Documentation
¶
Index ¶
- func CanReadCertAndKey(certPath, keyPath string) (bool, error)
- func CertStorePath(fileName string, store string) string
- func GetCA(certFile, keyFile, serialFile string) (*internalCA, error)
- func MakeSelfSignedCA(certFile, keyFile, serialFile, subjectName string, expiryDays int) (*internalCA, error)
- func TLSConfigForClient(caBundleX509 []*x509.Certificate, clientConfig *TLSCertificateConfig) (*tls.Config, error)
- func TLSConfigForServer(caBundlex509 []*x509.Certificate, serverConfig *TLSCertificateConfig) (*tls.Config, *tls.Config, error)
- type CABackend
- type CAClient
- func (caClient *CAClient) Config() *ca.Config
- func (caClient *CAClient) EnsureClientCertificate(ctx context.Context, certFile, keyFile string, subjectName string, ...) (*TLSCertificateConfig, bool, error)
- func (caClient *CAClient) EnsureServerCertificate(ctx context.Context, certFile, keyFile string, hostnames []string, ...) (*TLSCertificateConfig, bool, error)
- func (caClient *CAClient) GetCABundle() ([]byte, error)
- func (caClient *CAClient) GetCABundleX509() []*x509.Certificate
- func (caClient *CAClient) GetSigner(name string) signer.Signer
- func (caClient *CAClient) IssueRequestedClientCertificate(ctx context.Context, csr *x509.CertificateRequest, expirySeconds int, ...) ([]byte, error)
- func (caClient *CAClient) IssueRequestedClientCertificateAsX509(ctx context.Context, csr *x509.CertificateRequest, expirySeconds int, ...) (*x509.Certificate, error)
- func (caClient *CAClient) IssueRequestedServerCertificate(ctx context.Context, csr *x509.CertificateRequest, expirySeconds int, ...) ([]byte, error)
- func (caClient *CAClient) IssueRequestedServerCertificateAsX509(ctx context.Context, csr *x509.CertificateRequest, expirySeconds int, ...) (*x509.Certificate, error)
- func (caClient *CAClient) MakeAndWriteServerCertificate(ctx context.Context, certFile, keyFile string, hostnames []string, ...) (*TLSCertificateConfig, error)
- func (caClient *CAClient) MakeClientCertificate(ctx context.Context, certFile, keyFile string, subjectName string, ...) (*TLSCertificateConfig, error)
- func (caClient *CAClient) MakeServerCertificate(ctx context.Context, hostnames []string, expiryDays int) (*TLSCertificateConfig, error)
- func (caClient *CAClient) PeerCertificateFromCtx(ctx context.Context) (*x509.Certificate, error)
- func (caClient *CAClient) PeerCertificateSignerFromCtx(ctx context.Context) signer.Signer
- type CertOption
- type TLSCertificateConfig
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func CanReadCertAndKey ¶ added in v0.5.0
CanReadCertAndKey checks if both the certificate and key files exist and are readable. Returns true if both files are accessible, false if neither exists, and an error if one is missing.
func CertStorePath ¶ added in v0.8.0
func MakeSelfSignedCA ¶
func TLSConfigForClient ¶
func TLSConfigForClient(caBundleX509 []*x509.Certificate, clientConfig *TLSCertificateConfig) (*tls.Config, error)
func TLSConfigForServer ¶
func TLSConfigForServer(caBundlex509 []*x509.Certificate, serverConfig *TLSCertificateConfig) (*tls.Config, *tls.Config, error)
Types ¶
type CABackend ¶ added in v0.6.0
type CABackend interface {
IssueRequestedCertificateAsX509(ctx context.Context, csr *x509.CertificateRequest, expirySeconds int, usage []x509.ExtKeyUsage, opts ...CertOption) (*x509.Certificate, error)
GetCABundleX509() []*x509.Certificate
}
type CAClient ¶ added in v0.6.0
func EnsureCA ¶
EnsureCA() tries to load or generate a CA and connect to it. If the CA is successfully loaded or generated it returns a valid CA instance, a flag signifying was it loaded or generated and a nil error. In case of errors a non-nil error is returned.
func (*CAClient) EnsureClientCertificate ¶ added in v0.6.0
func (*CAClient) EnsureServerCertificate ¶ added in v0.6.0
func (*CAClient) GetCABundle ¶ added in v0.6.0
func (*CAClient) GetCABundleX509 ¶ added in v0.6.0
func (caClient *CAClient) GetCABundleX509() []*x509.Certificate
func (*CAClient) IssueRequestedClientCertificate ¶ added in v0.6.0
func (caClient *CAClient) IssueRequestedClientCertificate(ctx context.Context, csr *x509.CertificateRequest, expirySeconds int, opts ...CertOption) ([]byte, error)
func (*CAClient) IssueRequestedClientCertificateAsX509 ¶ added in v0.6.0
func (caClient *CAClient) IssueRequestedClientCertificateAsX509(ctx context.Context, csr *x509.CertificateRequest, expirySeconds int, opts ...CertOption) (*x509.Certificate, error)
func (*CAClient) IssueRequestedServerCertificate ¶ added in v0.6.0
func (caClient *CAClient) IssueRequestedServerCertificate(ctx context.Context, csr *x509.CertificateRequest, expirySeconds int, opts ...CertOption) ([]byte, error)
func (*CAClient) IssueRequestedServerCertificateAsX509 ¶ added in v0.6.0
func (caClient *CAClient) IssueRequestedServerCertificateAsX509(ctx context.Context, csr *x509.CertificateRequest, expirySeconds int, opts ...CertOption) (*x509.Certificate, error)
func (*CAClient) MakeAndWriteServerCertificate ¶ added in v0.6.0
func (*CAClient) MakeClientCertificate ¶ added in v0.6.0
func (*CAClient) MakeServerCertificate ¶ added in v0.6.0
func (*CAClient) PeerCertificateFromCtx ¶ added in v0.9.0
type CertOption ¶ added in v0.9.0
type CertOption = func(*x509.Certificate) error
type TLSCertificateConfig ¶
type TLSCertificateConfig oscrypto.TLSCertificateConfig
func GetClientCertificate ¶
func GetClientCertificate(certFile, keyFile string, subjectName string) (*TLSCertificateConfig, error)
func GetServerCertificate ¶ added in v0.6.0
func GetServerCertificate(certFile, keyFile string, hostnames []string) (*TLSCertificateConfig, error)
func GetTLSCertificateConfig ¶
func GetTLSCertificateConfig(certFile, keyFile string) (*TLSCertificateConfig, error)
func (*TLSCertificateConfig) GetPEMBytes ¶
func (c *TLSCertificateConfig) GetPEMBytes() ([]byte, []byte, error)
func (*TLSCertificateConfig) WriteCertConfigFile ¶
func (c *TLSCertificateConfig) WriteCertConfigFile(certFile, keyFile string) error
Source Files
Directories
Click to show internal directories.
Click to hide internal directories.