Documentation
¶
Index ¶
- Constants
- Variables
- func DecodeCertificatePEM(data []byte) (*x509.Certificate, error)
- func DecodeCertificatesPEM(data []byte) ([]*x509.Certificate, error)
- func DecodePrivateKeyPEM(data []byte) (*rsa.PrivateKey, error)
- func EncodeCertificatePEM(cert *x509.Certificate) []byte
- func EncodePrivateKeyPEM(key *rsa.PrivateKey) []byte
- func IsCertificatePEM(data []byte) bool
- func NewCA(caDurationDays int, CommonName string) (*rsa.PrivateKey, *x509.Certificate, error)
- func NewPrivateKey() (*rsa.PrivateKey, error)
- func NewSelfSignedCACertificate(cfg CACertConfig, key *rsa.PrivateKey) (*x509.Certificate, error)
- func NewSignedClientCertificate(cfg ClientCertConfig, key *rsa.PrivateKey, caCert *x509.Certificate, ...) (*x509.Certificate, error)
- func NewSignedServerCertificate(cfg ServerCertConfig, key *rsa.PrivateKey, caCert *x509.Certificate, ...) (*x509.Certificate, error)
- type CACertConfig
- type Certificate
- type Certificates
- type ClientCertConfig
- type DN
- type KeyPair
- type PKI
- type ServerCertConfig
Constants ¶
View Source
const (
RSAKeySize = 2048
)
Variables ¶
View Source
var (
Duration365d = time.Hour * 24 * 365
)
View Source
var ValidityFormat = "Jan _2 15:04:05 2006 MST"
format for NotBefore and NotAfter fields to make output similar to openssl
Functions ¶
func DecodeCertificatePEM ¶
func DecodeCertificatePEM(data []byte) (*x509.Certificate, error)
func DecodeCertificatesPEM ¶
func DecodeCertificatesPEM(data []byte) ([]*x509.Certificate, error)
func DecodePrivateKeyPEM ¶
func DecodePrivateKeyPEM(data []byte) (*rsa.PrivateKey, error)
func EncodeCertificatePEM ¶
func EncodeCertificatePEM(cert *x509.Certificate) []byte
func EncodePrivateKeyPEM ¶
func EncodePrivateKeyPEM(key *rsa.PrivateKey) []byte
func IsCertificatePEM ¶
func NewCA ¶
func NewCA(caDurationDays int, CommonName string) (*rsa.PrivateKey, *x509.Certificate, error)
func NewPrivateKey ¶
func NewPrivateKey() (*rsa.PrivateKey, error)
func NewSelfSignedCACertificate ¶
func NewSelfSignedCACertificate(cfg CACertConfig, key *rsa.PrivateKey) (*x509.Certificate, error)
func NewSignedClientCertificate ¶
func NewSignedClientCertificate(cfg ClientCertConfig, key *rsa.PrivateKey, caCert *x509.Certificate, caKey *rsa.PrivateKey) (*x509.Certificate, error)
func NewSignedServerCertificate ¶
func NewSignedServerCertificate(cfg ServerCertConfig, key *rsa.PrivateKey, caCert *x509.Certificate, caKey *rsa.PrivateKey) (*x509.Certificate, error)
Types ¶
type CACertConfig ¶
type Certificate ¶
type Certificate struct {
Issuer DN
NotBefore time.Time
NotAfter time.Time
Subject DN
DNSNames []string
IPAddresses []net.IP
}
func (Certificate) ContainsDNSName ¶
func (c Certificate) ContainsDNSName(name string) bool
func (Certificate) ContainsIPAddress ¶
func (c Certificate) ContainsIPAddress(ip net.IP) bool
func (Certificate) IsExpired ¶
func (c Certificate) IsExpired() bool
func (Certificate) String ¶
func (c Certificate) String() string
type Certificates ¶
type Certificates []Certificate
func CertificatesFromBytes ¶
func CertificatesFromBytes(data []byte) (Certificates, error)
converts raw certificate bytes to certificate, if the supplied data is cert bundle (or chain) all the certificates will be returned
func (Certificates) GetBySubjectCommonNamePattern ¶
func (cs Certificates) GetBySubjectCommonNamePattern(subjectCNMatch string) (cert Certificate, ok bool)
returns certificate that matches subject CN match regex (Subject.CommonName), if the certificate cannot be found, second returned value will be false
type ClientCertConfig ¶
type KeyPair ¶
type KeyPair struct {
Key *rsa.PrivateKey
Cert *x509.Certificate
// contains filtered or unexported fields
}
KeyPair is the TLS public certificate PEM file and its associated private key PEM file that is used by kube-aws and its plugins
func KeyPairFromPEMs ¶ added in v0.15.0
Source Files
Click to show internal directories.
Click to hide internal directories.