Documentation ¶
Index ¶
- func Active(cert *x509.Certificate) bool
- func GetClientCA(client kubernetes.Interface) (clientCA []byte, err error)
- func IsPopulated(secret *corev1.Secret) bool
- func PEMToCert(certPEM []byte) (*x509.Certificate, error)
- func VerifyCert(ca, cert *x509.Certificate, host string) error
- type Bundle
- type KeyPair
- type Serving
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func Active ¶
func Active(cert *x509.Certificate) bool
Active checks if the given cert is within its valid time window
func GetClientCA ¶
func GetClientCA(client kubernetes.Interface) (clientCA []byte, err error)
func IsPopulated ¶
IsPopulated returns true if the given Secret object contains the serving key and cert.
func PEMToCert ¶
func PEMToCert(certPEM []byte) (*x509.Certificate, error)
PEMToCert converts the PEM block of the given byte array to an x509 certificate
func VerifyCert ¶
func VerifyCert(ca, cert *x509.Certificate, host string) error
VerifyCert checks that the given cert is signed and trusted by the given CA
Types ¶
type Bundle ¶
Bundle encapsulates - PEM encoded serving private key and certificate - certificate of the self-signed CA that signed the serving cert.
func GenerateWithLocalhostServing ¶
func GenerateWithLocalhostServing(notAfter time.Time, organization string) (bundle *Bundle, err error)
GenerateWithLocalhostServing generates self-signed 'localhost' serving cert(s).
type KeyPair ¶
type KeyPair struct { Cert *x509.Certificate Priv *ecdsa.PrivateKey }
KeyPair stores an x509 certificate and its ECDSA private key
func CreateSignedServingPair ¶
func CreateSignedServingPair(notAfter time.Time, organization string, ca *KeyPair, hosts []string) (*KeyPair, error)
CreateSignedServingPair creates a serving cert/key pair signed by the given ca
func GenerateCA ¶
GenerateCA generates a self-signed CA cert/key pair that expires in expiresIn days