bank-vaults: github.com/banzaicloud/bank-vaults/pkg/sdk/tls Index | Files

package tls

import "github.com/banzaicloud/bank-vaults/pkg/sdk/tls"

Index

Package Files

tls.go tls_client.go tls_peer.go tls_server.go

Variables

var InvalidHostNameError = errors.New("invalid host name, this has been already covered by the wildcard")

func NewSeparatedCertHosts Uses

func NewSeparatedCertHosts(hosts string) *separatedCertHosts

NewSeparatedCertHosts creates a new seperatedCertsHosts struct by parsing and separating the comma-separated host names and IPs.

type CertificateChain Uses

type CertificateChain struct {
    CAKey      string `mapstructure:"caKey"`
    CACert     string `mapstructure:"caCert"`
    ServerKey  string `mapstructure:"serverKey"`
    ServerCert string `mapstructure:"serverCert"`
    ClientKey  string `mapstructure:"clientKey"`
    ClientCert string `mapstructure:"clientCert"`
    PeerKey    string `mapstructure:"peerKey"`
    PeerCert   string `mapstructure:"peerCert"`
}

CertificateChain represents a full certificate chain with a root CA, a server, client and peer certificate All values are in PEM format

func GenerateTLS Uses

func GenerateTLS(hosts string, validity string) (*CertificateChain, error)

GenerateTLS generates ca, server, client and peer TLS certificates. hosts: Comma-separated hostnames and IPs to generate a certificate for validity: Duration that certificate is valid for, in Go Duration format

type ClientCertificate Uses

type ClientCertificate struct {
    Certificate []byte
    Key         []byte
}

ClientCertificate contains the generated certificate and key in PEM encoded format.

func GenerateClientCertificate Uses

func GenerateClientCertificate(req ClientCertificateRequest, signerCert *x509.Certificate, signerKey crypto.Signer) (*ClientCertificate, error)

GenerateClientCertificate generates client TLS certificate and key signed by a parent CA.

type ClientCertificateRequest Uses

type ClientCertificateRequest struct {
    Subject  pkix.Name
    Validity time.Duration
    // contains filtered or unexported fields
}

ClientCertificateRequest contains a set of options configurable for client certificate generation

type PeerCertificate Uses

type PeerCertificate struct {
    Certificate []byte
    Key         []byte
}

PeerCertificate contains the generated certificate and key in PEM encoded format.

func GeneratePeerCertificate Uses

func GeneratePeerCertificate(req PeerCertificateRequest, signerCert *x509.Certificate, signerKey crypto.Signer) (*PeerCertificate, error)

GeneratePeerCertificate generates peer TLS certificate and key signed by a parent CA.

type PeerCertificateRequest Uses

type PeerCertificateRequest struct {
    Subject     pkix.Name
    Validity    time.Duration
    DNSNames    []string
    IPAddresses []net.IP
    // contains filtered or unexported fields
}

PeerCertificateRequest contains a set of options configurable for peer certificate generation.

type ServerCertificate Uses

type ServerCertificate struct {
    Certificate []byte
    Key         []byte
}

ServerCertificate contains the generated certificate and key in PEM encoded format.

func GenerateServerCertificate Uses

func GenerateServerCertificate(req ServerCertificateRequest, signerCert *x509.Certificate, signerKey crypto.Signer) (*ServerCertificate, error)

GenerateServerCertificate generates server TLS certificate and key signed by a parent CA.

type ServerCertificateRequest Uses

type ServerCertificateRequest struct {
    Subject     pkix.Name
    Validity    time.Duration
    DNSNames    []string
    IPAddresses []net.IP
    // contains filtered or unexported fields
}

ServerCertificateRequest contains a set of options configurable for server certificate generation.

Package tls imports 12 packages (graph) and is imported by 4 packages. Updated 2019-08-29. Refresh now. Tools for package owners.