certutil

package
v0.0.0-...-bc49051 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 27, 2024 License: MIT Imports: 18 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	BlockTypeCertificate   = "CERTIFICATE"
	BlockTypeRSAPrivateKey = "RSA PRIVATE KEY"
)

BlockTypes

View Source 
const (
	DefaultCANotAfterYears     = 10
	DefaultClientNotAfterYears = 1
	DefaultServerNotAfterYears = 5
)

Not After defaults.

Variables

View Source 
var DefaultOptionsCertificateAuthority = CertOptions{
	Certificate: x509.Certificate{
		IsCA:                  true,
		KeyUsage:              x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature | x509.KeyUsageCertSign,
		BasicConstraintsValid: true,
	},
	NotAfterProvider: func() time.Time { return time.Now().UTC().AddDate(DefaultCANotAfterYears, 0, 0) },
}

DefaultOptionsCertificateAuthority are the default options for certificate authorities.

View Source 
var DefaultOptionsClient = CertOptions{
	Certificate: x509.Certificate{
		ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth},
		KeyUsage:    x509.KeyUsageDigitalSignature,
	},
	NotAfterProvider: func() time.Time { return time.Now().UTC().AddDate(DefaultClientNotAfterYears, 0, 0) },
}

DefaultOptionsClient are the default create cert options for client certificates.

View Source 
var DefaultOptionsServer = CertOptions{
	Certificate: x509.Certificate{
		ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth},
		KeyUsage:    x509.KeyUsageDigitalSignature,
	},
	NotAfterProvider: func() time.Time { return time.Now().UTC().AddDate(DefaultServerNotAfterYears, 0, 0) },
}

DefaultOptionsServer are the default create cert options for server certificates.

Functions

func JoinPEMs 

func JoinPEMs(pems ...string) string

JoinPEMs appends pem blocks together with newlines.

Each pem block will have `strings.TrimSpace()` called on it.

Usage note: you should add pems in the following order: - leaf - intermediate - root It's a little baffling, basically the other way around from what you'd thing probably.

func ResolveCertOptions 

func ResolveCertOptions(createOptions *CertOptions, options ...CertOption) error

ResolveCertOptions resolves the common create cert options.

Types

type CertBundle 

type CertBundle struct {
	PrivateKey      *rsa.PrivateKey
	PublicKey       *rsa.PublicKey
	Certificates    []x509.Certificate
	CertificateDERs [][]byte
}

CertBundle is the packet of information for a certificate.

func CreateCertificateAuthority 

func CreateCertificateAuthority(options ...CertOption) (*CertBundle, error)

CreateCertificateAuthority creates a ca cert bundle from a given set of options. The cert bundle can be used to generate client and server certificates.

func CreateClient 

func CreateClient(commonName string, ca *CertBundle, options ...CertOption) (*CertBundle, error)

CreateClient creates a client cert bundle associated with a given common name.

The CA must be passed in as a CertBundle.

Example: 

ca, err := certutil.NewCertBundle(certutil.KeyPairFromPaths("ca.crt", "ca.key"))
if err != nil {
	return err
}
client, err := CreateClient("foo.bar.com", ca)

func CreateServer 

func CreateServer(commonName string, ca *CertBundle, options ...CertOption) (*CertBundle, error)

CreateServer creates a ca cert bundle.

func NewCertBundle 

func NewCertBundle(keyPair KeyPair) (*CertBundle, error)

NewCertBundle returns a new cert bundle from a given key pair, which can denote the raw PEM encoded contents of the public and private key portions of the cert, or paths to files. The CertBundle itself is the parsed public key, private key, and individual certificates for the pair.

func (CertBundle) CertPEM 

func (cb CertBundle) CertPEM() ([]byte, error)

CertPEM returns the cert portion of the certificate DERs as a byte array.

func (CertBundle) CertPool 

func (cb CertBundle) CertPool() (*x509.CertPool, error)

CertPool returns the bundle as a cert pool.

func (CertBundle) CommonNames 

func (cb CertBundle) CommonNames() ([]string, error)

