Documentation
¶
Index ¶
- Variables
- func CreateCSR(subject pkix.Name, privKey crypto.PrivateKey) ([]byte, error)
- func DecodeCSR(csr []byte) (cr *x509.CertificateRequest, err error)
- func DecodeCert(cert []byte) (c *x509.Certificate, err error)
- func DecodePrivateKey(privKey []byte, f PasswordFunc) (crypto.PrivateKey, error)
- func DecryptPrivateKeyAsPem(privKey []byte, f PasswordFunc) ([]byte, error)
- func EncodeCSR(csr []byte) []byte
- func EncodeCert(cert []byte) []byte
- func EncodePrivateKey(privKey crypto.PrivateKey, f PasswordFunc) ([]byte, error)
- func GenerateCA(subject pkix.Name, f PasswordFunc) (cert, key []byte, err error)
- func GenerateECDSAPrivateKey() (*ecdsa.PrivateKey, error)
- type Option
- type PasswordFunc
- type Signer
- type SubjectValidateFunc
Constants ¶
This section is empty.
Variables ¶
var CNShouldBe = func(cn string) SubjectValidateFunc { return func(subject pkix.Name) error { if subject.CommonName != cn { return fmt.Errorf("expected CN %s got %s", cn, subject.CommonName) } return nil } }
CNShouldBe validates if CommonName of CSR is same as the passed CN
var CNShouldBeStar = func(cn string) SubjectValidateFunc { return func(subject pkix.Name) error { if subject.CommonName[0] != '*' && subject.CommonName != cn { return fmt.Errorf("expected CN %s got %s", cn, subject.CommonName) } sfx := subject.CommonName[1:] if !strings.HasSuffix(cn, sfx) { return fmt.Errorf("expected CN %s got %s", cn, subject.CommonName) } return nil } }
CNShouldBeStar validates if CommonName of CSR is same as the passed CN *.domain
var NoPassword = func() ([]byte, error) { return nil, nil }
NoPassword should be used when the private key need not be encrypted
var NoSubjectValidate = func(subject pkix.Name) error { return nil }
NoSubjectValidate ignores subject validation of CSR
Functions ¶
func DecodeCSR ¶
func DecodeCSR(csr []byte) (cr *x509.CertificateRequest, err error)
DecodeCSR decodes PEM encoded CSR
func DecodeCert ¶
func DecodeCert(cert []byte) (c *x509.Certificate, err error)
DecodeCert decodes PEM encoded cert
func DecodePrivateKey ¶
func DecodePrivateKey(privKey []byte, f PasswordFunc) (crypto.PrivateKey, error)
DecodePrivateKey decodes PEM encoded private key when PasswordFunc is provied private key is decrypted with password
func DecryptPrivateKeyAsPem ¶
func DecryptPrivateKeyAsPem(privKey []byte, f PasswordFunc) ([]byte, error)
DecryptPrivateKeyAsPem returns a decrypted private key in PEM encoding
func EncodeCert ¶
EncodeCert encodes the DER encoded cert to PEM
func EncodePrivateKey ¶
func EncodePrivateKey(privKey crypto.PrivateKey, f PasswordFunc) ([]byte, error)
EncodePrivateKey PEM encodes private key when password is not empty private key is encrypted with password
func GenerateCA ¶
func GenerateCA(subject pkix.Name, f PasswordFunc) (cert, key []byte, err error)
GenerateCA Generates PEM encoded CA Certificate and Private key PasswordFunc should return non zero value to encrypt the PEM encoded private key
func GenerateECDSAPrivateKey ¶
func GenerateECDSAPrivateKey() (*ecdsa.PrivateKey, error)
GenerateECDSAPrivateKey generates new ECDSA private key
Types ¶
type Option ¶
type Option func(*options)
Option is the functional arg for setting options
func WithAltName ¶
WithAltName adds subject alt name to the signed certificate
func WithCAKeyDecrypt ¶
func WithCAKeyDecrypt(pf PasswordFunc) Option
WithCAKeyDecrypt passes the password function to decrypt ca key
func WithCSRSubjectValidate ¶
func WithCSRSubjectValidate(svf SubjectValidateFunc) Option
WithCSRSubjectValidate is used to validate subject of CSR
func WithCertValidity ¶
WithCertValidity makes the issued certificate expire after the duration
func WithIPAddress ¶
WithIPAddress adds ip address to the signed certificate
type PasswordFunc ¶
PasswordFunc is the signature for passing password while PEM encoding/decoding private keys
type SubjectValidateFunc ¶
SubjectValidateFunc validates the subject of CSR before signing the request
Source Files