Documentation ¶
Overview ¶
Package certtest can be used to build a PKI for test purposes. The certificates generated by this package should not be used for production or other sensitive traffic.
Index ¶
- type Authority
- func (a *Authority) BuildSignedCertificate(name string, options ...SignOption) (*Certificate, error)
- func (a *Authority) BuildSignedCertificateWithExpiry(name string, expiry time.Time, options ...SignOption) (*Certificate, error)deprecated
- func (a *Authority) CertPool() (*x509.CertPool, error)
- func (a *Authority) Certificate() (*x509.Certificate, error)
- func (a *Authority) CertificatePEM() ([]byte, error)
- type Certificate
- type SignOption
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Authority ¶
type Authority struct {
// contains filtered or unexported fields
}
Authority represents a Certificate Authority. It should not be used for anything except ephemeral test usage.
func BuildCA ¶
BuildCA creates a new test Certificate Authority. The name argument can be used to distinguish between multiple authorities.
func (*Authority) BuildSignedCertificate ¶
func (a *Authority) BuildSignedCertificate(name string, options ...SignOption) (*Certificate, error)
BuildSignedCertificateWithExpiry creates a new signed certificate which is valid for `localhost` and `127.0.0.1` by default with the expiry a year from now. This can be changed by passing in the various options. The certificates it creates should only be used ephemerally in tests.
func (*Authority) BuildSignedCertificateWithExpiry
deprecated
func (a *Authority) BuildSignedCertificateWithExpiry(name string, expiry time.Time, options ...SignOption) (*Certificate, error)
BuildSignedCertificateWithExpiry creates a new signed certificate which is valid for `localhost` and `127.0.0.1` by default. This can be changed by passing in the various options. The certificates it creates should only be used ephemerally in tests.
Deprecated: Use BuildSignedCertificate with the WithExpiry(...) option.
func (*Authority) CertPool ¶
CertPool returns a certificate pool which is pre-populated with the Certificate Authority.
func (*Authority) Certificate ¶
func (a *Authority) Certificate() (*x509.Certificate, error)
Certificate resunts the authority's certificate.
func (*Authority) CertificatePEM ¶
CertificatePEM returns the authorities certificate as a PEM encoded bytes.
type Certificate ¶
type Certificate struct {
// contains filtered or unexported fields
}
Certificate represents a Certificate which has been signed by a Certificate Authority.
func (*Certificate) CertificatePEMAndPrivateKey ¶
func (c *Certificate) CertificatePEMAndPrivateKey() ([]byte, []byte, error)
CertificatePEMAndPrivateKey returns the certificate as a PEM encoded bytes and the private key bytes.
func (*Certificate) TLSCertificate ¶
func (c *Certificate) TLSCertificate() (tls.Certificate, error)
TLSCertificate returns the certificate as Go standard library tls.Certificate.
type SignOption ¶
type SignOption func(*signOptions)
SignOption is used to alter the signed certificate parameters.
func WithDomains ¶
func WithDomains(domains ...string) SignOption
WithDomains adds the passed domains to be valid for the requested certificate.
func WithExpiry ¶
func WithExpiry(expiry time.Time) SignOption
WithExpiry alters the expiry time of the requested certificate. It must be earlier than the expiry time of the associated CA.
func WithIPs ¶
func WithIPs(ips ...net.IP) SignOption
WithIPs adds the passed IPs to be valid for the requested certificate.