import "github.com/banzaicloud/bank-vaults/pkg/sdk/tls"
tls.go tls_client.go tls_peer.go tls_server.go
var InvalidHostNameError = errors.New("invalid host name, this has been already covered by the wildcard")
NewSeparatedCertHosts creates a new seperatedCertsHosts struct by parsing and separating the comma-separated host names and IPs.
type CertificateChain struct { CAKey string `mapstructure:"caKey"` CACert string `mapstructure:"caCert"` ServerKey string `mapstructure:"serverKey"` ServerCert string `mapstructure:"serverCert"` ClientKey string `mapstructure:"clientKey"` ClientCert string `mapstructure:"clientCert"` PeerKey string `mapstructure:"peerKey"` PeerCert string `mapstructure:"peerCert"` }
CertificateChain represents a full certificate chain with a root CA, a server, client and peer certificate All values are in PEM format
func GenerateTLS(hosts string, validity string) (*CertificateChain, error)
GenerateTLS generates ca, server, client and peer TLS certificates. hosts: Comma-separated hostnames and IPs to generate a certificate for validity: Duration that certificate is valid for, in Go Duration format
ClientCertificate contains the generated certificate and key in PEM encoded format.
func GenerateClientCertificate(req ClientCertificateRequest, signerCert *x509.Certificate, signerKey crypto.Signer) (*ClientCertificate, error)
GenerateClientCertificate generates client TLS certificate and key signed by a parent CA.
type ClientCertificateRequest struct { Subject pkix.Name Validity time.Duration // contains filtered or unexported fields }
ClientCertificateRequest contains a set of options configurable for client certificate generation
PeerCertificate contains the generated certificate and key in PEM encoded format.
func GeneratePeerCertificate(req PeerCertificateRequest, signerCert *x509.Certificate, signerKey crypto.Signer) (*PeerCertificate, error)
GeneratePeerCertificate generates peer TLS certificate and key signed by a parent CA.
type PeerCertificateRequest struct { Subject pkix.Name Validity time.Duration DNSNames []string IPAddresses []net.IP // contains filtered or unexported fields }
PeerCertificateRequest contains a set of options configurable for peer certificate generation.
ServerCertificate contains the generated certificate and key in PEM encoded format.
func GenerateServerCertificate(req ServerCertificateRequest, signerCert *x509.Certificate, signerKey crypto.Signer) (*ServerCertificate, error)
GenerateServerCertificate generates server TLS certificate and key signed by a parent CA.
type ServerCertificateRequest struct { Subject pkix.Name Validity time.Duration DNSNames []string IPAddresses []net.IP // contains filtered or unexported fields }
ServerCertificateRequest contains a set of options configurable for server certificate generation.
Package tls imports 12 packages (graph) and is imported by 5 packages. Updated 2019-08-29. Refresh now. Tools for package owners.