xcert

package module
v1.0.5 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 12, 2022 License: GPL-3.0 Imports: 21 Imported by: 0

README

⚡ xcert

xcert is a easy way to manager x509 certificate

Installation

go get -u github.com/hkloudou/xcert

Quick Start self signed

os.MkdirAll("./test", 0744)
tmpl := xcert.Template(
    xcert.PkixName(pkix.Name{Organization: []string{"Acme Co"}}),
    xcert.KeyUsage(x509.KeyUsageKeyEncipherment|x509.KeyUsageDigitalSignature|x509.KeyUsageCertSign),
    xcert.ExtKeyUsage(x509.ExtKeyUsageServerAuth),
    xcert.Hosts("localhost", "test.yourdomain.com", "127.0.0.1"),
)
pem, key, err := xcert.GenerateEcdsaCert(tmpl)
if err != nil {
    panic(err)
}
ioutil.WriteFile("./test/self.pem", pem, 0644)
ioutil.WriteFile("./test/self.key", key, 0644)

Quick Start two way signed

os.MkdirAll("./test", 0744)
tmpl := xcert.Template(
    xcert.PkixName(pkix.Name{CommonName: "test"}),
    xcert.KeyUsage(x509.KeyUsageDigitalSignature|
        x509.KeyUsageKeyEncipherment|x509.KeyUsageCertSign|
        x509.KeyUsageCRLSign),
    xcert.ExtKeyUsage(x509.ExtKeyUsageAny),
)
pem, key, err := xcert.GenerateEcdsaCert(tmpl)
if err != nil {
    t.Fatal(err)
}
ioutil.WriteFile("./test/ca.pem", pem, 0644)
ioutil.WriteFile("./test/ca.key", key, 0644)
ca, caKey, err := xcert.ParseCertPair(pem, key)
pem, key, err = xcert.GenerateEcdsaCertWithParent(
    xcert.Template(
        xcert.PkixName(pkix.Name{CommonName: "server"}),
        xcert.Hosts("localhost", "127.0.0.1"),
        xcert.IsCa(false),
        xcert.ExtKeyUsage(x509.ExtKeyUsageServerAuth),
    ), ca, caKey)
if err != nil {
    t.Fatal(err)
}
ioutil.WriteFile("./test/server.pem", pem, 0644)
ioutil.WriteFile("./test/server.key", key, 0644)

pem, key, err = xcert.GenerateEcdsaCertWithParent(xcert.Template(
    xcert.PkixName(pkix.Name{CommonName: "client"}),
    xcert.IsCa(false),
    xcert.ExtKeyUsage(x509.ExtKeyUsageClientAuth),
), ca, caKey)
if err != nil {
    t.Fatal(err)
}
ioutil.WriteFile("./test/client.pem", pem, 0644)
ioutil.WriteFile("./test/client.key", key, 0644)

use it

cfg, err := xcert.ParseTlsConfig(nil, "./test/self.pem", "./test/self.key")
if err != nil {
    t.Fatal(err)
}
cfg, err = xcert.ParseTlsConfig("./test/ca.pem", "./test/server.pem", "./test/server.key")
if err != nil {
    t.Fatal(err)
}
tls.Listen("tcp", ":443", cfg)

Todolist

  • Auther interface

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func Expired 

func Expired(t time.Duration) tmplOption

func ExtKeyUsage 

func ExtKeyUsage(usgs ...x509.ExtKeyUsage) tmplOption

func GenerateEcdsaCert added in v1.0.2 

func GenerateEcdsaCert(tmpl x509.Certificate) ([]byte, []byte, error)

func GenerateEcdsaCertWithParent added in v1.0.2 

func GenerateEcdsaCertWithParent(tmpl x509.Certificate, parentCert *x509.Certificate, parentPriv any) ([]byte, []byte, error)

func Hosts 

func Hosts(hosts ...string) tmplOption

func IsCa 

func IsCa(b bool) tmplOption

func KeyUsage 

func KeyUsage(usg x509.KeyUsage) tmplOption

func NotBefore 

func NotBefore(t time.Duration) tmplOption

func ParseCertPair added in v1.0.3 

func ParseCertPair(certParame, keyParame interface{}) (*x509.Certificate, crypto.PrivateKey, error)

func ParsePrivateCert added in v1.0.3 

func ParsePrivateCert(cert interface{}) (crypto.PrivateKey, error)

Private Key

ReadPrivateCert []byte string *rsa.PrivateKey, *ecdsa.PrivateKey, ed25519.PrivateKey

func ParsePublicCert added in v1.0.3 

func ParsePublicCert(cert interface{}) ([][]byte, *x509.Certificate, error)

Public Key

ParsePublicCert []byte string *x509.Certificate

func ParseTlsConfig added in v1.0.4 

func ParseTlsConfig(caParame interface{}, certParame interface{}, keyParame interface{}) (*tls.Config, error)

func PkixName 

func PkixName(name pkix.Name) tmplOption

func Template 

func Template(opts ...tmplOption) x509.Certificate

Types

This section is empty.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.