authority

package

v0.0.0-...-8312e71 Latest Latest Go to latest Published: Mar 13, 2024 License: Apache-2.0 Imports: 13 Imported by: 23

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/gravitational/license

Links

Open Source Insights

Documentation ¶

Overview ¶

package authority implements X509 certificate authority features

Index ¶

func GenerateCSR(req csr.CertificateRequest, privateKeyPEM []byte) (csrBytes []byte, key []byte, err error)
func ProcessCSR(req signer.SignRequest, ttl time.Duration, certAuthority *TLSKeyPair) ([]byte, error)
type ExistingKey
- func NewExistingKey(keyPEM []byte) (*ExistingKey, error)
type TLSKeyPair

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func GenerateCSR ¶

func GenerateCSR(req csr.CertificateRequest, privateKeyPEM []byte) (csrBytes []byte, key []byte, err error)

GenerateCSR generates new certificate signing request for existing key if supplied or generates new private key otherwise

func ProcessCSR ¶

func ProcessCSR(req signer.SignRequest, ttl time.Duration, certAuthority *TLSKeyPair) ([]byte, error)

ProcessCSR processes CSR (certificate sign request) with given cert authority

Types ¶

type ExistingKey ¶

type ExistingKey struct {
	// contains filtered or unexported fields
}

ExistingKey tells signer to use existing key instead

func NewExistingKey ¶

func NewExistingKey(keyPEM []byte) (*ExistingKey, error)

func (*ExistingKey) Algo ¶

func (kr *ExistingKey) Algo() string

Algo returns the requested key algorithm represented as a string.

func (*ExistingKey) Generate ¶

func (kr *ExistingKey) Generate() (crypto.PrivateKey, error)

Generate generates a key as specified in the request. Currently, only ECDSA and RSA are supported.

func (*ExistingKey) SigAlgo ¶

func (kr *ExistingKey) SigAlgo() x509.SignatureAlgorithm

SigAlgo returns an appropriate X.509 signature algorithm given the key request's type and size.

func (*ExistingKey) Size ¶

func (kr *ExistingKey) Size() int

Size returns the requested key size.

type TLSKeyPair ¶

type TLSKeyPair struct {
	// KeyPEM is private key PEM encoded contents
	KeyPEM []byte
	// CertPEM is certificate PEM encoded contents
	CertPEM []byte
}

TLSKeyPair is a pair with TLS private key and certificate

func GenerateCertificate ¶

func GenerateCertificate(req csr.CertificateRequest, certAuthority *TLSKeyPair, privateKeyPEM []byte, validFor time.Duration) (*TLSKeyPair, error)

GenerateCertificate generates a certificate/key pair signed by the provided CA, if privateKeyPEM is provided, uses the key instead of generating it

func GenerateCertificateWithExtensions ¶

func GenerateCertificateWithExtensions(req csr.CertificateRequest, certAuthority *TLSKeyPair, privateKeyPEM []byte, validFor time.Duration, extensions []signer.Extension) (*TLSKeyPair, error)

GenerateCertificateWithExtensions is like GenerateCertificate but allows to specify extensions to include into generated certificate

func GenerateSelfSignedCA ¶

func GenerateSelfSignedCA(req csr.CertificateRequest) (*TLSKeyPair, error)

GenerateSelfSignedCA generates self signed certificate authority

func NewTLSKeyPair ¶

func NewTLSKeyPair(keyPath, certPath string) (*TLSKeyPair, error)

NewTLSKeyPair returns a new TLSKeyPair with private key and certificate found at the provided paths

Source Files ¶

View all Source files

ca.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL