certs

package
v0.18.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Apr 9, 2024 License: Apache-2.0 Imports: 16 Imported by: 3

Documentation

Overview

Copyright (c) Microsoft Corporation. All rights reserved. Licensed under the Apache v2.0 license.

Copyright (c) Microsoft Corporation. All rights reserved. Licensed under the Apache v2.0 license.

Index

Constants

This section is empty.

Variables

View Source
var (

	// RFC 5755
	OidAccessIdentity = []int{1, 3, 6, 1, 5, 5, 7, 10, 2}
)

Functions

func CalculateRenewTime added in v0.10.16

func CalculateRenewTime(certificate string, factor *backOffFactor) (duration *backOffDuration, err error)

func DecodeCertPEM

func DecodeCertPEM(encoded []byte) (*x509.Certificate, error)

DecodeCertPEM attempts to return a decoded certificate or nil if the encoded input does not contain a certificate.

func DecodeCertRequestPEM added in v0.10.7

func DecodeCertRequestPEM(encoded []byte) (*x509.CertificateRequest, error)

DecodeCertRequestPEM attempts to return a decoded certificate request or nil if the encoded input does not contain a certificate request.

func DecodePrivateKeyPEM

func DecodePrivateKeyPEM(encoded []byte) (*rsa.PrivateKey, error)

DecodePrivateKeyPEM attempts to return a decoded key or nil if the encoded input does not contain a private key.

func EncodeCertPEM

func EncodeCertPEM(cert *x509.Certificate) []byte

EncodeCertPEM returns PEM-endcoded certificate data.

func EncodeCertRequestPEM added in v0.10.7

func EncodeCertRequestPEM(cert *x509.CertificateRequest) []byte

EncodeCertRequestPEM returns PEM-endcoded certificate request data.

func EncodePrivateKeyPEM

func EncodePrivateKeyPEM(key *rsa.PrivateKey) []byte

EncodePrivateKeyPEM returns PEM-encoded private key data.

func EncodePublicKeyBytePEM

func EncodePublicKeyBytePEM(key []byte) ([]byte, error)

EncodePublicKeyPEM returns PEM-encoded public key data.

func EncodePublicKeyPEM

func EncodePublicKeyPEM(key *rsa.PublicKey) ([]byte, error)

EncodePublicKeyPEM returns PEM-encoded public key data.

func GenerateCertificateRenewRequest added in v0.10.7

func GenerateCertificateRenewRequest(cert *tls.Certificate) (retCsr []byte, retPriv []byte, err error)

GenerateCertificateRenewRequest creates a renew CSR A new private key will be created, used to create CSR and returned

func GenerateCertificateRenewRequestSameKey added in v0.10.7

func GenerateCertificateRenewRequestSameKey(cert *tls.Certificate) (retCsr []byte, err error)

GenerateCertificateRenewRequestSameKey creates a renew CSR A same private key in cert will be used to create CSR

func GenerateCertificateRequest added in v0.10.7

func GenerateCertificateRequest(conf *Config, privKey []byte) (csr []byte, retPrivKey []byte, err error)

GenerateCertificateRequest creates a CSR if privKey is not provided, a new one will be created and returned if privKey is provided, it will be used to create csr and the same key will be returned

func GenerateClientCertificate

func GenerateClientCertificate(name string) (*x509.Certificate, *rsa.PrivateKey, error)

func IsCertificateExpired added in v0.10.16

func IsCertificateExpired(certificate string) (bool, error)

func NewBackOffFactor added in v0.10.16

func NewBackOffFactor(renewBackoffFactor, errorBackoffFactor float64) (factor *backOffFactor, err error)

func NewPrivateKey

func NewPrivateKey() (*rsa.PrivateKey, error)

NewPrivateKey creates an RSA private key

func NewSignedCert

func NewSignedCert(key *rsa.PrivateKey, caCert *x509.Certificate, caKey *rsa.PrivateKey, conf Config) (*x509.Certificate, error)

Types

type AltNames

type AltNames struct {
	DNSNames []string
	IPs      []net.IP
}

AltNames contains the domain names and IP addresses for a cert

type CAConfig added in v0.10.7

type CAConfig struct {
	RootSigner      *tls.Certificate
	CrossRootCert   *x509.Certificate   // OPTIONAL
	AdditionalRoots []*x509.Certificate // OPTIONAL
	Revocation      Revocation          // OPTIONAL
}

type CertificateAuthority added in v0.10.7

type CertificateAuthority struct {
	// contains filtered or unexported fields
}

func NewCertificateAuthority added in v0.10.7

func NewCertificateAuthority(config *CAConfig) (*CertificateAuthority, error)

NewCertificateAuthority creates a CertificateAuthority

func (*CertificateAuthority) SignRequest added in v0.10.7

func (ca *CertificateAuthority) SignRequest(csrPem []byte, oldCertPem []byte, conf *SignConfig) (retCert []byte, err error)

SignRequest signs the CSR using Certificate Authority if oldCertPem is provided it is validated against CA

func (*CertificateAuthority) VerifyClientCertificate added in v0.10.7

func (ca *CertificateAuthority) VerifyClientCertificate(rawCerts [][]byte) error

VerifyClientCertificate verifies rawCerts(ASN encoded) using the CertificateAuthority

type Config

type Config struct {
	CommonName   string
	Organization []string
	AltNames     AltNames
	Usages       []x509.ExtKeyUsage
}

Config contains the basic fields required for creating a certificate.

type KeyPair

type KeyPair struct {
	Cert, Key []byte
}

KeyPair holds the raw bytes for a certificate and key.

func (*KeyPair) IsValid

func (k *KeyPair) IsValid() bool

IsValid returns true if both the certificate and key are non-nil.

type Revocation added in v0.10.7

type Revocation interface {
	IsRevoked(cert *x509.Certificate) error
}

type SignConfig added in v0.10.7

type SignConfig struct {
	Offset     time.Duration
	Identity   string
	ServerAuth bool
	IsCA       bool
}

Config contains the basic fields required for signing a certificate.

Directories

Path Synopsis
Package mock_certs is a generated GoMock package.
Package mock_certs is a generated GoMock package.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL