair from a pair of files. The files must contain PEM encoded data.
func LoadX509KeyPairWithPassword ¶
func LoadX509KeyPairWithPassword(certFile, keyFile, passwd string) (*TLSCertificate, error)
LoadX509KeyPairWithPassword parses a encryption public/private key pair from a pair of PEM encoded data.
func X509KeyPair ¶
func X509KeyPair(certPEMBlock, keyPEMBlock []byte) (*TLSCertificate, error)
X509KeyPair parses a public/private key pair from a pair of PEM encoded data.
func X509KeyPairWithPassword ¶
func X509KeyPairWithPassword(certPEMBlock, keyPEMBlock []byte, passwd string) (*TLSCertificate, error)
X509KeyPairWithPassword parses a public/private key pair from a pair of PEM encoded data.