x509util

package
v0.11.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Aug 28, 2020 License: Apache-2.0 Imports: 14 Imported by: 1

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func CertificateMatchesPrivateKey

func CertificateMatchesPrivateKey(certificate *x509.Certificate, privateKey crypto.PrivateKey) (bool, error)

func CertificateMatchesPublicKey

func CertificateMatchesPublicKey(certificate *x509.Certificate, publicKey crypto.PublicKey) (bool, error)

func CreateCertificate

func CreateCertificate(ctx context.Context, km keymanager.KeyManager, template, parent *x509.Certificate, parentKeyID string, publicKey crypto.PublicKey) (*x509.Certificate, error)

func DERFromCertificates

func DERFromCertificates(certs []*x509.Certificate) (derBytes []byte)

func GetSubjectKeyID

func GetSubjectKeyID(pubKey interface{}) ([]byte, error)

GetSubjectKeyID calculates a subject key identifier by doing a SHA-1 hash over the ASN.1 encoding of the public key.

func NewSerialNumber

func NewSerialNumber() (*big.Int, error)

NewSerialNumber creates a random certificate serial number according to CA/Browser forum spec Section 7.1:

"Effective September 30, 2016, CAs SHALL generate non-sequential Certificate serial numbers greater than
zero (0) containing at least 64 bits of output from a CSPRNG"

func RawCertsFromCertificates added in v0.10.1

func RawCertsFromCertificates(certs []*x509.Certificate) [][]byte

RawCertsFromCertificates parses ASN.1 DER data from given slice of X.509 Certificates

func RawCertsToCertificates added in v0.10.0

func RawCertsToCertificates(rawCerts [][]byte) ([]*x509.Certificate, error)

RawCertsToCertificates parses certificates from the given slice of ASN.1 DER data

func ValidateDNS added in v0.10.1

func ValidateDNS(dns string) error

ValidateDNS validates that provided string is a valid DNS name

Types

type Keypair

type Keypair interface {
	// GetCertificate returns the keypair certificate. It is called for each
	// signing request.
	GetCertificate(ctx context.Context) (*x509.Certificate, error)

	// CreateCertificate signs a certificate with the keypair.
	CreateCertificate(ctx context.Context, template *x509.Certificate, publicKey interface{}) (certDER []byte, err error)
}

type MemoryKeypair

type MemoryKeypair struct {
	// contains filtered or unexported fields
}

func NewMemoryKeypair

func NewMemoryKeypair(cert *x509.Certificate, key crypto.PrivateKey) *MemoryKeypair

func (*MemoryKeypair) CreateCertificate

func (m *MemoryKeypair) CreateCertificate(ctx context.Context, template *x509.Certificate, publicKey interface{}) ([]byte, error)

func (*MemoryKeypair) GetCertificate

func (m *MemoryKeypair) GetCertificate(ctx context.Context) (*x509.Certificate, error)

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL