cert-manager: github.com/jetstack/cert-manager/pkg/util/pki Index | Files

package pki

import "github.com/jetstack/cert-manager/pkg/util/pki"

Index

Package Files

csr.go generate.go parse.go

Constants

const (
    // MinRSAKeySize is the minimum RSA keysize allowed to be generated by the
    // generator functions in this package.
    MinRSAKeySize = 2048

    // MaxRSAKeySize is the maximum RSA keysize allowed to be generated by the
    // generator functions in this package.
    MaxRSAKeySize = 8192

    // ECCurve256 represents a 256bit ECDSA key.
    ECCurve256 = 256
    // ECCurve384 represents a 384bit ECDSA key.
    ECCurve384 = 384
    // ECCurve521 represents a 521bit ECDSA key.
    ECCurve521 = 521
)

func BuildKeyUsages Uses

func BuildKeyUsages(usages []v1alpha2.KeyUsage, isCA bool) (ku x509.KeyUsage, eku []x509.ExtKeyUsage, err error)

func DNSNamesForCertificate Uses

func DNSNamesForCertificate(crt *v1alpha2.Certificate) ([]string, error)

func DecodePKCS1PrivateKeyBytes Uses

func DecodePKCS1PrivateKeyBytes(keyBytes []byte) (*rsa.PrivateKey, error)

DecodePKCS1PrivateKeyBytes will decode a PEM encoded RSA private key.

func DecodePrivateKeyBytes Uses

func DecodePrivateKeyBytes(keyBytes []byte) (crypto.Signer, error)

DecodePrivateKeyBytes will decode a PEM encoded private key into a crypto.Signer. It supports ECDSA and RSA private keys only. All other types will return err.

func DecodeX509CertificateBytes Uses

func DecodeX509CertificateBytes(certBytes []byte) (*x509.Certificate, error)

DecodeX509CertificateBytes will decode a PEM encoded x509 Certificate.

func DecodeX509CertificateChainBytes Uses

func DecodeX509CertificateChainBytes(certBytes []byte) ([]*x509.Certificate, error)

DecodeX509CertificateChainBytes will decode a PEM encoded x509 Certificate chain.

func DecodeX509CertificateRequestBytes Uses

func DecodeX509CertificateRequestBytes(csrBytes []byte) (*x509.CertificateRequest, error)

DecodeX509CertificateRequestBytes will decode a PEM encoded x509 Certificate Request.

func EncodeCSR Uses

func EncodeCSR(template *x509.CertificateRequest, key crypto.Signer) ([]byte, error)

EncodeCSR calls x509.CreateCertificateRequest to sign the given CSR template. It returns a DER encoded signed CSR.

func EncodeECPrivateKey Uses

func EncodeECPrivateKey(pk *ecdsa.PrivateKey) ([]byte, error)

EncodeECPrivateKey will marshal an ECDSA private key into x509 PEM format.

func EncodePKCS1PrivateKey Uses

func EncodePKCS1PrivateKey(pk *rsa.PrivateKey) []byte

EncodePKCS1PrivateKey will marshal a RSA private key into x509 PEM format.

func EncodePKCS8PrivateKey Uses

func EncodePKCS8PrivateKey(pk interface{}) ([]byte, error)

EncodePKCS8PrivateKey will marshal a private key into x509 PEM format.

func EncodePrivateKey Uses

func EncodePrivateKey(pk crypto.PrivateKey, keyEncoding v1alpha2.KeyEncoding) ([]byte, error)

EncodePrivateKey will encode a given crypto.PrivateKey by first inspecting the type of key encoding and then inspecting the type of key provided. It only supports encoding RSA or ECDSA keys.

func EncodeX509 Uses

func EncodeX509(cert *x509.Certificate) ([]byte, error)

EncodeX509 will encode a *x509.Certificate into PEM format.

func EncodeX509Chain Uses

func EncodeX509Chain(certs []*x509.Certificate) ([]byte, error)

EncodeX509Chain will encode an *x509.Certificate chain into PEM format.

func GenerateCSR Uses

func GenerateCSR(crt *v1alpha2.Certificate) (*x509.CertificateRequest, error)

GenerateCSR will generate a new *x509.CertificateRequest template to be used by issuers that utilise CSRs to obtain Certificates. The CSR will not be signed, and should be passed to either EncodeCSR or to the x509.CreateCertificateRequest function.

func GenerateECPrivateKey Uses

func GenerateECPrivateKey(keySize int) (*ecdsa.PrivateKey, error)

GenerateECPrivateKey will generate an ECDSA private key of the given size. It can be used to generate 256, 384 and 521 sized keys.

func GeneratePrivateKeyForCertificate Uses

func GeneratePrivateKeyForCertificate(crt *v1alpha2.Certificate) (crypto.Signer, error)

GeneratePrivateKeyForCertificate will generate a private key suitable for the provided cert-manager Certificate resource, taking into account the parameters on the provided resource. The returned key will either be RSA or ECDSA.

