Documentation
¶
Index ¶
- Variables
- func Claims(cert *x509.Certificate) (claims []*models.Claim, err error)
- func Grantor(cert *x509.Certificate) (grantor string, err error)
- func Load(keyReader, certReader io.Reader) (*tls.Certificate, error)
- func MakeAndSign(template *x509.Certificate, gen KeyGenerator, signer *tls.Certificate) (*tls.Certificate, error)
- func Principal(cert *x509.Certificate) (principal string, err error)
- func Roles(cert *x509.Certificate) (roles []string, err error)
- func Save(cert *tls.Certificate, keyWriter, certWriter io.Writer) error
- func SetExtraClaims(template *x509.Certificate, claims []*models.Claim) error
- func SetExtraRoles(template *x509.Certificate, roles ...string) error
- func SetGrantor(template *x509.Certificate, grantor string) error
- func SetPrincipal(template *x509.Certificate, principal string) error
- type KeyGenerator
- type PrivateKey
- type PublicKey
Constants ¶
This section is empty.
Variables ¶
var ( CertClaimsOid = asn1.ObjectIdentifier{1, 3, 6, 1, 4, 1, 59257, 1, 1} CertRolesOid = asn1.ObjectIdentifier{1, 3, 6, 1, 4, 1, 59257, 1, 2} CertPrincipalOid = asn1.ObjectIdentifier{1, 3, 6, 1, 4, 1, 59257, 1, 3} CertGrantorOid = asn1.ObjectIdentifier{1, 3, 6, 1, 4, 1, 59257, 1, 4} )
Functions ¶
func Load ¶
func Load(keyReader, certReader io.Reader) (*tls.Certificate, error)
Load loads a TLS certificate in PEM format from the passed-in-readers. keyReader is read in its entirety, and then certReader is read in its entirety if it is not nil and not equal to keyReader. The TLS certificate is extracted from the combined data. Leaf will be set if no errors occurred.
func MakeAndSign ¶
func MakeAndSign(template *x509.Certificate, gen KeyGenerator, signer *tls.Certificate) (*tls.Certificate, error)
MakeAndSign creates a new TLS certificate that is signed by signer. If signer is nil, the resulting certificate will be self-signed.
func Save ¶
func Save(cert *tls.Certificate, keyWriter, certWriter io.Writer) error
Save saves a TLS certificate to the passed-in writers. The key is written in PEM format to keyWriter, and then the certificates are written in PEM format to certWriter.
func SetExtraClaims ¶
func SetExtraClaims(template *x509.Certificate, claims []*models.Claim) error
func SetExtraRoles ¶
func SetExtraRoles(template *x509.Certificate, roles ...string) error
func SetGrantor ¶
func SetGrantor(template *x509.Certificate, grantor string) error
func SetPrincipal ¶
func SetPrincipal(template *x509.Certificate, principal string) error
Types ¶
type KeyGenerator ¶
type KeyGenerator func() (PublicKey, PrivateKey, error)
KeyGenerator is the signature that any function we use to generate a keypair to be used in creating a cert and key pair must adhere to.
func ECDSA ¶
func ECDSA(curve elliptic.Curve) KeyGenerator
ECDSA generates an elliptic curve public and private key using the specified curve.
func RSA ¶
func RSA(bits int) KeyGenerator
RSA generates an RSA public and private key with the specified number of bits.
type PrivateKey ¶
type PrivateKey interface {
crypto.Signer
Equal(x crypto.PrivateKey) bool
}
PrivateKey is the interface that all certificate private keys must adhere to. All our private keys must be crypto.Signers and must have an Equal method.
Source Files