Documentation ¶
Overview ¶
Package certsclient with functions to load CA and client certificates for use by the protocol binding in the Consumed Thing factory or other clients.
Package certsclient with key management for clients (and server) certificates
Index ¶
- Constants
- func CreateECDSAKeys() *ecdsa.PrivateKey
- func LoadKeysFromPEM(pemPath string) (privateKey *ecdsa.PrivateKey, err error)
- func LoadPublicKeyFromPEM(pemPath string) (publicKey *ecdsa.PublicKey, err error)
- func LoadTLSCertFromPEM(certPEMPath, keyPEMPath string) (cert *tls.Certificate, err error)
- func LoadX509CertFromPEM(pemPath string) (cert *x509.Certificate, err error)
- func PrivateKeyFromPEM(pemEncodedKey string) (privateKey *ecdsa.PrivateKey, err error)
- func PrivateKeyToPEM(privateKey interface{}) (string, error)
- func PublicKeyFromCert(cert *x509.Certificate) *ecdsa.PublicKey
- func PublicKeyFromPEM(pemEncodedPub string) (publicKey *ecdsa.PublicKey, err error)
- func PublicKeyToPEM(publicKey interface{}) (string, error)
- func SaveKeysToPEM(privateKey interface{}, pemPath string) error
- func SavePublicKeyToPEM(pubKey interface{}, pemPath string) error
- func SaveTLSCertToPEM(cert *tls.Certificate, certPEMPath, keyPEMPath string) error
- func SaveX509CertToPEM(cert *x509.Certificate, pemPath string) error
- func X509CertFromPEM(certPEM string) (*x509.Certificate, error)
- func X509CertToPEM(cert *x509.Certificate) string
Constants ¶
const ( //OUAdmin lets a client approve thing provisioning (postOOB), add and remove users // Provision API permissions: GetDirectory, ProvisionRequest, GetStatus, PostOOB OUAdmin = "admin" // OUNone is the default OU with no API access permissions OUNone = "" // OUUser for consumers with mutual authentication OUUser = "user" // OUIoTDevice for IoT devices with mutual authentication OUIoTDevice = "iotdevice" // OUService for Hub services with mutual authentication // By default, services have access to other services // Provision API permissions: Any OUService = "service" )
Certificate Organization Unit for client certificate based authorization
Variables ¶
This section is empty.
Functions ¶
func CreateECDSAKeys ¶
func CreateECDSAKeys() *ecdsa.PrivateKey
CreateECDSAKeys creates a asymmetric key set Clients save the private key locally, not to be shared with anyone and freely share
the public key. The keys are needed in client certificate creation.
Returns a private key that contains its associated public key
func LoadKeysFromPEM ¶
func LoadKeysFromPEM(pemPath string) (privateKey *ecdsa.PrivateKey, err error)
LoadKeysFromPEM loads ECDSA public/private key pair from PEM file
func LoadPublicKeyFromPEM ¶
LoadPublicKeyFromPEM loads ECDSA public key from file
func LoadTLSCertFromPEM ¶
func LoadTLSCertFromPEM(certPEMPath, keyPEMPath string) (cert *tls.Certificate, err error)
LoadTLSCertFromPEM loads the TLS certificate from PEM formatted file. TLS certificates are a container for both X509 certificate and private key.
Intended to load the certificate and key for servers, or for clients such as IoT devices that use client certificate authentication. The idprov service issues this type of certificate during IoT device provisioning.
This is simply a wrapper around tls.LoadX509KeyPair. See also SaveTLSCertToPEM.
If loading fails, this returns nil as certificate pointer
func LoadX509CertFromPEM ¶
func LoadX509CertFromPEM(pemPath string) (cert *x509.Certificate, err error)
LoadX509CertFromPEM loads the x509 certificate from a PEM file format.
Intended to load the CA certificate to validate server and broker.
pemPath is the full path to the X509 PEM file.
func PrivateKeyFromPEM ¶
func PrivateKeyFromPEM(pemEncodedKey string) (privateKey *ecdsa.PrivateKey, err error)
PrivateKeyFromPEM converts a PEM encoded private key into a ECDSA private key object Intended to decode the public key portion of a certificate. This can be used to encrypt messages to the certificate holder.
func PrivateKeyToPEM ¶
PrivateKeyToPEM converts the private/public key set to PEM formatted string. Returns error in case the private key is invalid
func PublicKeyFromCert ¶
func PublicKeyFromCert(cert *x509.Certificate) *ecdsa.PublicKey
PublicKeyFromCert extracts an ECDSA public key from x509 certificate Returns nil if certificate doesn't hold a ECDSA public key
func PublicKeyFromPEM ¶
PublicKeyFromPEM converts a PEM encoded public key into a ECDSA or RSA public key object Intended to decode the public key portion of a certificate. This can be used to encrypt messages to the certificate holder.
func PublicKeyToPEM ¶
PublicKeyToPEM converts a public key into PEM encoded format. Intended to send someone the public key in a transmissible format. See also PublicKeyFromPem for its counterpart
publicKey is the *rsa.PublicKey, *ecdsa.PublicKey or edd25519.PublicKey
func SaveKeysToPEM ¶
SaveKeysToPEM saves the private/public key set to file in PEM format. The file permissions are set to 0600, current user only, read-write permissions.
privateKey is the *rsa.PrivateKey, *ecdsa.PrivateKey, or *edd25519.PrivateKey Returns error in case the key is invalid or file cannot be written.
func SavePublicKeyToPEM ¶
SavePublicKeyToPEM saves the public key to file in PEM format. The file permissions are set to 0644, current user can write, rest can read.
publicKey is the *rsa.PublicKey, *ecdsa.PublicKey or edd25519.PublicKey Returns error in case the public key is invalid or file cannot be written.
func SaveTLSCertToPEM ¶
func SaveTLSCertToPEM(cert *tls.Certificate, certPEMPath, keyPEMPath string) error
SaveTLSCertToPEM saves the x509 certificate and private key to separate files in PEM format
Intended for saving a certificate received from provisioning or created for testing.
cert is the obtained TLS certificate whose parts to save certPEMPath the file to save the X509 certificate to in PEM format keyPEMPath the file to save the private key to in PEM format
func SaveX509CertToPEM ¶
func SaveX509CertToPEM(cert *x509.Certificate, pemPath string) error
SaveX509CertToPEM saves the x509 certificate to file in PEM format. Clients that receive a client certificate from provisioning can use this to save the provided certificate to file.
func X509CertFromPEM ¶
func X509CertFromPEM(certPEM string) (*x509.Certificate, error)
X509CertFromPEM converts a X509 certificate in PEM format to an X509 instance
func X509CertToPEM ¶
func X509CertToPEM(cert *x509.Certificate) string
X509CertToPEM converts the x509 certificate to PEM format
Types ¶
This section is empty.