Documentation ¶
Index ¶
- func CertificateMatchesPrivateKey(certificate *x509.Certificate, privateKey crypto.PrivateKey) (bool, error)
- func CertificateMatchesPublicKey(certificate *x509.Certificate, publicKey crypto.PublicKey) (bool, error)
- func CreateCertificate(ctx context.Context, km keymanager.KeyManager, ...) (*x509.Certificate, error)
- func DERFromCertificates(certs []*x509.Certificate) (derBytes []byte)
- func GetSubjectKeyID(pubKey interface{}) ([]byte, error)
- func NewSerialNumber() (*big.Int, error)
- func RawCertsFromCertificates(certs []*x509.Certificate) [][]byte
- func RawCertsToCertificates(rawCerts [][]byte) ([]*x509.Certificate, error)
- func ValidateDNS(dns string) error
- type Keypair
- type MemoryKeypair
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func CertificateMatchesPrivateKey ¶
func CertificateMatchesPrivateKey(certificate *x509.Certificate, privateKey crypto.PrivateKey) (bool, error)
func CreateCertificate ¶
func CreateCertificate(ctx context.Context, km keymanager.KeyManager, template, parent *x509.Certificate, parentKeyID string, publicKey crypto.PublicKey) (*x509.Certificate, error)
func DERFromCertificates ¶
func DERFromCertificates(certs []*x509.Certificate) (derBytes []byte)
func GetSubjectKeyID ¶
GetSubjectKeyID calculates a subject key identifier by doing a SHA-1 hash over the ASN.1 encoding of the public key.
func NewSerialNumber ¶
NewSerialNumber creates a random certificate serial number according to CA/Browser forum spec Section 7.1:
"Effective September 30, 2016, CAs SHALL generate non-sequential Certificate serial numbers greater than zero (0) containing at least 64 bits of output from a CSPRNG"
func RawCertsFromCertificates ¶ added in v0.10.1
func RawCertsFromCertificates(certs []*x509.Certificate) [][]byte
RawCertsFromCertificates parses ASN.1 DER data from given slice of X.509 Certificates
func RawCertsToCertificates ¶ added in v0.10.0
func RawCertsToCertificates(rawCerts [][]byte) ([]*x509.Certificate, error)
RawCertsToCertificates parses certificates from the given slice of ASN.1 DER data
func ValidateDNS ¶ added in v0.10.1
ValidateDNS validates that provided string is a valid DNS name
Types ¶
type Keypair ¶
type Keypair interface { // GetCertificate returns the keypair certificate. It is called for each // signing request. GetCertificate(ctx context.Context) (*x509.Certificate, error) // CreateCertificate signs a certificate with the keypair. CreateCertificate(ctx context.Context, template *x509.Certificate, publicKey interface{}) (certDER []byte, err error) }
type MemoryKeypair ¶
type MemoryKeypair struct {
// contains filtered or unexported fields
}
func NewMemoryKeypair ¶
func NewMemoryKeypair(cert *x509.Certificate, key crypto.PrivateKey) *MemoryKeypair
func (*MemoryKeypair) CreateCertificate ¶
func (m *MemoryKeypair) CreateCertificate(ctx context.Context, template *x509.Certificate, publicKey interface{}) ([]byte, error)
func (*MemoryKeypair) GetCertificate ¶
func (m *MemoryKeypair) GetCertificate(ctx context.Context) (*x509.Certificate, error)
Click to show internal directories.
Click to hide internal directories.