func GenerateRSAPrivateKey Uses

func GenerateRSAPrivateKey(keySize int) (*rsa.PrivateKey, error)

GenerateRSAPrivateKey will generate a RSA private key of the given size. It places restrictions on the minimum and maximum RSA keysize.

func GenerateTemplate Uses

func GenerateTemplate(crt *v1alpha2.Certificate) (*x509.Certificate, error)

GenerateTemplate will create a x509.Certificate for the given Certificate resource. This should create a Certificate template that is equivalent to the CertificateRequest generated by GenerateCSR. The PublicKey field must be populated by the caller.

func GenerateTemplateFromCSRPEM Uses

func GenerateTemplateFromCSRPEM(csrPEM []byte, duration time.Duration, isCA bool) (*x509.Certificate, error)

func GenerateTemplateFromCSRPEMWithUsages Uses

func GenerateTemplateFromCSRPEMWithUsages(csrPEM []byte, duration time.Duration, isCA bool, keyUsage x509.KeyUsage, extKeyUsage []x509.ExtKeyUsage) (*x509.Certificate, error)

func GenerateTemplateFromCertificateRequest Uses

func GenerateTemplateFromCertificateRequest(cr *v1alpha2.CertificateRequest) (*x509.Certificate, error)

GenerateTemplate will create a x509.Certificate for the given CertificateRequest resource

func IPAddressesForCertificate Uses

func IPAddressesForCertificate(crt *v1alpha2.Certificate) []net.IP

func IPAddressesToString Uses

func IPAddressesToString(ipAddresses []net.IP) []string

func OrganizationForCertificate Uses

func OrganizationForCertificate(crt *v1alpha2.Certificate) []string

OrganizationForCertificate will return the Organization to set for the Certificate resource. If an Organization is not specifically set, a default will be used.

func PublicKeyForPrivateKey Uses

func PublicKeyForPrivateKey(pk crypto.PrivateKey) (crypto.PublicKey, error)

PublicKeyForPrivateKey will return the crypto.PublicKey for the given crypto.PrivateKey. It only supports RSA and ECDSA keys.

func PublicKeyMatchesCSR Uses

func PublicKeyMatchesCSR(check crypto.PublicKey, csr *x509.CertificateRequest) (bool, error)

PublicKeyMatchesCSR can be used to verify the given public key is the correct counter-part to the given x509 CertificateRequest. It will return false and no error if the public key is *not* valid for the given CertificateRequest. It will return true if the public key *is* valid for the given CertificateRequest. It will return an error if either of the passed parameters are of an unrecognised type (i.e. non RSA/ECDSA)

func PublicKeyMatchesCertificate Uses

func PublicKeyMatchesCertificate(check crypto.PublicKey, crt *x509.Certificate) (bool, error)

PublicKeyMatchesCertificate can be used to verify the given public key is the correct counter-part to the given x509 Certificate. It will return false and no error if the public key is *not* valid for the given Certificate. It will return true if the public key *is* valid for the given Certificate. It will return an error if either of the passed parameters are of an unrecognised type (i.e. non RSA/ECDSA)

func PublicKeysEqual Uses

func PublicKeysEqual(a, b crypto.PublicKey) (bool, error)

func SignCSRTemplate Uses

func SignCSRTemplate(caCerts []*x509.Certificate, caKey crypto.Signer, template *x509.Certificate) ([]byte, []byte, error)

SignCSRTemplate signs a certificate template usually based upon a CSR. This function expects all fields to be present in the certificate template, including it's public key. It returns the certificate data followed by the CA data, encoded in PEM format.

func SignCertificate Uses

func SignCertificate(template *x509.Certificate, issuerCert *x509.Certificate, publicKey crypto.PublicKey, signerKey interface{}) ([]byte, *x509.Certificate, error)

SignCertificate returns a signed x509.Certificate object for the given *v1alpha2.Certificate crt. publicKey is the public key of the signee, and signerKey is the private key of the signer. It returns a PEM encoded copy of the Certificate as well as a *x509.Certificate which can be used for reading the encoded values.

func SignatureAlgorithm Uses

func SignatureAlgorithm(crt *v1alpha2.Certificate) (x509.PublicKeyAlgorithm, x509.SignatureAlgorithm, error)

SignatureAlgorithm will determine the appropriate signature algorithm for the given certificate. Adapted from https://github.com/cloudflare/cfssl/blob/master/csr/csr.go#L102

func SubjectForCertificate Uses

func SubjectForCertificate(crt *v1alpha2.Certificate) v1alpha2.X509Subject

SubjectForCertificate will return the Subject from the Certificate resource or an empty one if it is not set

func URIsForCertificate Uses

func URIsForCertificate(crt *v1alpha2.Certificate) ([]*url.URL, error)

func URLsFromStrings Uses

func URLsFromStrings(urlStrs []string) ([]*url.URL, error)

func URLsToString Uses

func URLsToString(uris []*url.URL) []string

Package pki imports 19 packages (graph) and is imported by 62 packages. Updated 2020-08-09. Refresh now. Tools for package owners.