CommonNames returns the cert bundle common name(s).

func (*CertBundle) GenerateKeyPair 

func (cb *CertBundle) GenerateKeyPair() (output KeyPair, err error)

GenerateKeyPair returns a serialized key pair for the cert bundle.

func (CertBundle) KeyPEM 

func (cb CertBundle) KeyPEM() ([]byte, error)

KeyPEM returns the cert portion of the certificate DERs as a byte array.

func (*CertBundle) MustGenerateKeyPair 

func (cb *CertBundle) MustGenerateKeyPair() KeyPair

MustGenerateKeyPair returns a serialized version of the bundle as a key pair and panics if there is an error.

func (CertBundle) TLSConfig 

func (cb CertBundle) TLSConfig() (*tls.Config, error)

TLSConfig returns a tls.Config for this bundle as a server certificate.

func (*CertBundle) WithParent 

func (cb *CertBundle) WithParent(parent *CertBundle)

WithParent adds a parent certificate to the certificate chain. It is used typically to add the certificate authority.

func (CertBundle) WriteCertChainPem 

func (cb CertBundle) WriteCertChainPem(w io.Writer) error

WriteCertChainPem writes the public key portion of the cert to a given writer.

func (CertBundle) WriteCertPartialPem 

func (cb CertBundle) WriteCertPartialPem(w io.Writer) error

WriteCertPartialPem writes the public key portion of the cert to a given writer.

func (CertBundle) WriteCertPem 

func (cb CertBundle) WriteCertPem(w io.Writer) error

WriteCertPem writes the public key portion of the cert to a given writer.

func (CertBundle) WriteCertPemPath 

func (cb CertBundle) WriteCertPemPath(path string) error

WriteCertPemPath writes the public key portion of the cert to a given path.

func (CertBundle) WriteKeyPem 

func (cb CertBundle) WriteKeyPem(w io.Writer) error

WriteKeyPem writes the certificate key as a pem to a given writer.

func (CertBundle) WriteKeyPemPath 

func (cb CertBundle) WriteKeyPemPath(path string) error

WriteKeyPemPath writes the certificate key as a pem to a given path.

type CertOption 

type CertOption func(*CertOptions) error

CertOption is an option for creating certs.

func OptAddDNSNames 

func OptAddDNSNames(dnsNames ...string) CertOption

OptAddDNSNames adds valid dns names for the cert.

func OptDNSNames 

func OptDNSNames(dnsNames ...string) CertOption

OptDNSNames sets valid dns names for the cert.

func OptIPSANs 

func OptIPSANs(ipAddresses ...string) CertOption

OptIPSANs sets valid ip subject alternate names for the cert.

func OptIsCA 

func OptIsCA(isCA bool) CertOption

OptIsCA sets the is certificate authority flag.

func OptIssuerCommonName 

func OptIssuerCommonName(commonName string) CertOption

OptIssuerCommonName sets the subject common name.

func OptIssuerCountry 

func OptIssuerCountry(country ...string) CertOption

OptIssuerCountry sets the subject country names.

func OptIssuerLocality 

func OptIssuerLocality(locality ...string) CertOption

OptIssuerLocality sets the subject locality names.

func OptIssuerOrganization 

func OptIssuerOrganization(organization ...string) CertOption

OptIssuerOrganization sets the subject organization names.

func OptIssuerOrganizationalUnit 

func OptIssuerOrganizationalUnit(organizationalUnits ...string) CertOption

OptIssuerOrganization sets the subject organization names.

func OptIssuerProvince 

func OptIssuerProvince(province ...string) CertOption

OptIssuerProvince sets the subject province names.

func OptKeyUsage 

func OptKeyUsage(keyUsage x509.KeyUsage) CertOption

OptKeyUsage sets the key usage flags.

func OptNotAfter 

func OptNotAfter(notAfter time.Time) CertOption

OptNotAfter sets the not after time.

func OptNotBefore 

func OptNotBefore(notBefore time.Time) CertOption

OptNotBefore sets the not before time.

