Documentation
¶
Index ¶
- func GenerateCSR(subject pkix.Name, bits int, dnsSANs []string, ipSANs []net.IP) (string, string, error)
- func GenerateCertificate(subject pkix.Name, notBefore, notAfter time.Time, ca bool, dnsSANs []string, ...) (*x509.Certificate, error)
- func GenerateRSAKey(bits int) (string, string, error)
- func GenerateSelfSignedCA(subject pkix.Name, notBefore time.Time, notAfter time.Time, bits int) (string, string, error)
- func GenerateSerialNumber() (*big.Int, error)
- func LoadCACertPool(caFile string) (*x509.CertPool, error)
- func LoadCertificate(certPEM string, keyPEM string) (*x509.Certificate, *rsa.PrivateKey, error)
- func LoadCertificatePairFromDir(baseDir string, name string) (*x509.Certificate, *rsa.PrivateKey, error)
- func LoadCertificateRequest(csrPEM string) (*x509.CertificateRequest, error)
- func LoadRSAPrivateKey(keyPEM string) (*rsa.PrivateKey, error)
- func LoadRSAPublicKey(keyPEM string) (*rsa.PublicKey, error)
- func LoadTLSConfigFromPath(certFile, keyFile, caFile string) (*tls.Config, error)
- func SignCertificate(certificate *x509.Certificate, bits int, parent *x509.Certificate, pub any, ...) (string, string, error)
- type CertCheck
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func GenerateCSR ¶
func GenerateCSR(subject pkix.Name, bits int, dnsSANs []string, ipSANs []net.IP) (string, string, error)
GenerateCSR generates a certificate signing request (CSR) and private key for the given subject.
func GenerateCertificate ¶
func GenerateSelfSignedCA ¶
func GenerateSerialNumber ¶
GenerateSerialNumber returns a random number that can be used for the SerialNumber field in an x509 certificate.
func LoadCACertPool ¶
LoadCACertPool loads the CA certificate pool from the given file.
func LoadCertificate ¶
func LoadCertificate(certPEM string, keyPEM string) (*x509.Certificate, *rsa.PrivateKey, error)
LoadCertificate parses the PEM blocks and returns the certificate and private key. LoadCertificate will fail if certPEM is not a valid certificate. LoadCertificate will return a nil private key if keyPEM is empty, but will fail if it is not valid.
func LoadCertificatePairFromDir ¶
func LoadCertificatePairFromDir(baseDir string, name string) (*x509.Certificate, *rsa.PrivateKey, error)
loadCertificatePairFromDir reads the certificate and corresponding private key files for the given certificate name from the specified directory. It expects the files to be named "<name>.crt" and "<name>.key".
func LoadCertificateRequest ¶
func LoadCertificateRequest(csrPEM string) (*x509.CertificateRequest, error)
LoadCertificateRequest parses the PEM blocks and returns the certificate request. LoadCertificateRequest will fail if csrPEM is not a valid certificate signing request.
func LoadRSAPrivateKey ¶
func LoadRSAPrivateKey(keyPEM string) (*rsa.PrivateKey, error)
LoadRSAPrivateKey parses the specified PEM block and return the rsa.PrivateKey.
func LoadRSAPublicKey ¶
LoadRSAPublicKey parses the specified PEM block and return the rsa.PublicKey.
func LoadTLSConfigFromPath ¶
LoadTLSConfigFromPath loads TLS certificates from the given file paths.
func SignCertificate ¶
func SignCertificate(certificate *x509.Certificate, bits int, parent *x509.Certificate, pub any, priv any) (string, string, error)
Types ¶
type CertCheck ¶
type CertCheck struct {
// Ensure that the certificate has the specified Common Name.
CN string
// Ensure that the certificate contains the following organizations.
O []string
// Ensure that the certificate contains the following DNS SANs.
DNSSANs []string
// Validate the certificate against the specified CA certificate.
CaPEM string
AllowSelfSigned bool
}
CertCheck can be used to validate certificates. Unspecified fields are ignored. "NotBefore" and "NotAfter" are checked implicitly.
func (CertCheck) ValidateCert ¶
func (check CertCheck) ValidateCert(cert *x509.Certificate) error
Source Files