Documentation
¶
Index ¶
- Variables
- func GetCertExpirationDate(certPEM []byte) (time.Time, error)
- func PEMToCertificate(certPEM []byte) (*x509.Certificate, error)
- type CertificateChain
- type CertificateManager
- func (cm *CertificateManager) GenerateCA() error
- func (cm *CertificateManager) GenerateClient() error
- func (cm *CertificateManager) GeneratePeer() error
- func (cm *CertificateManager) GenerateServer() error
- func (cm *CertificateManager) LoadCA(caCertBytes []byte, caKeyBytes []byte, expirationThreshold time.Duration) error
- func (cm *CertificateManager) NewChain() error
- type ClientCertificate
- type ClientCertificateRequest
- type PeerCertificate
- type PeerCertificateRequest
- type SeparatedCertHosts
- type ServerCertificate
- type ServerCertificateRequest
Constants ¶
This section is empty.
Variables ¶
var ( // ErrInvalidHostName is returned when you have a hostname that has already been covered by a wildcard hostname ErrInvalidHostName = errors.New("invalid host name, this has been already covered by the wildcard") // ErrInvalidCA will be returned if the provided CA is invalid ErrInvalidCA = errors.New("the CA provided is not valid") // ErrEmptyCA will be returned if the CA provided was empty ErrEmptyCA = errors.New("an empty CA was provided") // ErrExpiredCA will be returned if the CA does not meet the required threshold of validity ErrExpiredCA = errors.New("the CA provided will expired before the provided threshold") )
Functions ¶
func GetCertExpirationDate ¶ added in v0.3.0
GetCertExpirationDate will return a PEM encoded certificate's expiration date
func PEMToCertificate ¶ added in v0.4.0
func PEMToCertificate(certPEM []byte) (*x509.Certificate, error)
Types ¶
type CertificateChain ¶
type CertificateChain struct {
CAKey string `mapstructure:"caKey"`
CACert string `mapstructure:"caCert"`
ServerKey string `mapstructure:"serverKey"`
ServerCert string `mapstructure:"serverCert"`
ClientKey string `mapstructure:"clientKey"`
ClientCert string `mapstructure:"clientCert"`
PeerKey string `mapstructure:"peerKey"`
PeerCert string `mapstructure:"peerCert"`
}
CertificateChain represents a full certificate chain with a root CA, a server, client and peer certificate All values are in PEM format
func GenerateTLS ¶
func GenerateTLS(hosts string, validity string) (*CertificateChain, error)
GenerateTLS generates ca, server, client and peer TLS certificates. hosts: Comma-separated hostnames and IPs to generate a certificate for validity: Duration that certificate is valid for, in Go Duration format
type CertificateManager ¶ added in v0.3.0
type CertificateManager struct {
Chain *CertificateChain
// contains filtered or unexported fields
}
CertificateManager contains a certificate chain and methods to generate certificates on that chain
func NewCertificateManager ¶ added in v0.3.0
func NewCertificateManager(hosts string, validity string) (*CertificateManager, error)
NewCertificateManager will return a new instance of the CertificateManager
func (*CertificateManager) GenerateCA ¶ added in v0.3.0
func (cm *CertificateManager) GenerateCA() error
GenerateCA will generate a new certificate authority
func (*CertificateManager) GenerateClient ¶ added in v0.3.0
func (cm *CertificateManager) GenerateClient() error
GenerateClient will generate a new client TLS certificate signed by the CA within the chain
func (*CertificateManager) GeneratePeer ¶ added in v0.3.0
func (cm *CertificateManager) GeneratePeer() error
GeneratePeer will generate a new peer TLS certificate signed by the CA within the chain
func (*CertificateManager) GenerateServer ¶ added in v0.3.0
func (cm *CertificateManager) GenerateServer() error
GenerateServer will generate a new server TLS certificate signed by the CA within the chain
func (*CertificateManager) LoadCA ¶ added in v0.3.0
func (cm *CertificateManager) LoadCA(caCertBytes []byte, caKeyBytes []byte, expirationThreshold time.Duration) error
LoadCA will load an existing certifiate authority into the CertificateManager and underlying chain
func (*CertificateManager) NewChain ¶ added in v0.3.0
func (cm *CertificateManager) NewChain() error
NewChain generates ca, server, client and peer TLS certificates. hosts: Comma-separated hostnames and IPs to generate a certificate for validity: Duration that certificate is valid for, in Go Duration format
type ClientCertificate ¶
ClientCertificate contains the generated certificate and key in PEM encoded format.
func GenerateClientCertificate ¶
func GenerateClientCertificate(req ClientCertificateRequest, signerCert *x509.Certificate, signerKey crypto.Signer) (*ClientCertificate, error)
GenerateClientCertificate generates client TLS certificate and key signed by a parent CA.
type ClientCertificateRequest ¶
type ClientCertificateRequest struct {
Subject pkix.Name
Validity time.Duration
// contains filtered or unexported fields
}
ClientCertificateRequest contains a set of options configurable for client certificate generation
type PeerCertificate ¶
PeerCertificate contains the generated certificate and key in PEM encoded format.
func GeneratePeerCertificate ¶
func GeneratePeerCertificate(req PeerCertificateRequest, signerCert *x509.Certificate, signerKey crypto.Signer) (*PeerCertificate, error)
GeneratePeerCertificate generates peer TLS certificate and key signed by a parent CA.
type PeerCertificateRequest ¶
type PeerCertificateRequest struct {
Subject pkix.Name
Validity time.Duration
DNSNames []string
IPAddresses []net.IP
// contains filtered or unexported fields
}
PeerCertificateRequest contains a set of options configurable for peer certificate generation.
type SeparatedCertHosts ¶ added in v0.3.1
func NewSeparatedCertHosts ¶
func NewSeparatedCertHosts(hosts string) *SeparatedCertHosts
NewSeparatedCertHosts creates a new seperatedCertsHosts struct by parsing and separating the comma-separated host names and IPs.
func (*SeparatedCertHosts) Validate ¶ added in v0.3.1
func (sh *SeparatedCertHosts) Validate() error
Validate validates the hostnames in case of wildCard host is present eg.: *.foo.bar boo.foo.bar is not allowed, but coo.boo.foo.bar is valid
type ServerCertificate ¶
ServerCertificate contains the generated certificate and key in PEM encoded format.
func GenerateServerCertificate ¶
func GenerateServerCertificate(req ServerCertificateRequest, signerCert *x509.Certificate, signerKey crypto.Signer) (*ServerCertificate, error)
GenerateServerCertificate generates server TLS certificate and key signed by a parent CA.
Source Files