func OptPrivateKey 

func OptPrivateKey(privateKey *rsa.PrivateKey) CertOption

OptPrivateKey sets the private key to use when generating the certificate. If this option isn't provided, a new one is generated.

func OptPrivateKeyFromPath 

func OptPrivateKeyFromPath(path string) CertOption

OptPrivateKeyFromPath reads a private key from a given path and parses it as PKCS1PrivateKey.

func OptSerialNumber 

func OptSerialNumber(serialNumber *big.Int) CertOption

OptSerialNumber sets the serial number for the certificate. If this option isn't provided, a random one is generated.

func OptSubjectCommonName 

func OptSubjectCommonName(commonName string) CertOption

OptSubjectCommonName sets the subject common name.

func OptSubjectCountry 

func OptSubjectCountry(country ...string) CertOption

OptSubjectCountry sets the subject country names.

func OptSubjectKeyID 

func OptSubjectKeyID(keyID []byte) CertOption

OptSubjectKeyID sets the subject key id.

func OptSubjectLocality 

func OptSubjectLocality(locality ...string) CertOption

OptSubjectLocality sets the subject locality names.

func OptSubjectOrganization 

func OptSubjectOrganization(organization ...string) CertOption

OptSubjectOrganization sets the subject organization names.

func OptSubjectOrganizationalUnit 

func OptSubjectOrganizationalUnit(organizationalUnits ...string) CertOption

OptSubjectOrganizationalUnit sets the subject organization names.

func OptSubjectProvince 

func OptSubjectProvince(province ...string) CertOption

OptSubjectProvince sets the subject province names.

type CertOptions 

type CertOptions struct {
	x509.Certificate
	PrivateKey        *rsa.PrivateKey
	NotBeforeProvider func() time.Time
	NotAfterProvider  func() time.Time
}

CertOptions are required arguments when creating certificates.

type KeyPair 

type KeyPair struct {
	Cert       string `json:"cert,omitempty" yaml:"cert,omitempty"`
	CertBase64 string `json:"certBase64,omitempty" yaml:"certBase64,omitempty"`
	CertPath   string `json:"certPath,omitempty" yaml:"certPath,omitempty"`
	Key        string `json:"key,omitempty" yaml:"key,omitempty"`
	KeyBase64  string `json:"keyBase64,omitempty" yaml:"keyBase64,omitempty"`
	KeyPath    string `json:"keyPath,omitempty" yaml:"keyPath,omitempty"`
}

KeyPair is an x509 pem key pair as strings.

func NewKeyPairFromPaths 

func NewKeyPairFromPaths(certPath, keyPath string) KeyPair

NewKeyPairFromPaths returns a key pair from paths.

func (KeyPair) CertBytes 

func (kp KeyPair) CertBytes() ([]byte, error)

CertBytes returns the key pair cert bytes.

func (KeyPair) IsCertPath 

func (kp KeyPair) IsCertPath() bool

IsCertPath returns if the keypair cert is a path.

func (KeyPair) IsKeyPath 

func (kp KeyPair) IsKeyPath() bool

IsKeyPath returns if the keypair key is a path.

func (KeyPair) IsZero 

func (kp KeyPair) IsZero() bool

IsZero returns if the key pair is set or not.

func (KeyPair) KeyBytes 

func (kp KeyPair) KeyBytes() ([]byte, error)

KeyBytes returns the key pair key bytes.

func (KeyPair) String 

func (kp KeyPair) String() (output string)

String returns a string representation of the key pair.

func (KeyPair) TLSCertificate 

func (kp KeyPair) TLSCertificate() (cert tls.Certificate, err error)

TLSCertificate returns the KeyPair as a tls.Certificate.

func (KeyPair) TLSCertificateWithLeaf 

func (kp KeyPair) TLSCertificateWithLeaf() (cert tls.Certificate, err error)

TLSCertificateWithLeaf returns the KeyPair as a tls.Certificate.

func (KeyPair) TLSConfig 

func (kp KeyPair) TLSConfig() (*tls.Config, error)

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.