import "sigs.k8s.io/cluster-api/util/certs"
const (
// DefaultRSAKeySize is the default key size used when created RSA keys.
DefaultRSAKeySize = 2048
// DefaultCertDuration is the default lifespan used when creating certificates.
DefaultCertDuration = time.Hour * 24 * 365
// When client certificates have less than ClientCertificateRenewalDuration
// left before expiry, they will be regenerated.
ClientCertificateRenewalDuration = DefaultCertDuration / 2
)func DecodeCertPEM(encoded []byte) (*x509.Certificate, error)
DecodeCertPEM attempts to return a decoded certificate or nil if the encoded input does not contain a certificate.
DecodePrivateKeyPEM attempts to return a decoded key or nil if the encoded input does not contain a private key.
func EncodeCertPEM(cert *x509.Certificate) []byte
EncodeCertPEM returns PEM-endcoded certificate data.
func EncodePrivateKeyPEM(key *rsa.PrivateKey) []byte
EncodePrivateKeyPEM returns PEM-encoded private key data.
EncodePublicKeyPEM returns PEM-encoded public key data.
func NewPrivateKey() (*rsa.PrivateKey, error)
NewPrivateKey creates an RSA private key
AltNames contains the domain names and IP addresses that will be added to the API Server's x509 certificate SubAltNames field. The values will be passed directly to the x509.Certificate object.
type Config struct {
CommonName string
Organization []string
AltNames AltNames
Usages []x509.ExtKeyUsage
}Config contains the basic fields required for creating a certificate.
func (cfg *Config) NewSignedCert(key *rsa.PrivateKey, caCert *x509.Certificate, caKey crypto.Signer) (*x509.Certificate, error)
NewSignedCert creates a signed certificate using the given CA certificate and key.
KeyPair holds the raw bytes for a certificate and key.
IsValid returns true if both the certificate and key are non-nil.
Package certs imports 12 packages (graph) and is imported by 7 packages. Updated 2020-10-15. Refresh now. Tools for package owners.