tls

package

v1.12.0 Latest Latest Go to latest Published: Jun 28, 2018 License: Apache-2.0 Imports: 17 Imported by: 1

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/apprenda/kismatic

Documentation ¶

Overview ¶

Package tls contains utilities for generating certificates and authorities

Index ¶

func CertKeyPairExists(name, dir string) (bool, error)
func CertValid(commonName string, SANs []string, organizations []string, name, dir string) (warn []error, err error)
func NewCACert(csrFile string, commonName string, expiry string) (key, cert []byte, err error)
func NewCert(ca *CA, req csr.CertificateRequest, expiry time.Duration) (key, cert []byte, err error)
func ReadCACert(name, dir string) (key, cert []byte, err error)
func ReadCert(name, dir string) (*x509.Certificate, error)
func WriteCert(key, cert []byte, name, dir string) error
type CA
type Subject

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func CertKeyPairExists ¶

func CertKeyPairExists(name, dir string) (bool, error)

CertKeyPairExists returns true if a key and matching certificate exist. Matching is defined as having the expected file names. No validation is performed on the actual bytes of the cert/key

func CertValid ¶ added in v1.2.0

func CertValid(commonName string, SANs []string, organizations []string, name, dir string) (warn []error, err error)

CertValid returns a list of validation warnings if the certificate values do not match the expected values. Validation rules: - common name: must match exactly - subject alternate names: the expected SANs must be a subset of the cert's SANs - organizations: the expected organizations must be a subset of the cert's organizations Subset validation is performed to allow operator to supply their own SANs and organizations Returns an error if trying to validate a cert that does not exist, or there is an issue reading or parsing the certificate

func NewCACert ¶

func NewCACert(csrFile string, commonName string, expiry string) (key, cert []byte, err error)

NewCACert creates a new Certificate Authority and returns it's private key and public certificate.

func NewCert ¶

func NewCert(ca *CA, req csr.CertificateRequest, expiry time.Duration) (key, cert []byte, err error)

NewCert creates a new certificate/key pair using the CertificateAuthority provided

func ReadCACert ¶

func ReadCACert(name, dir string) (key, cert []byte, err error)

ReadCACert read CA file

func ReadCert ¶ added in v1.4.0

func ReadCert(name, dir string) (*x509.Certificate, error)

ReadCert reads the certificate with the given name in the provided directory.

func WriteCert ¶

func WriteCert(key, cert []byte, name, dir string) error

WriteCert writes cert and key files

Types ¶

type CA ¶

type CA struct {
	// Key is the CA's private key.
	Key []byte
	// Password is the CA's private key password. Can be empty if not password is set.
	Password string
	// Cert is the CA's public certificate.
	Cert []byte
}

CA contains information about the Certificate Authority

type Subject ¶

type Subject struct {
	Country            string
	State              string
	Locality           string
	Organization       string
	OrganizationalUnit string
}

The Subject contains the fields of the X.509 Subject

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL