mtls

package

v0.0.15 Latest Latest Go to latest Published: Oct 25, 2023 License: Apache-2.0 Imports: 16 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/ctrliq/beskar

Links

Open Source Insights

Documentation ¶

Index ¶

func ClientConfig(caCert, cert, key io.Reader) (*tls.Config, error)
func GenerateCA(cn string, validity time.Time, keyAlg KeyAlg) ([]byte, []byte, error)
func GenerateClientConfig(caCertReader, caKeyReader io.ReadSeeker, validity time.Time, ...) (*tls.Config, error)
func GenerateClientConfigFromFile(caCertFile, caKeyFile string, validity time.Time, ...) (*tls.Config, error)
func GenerateKeyPair(cfg *CertRequestConfig) ([]byte, []byte, error)
func GenerateServerConfig(caCertReader, caKeyReader io.ReadSeeker, validity time.Time, ...) (*tls.Config, error)
func GenerateServerConfigFromFile(caCertFile, caKeyFile string, validity time.Time, ...) (*tls.Config, error)
func LoadCACertificate(caCert, caKey io.Reader) (tls.Certificate, error)
func MarshalCAPEM(cp *CAPEM) ([]byte, error)
func ServerConfig(caCert, cert, key io.Reader) (*tls.Config, error)
type CAPEM
- func UnmarshalCAPEM(b []byte) (*CAPEM, error)
type CertRequestConfig
type CertRequestOption
- func WithCertRequestHostnames(hostnames ...string) CertRequestOption
- func WithCertRequestIPs(ips ...net.IP) CertRequestOption
type KeyAlg

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func ClientConfig ¶

func ClientConfig(caCert, cert, key io.Reader) (*tls.Config, error)

ClientConfig returns a mTLS configuration for a client with the provided certificate and key.

func GenerateCA ¶

func GenerateCA(cn string, validity time.Time, keyAlg KeyAlg) ([]byte, []byte, error)

GenerateCA generates a CA certificate pair for a validity period with the corresponding key algorithm (RSA or ECDSA).

func GenerateClientConfig ¶

func GenerateClientConfig(caCertReader, caKeyReader io.ReadSeeker, validity time.Time, certOpts ...CertRequestOption) (*tls.Config, error)

GenerateClientConfig generates new client mTLS certificate based on the provided CA certificate/key for a validity period.

func GenerateClientConfigFromFile ¶

func GenerateClientConfigFromFile(caCertFile, caKeyFile string, validity time.Time, certOpts ...CertRequestOption) (*tls.Config, error)

GenerateClientConfigFromFile generates new client mTLS certificate based on the provided CA certificate/key for a validity period.

func GenerateKeyPair ¶

func GenerateKeyPair(cfg *CertRequestConfig) ([]byte, []byte, error)

GenerateKeyPair generates a certificate pair for a valid period and returns them in PEM byte format. the requested configuration must at least provide a CN and a validity period. By default a RSA key is generated if KeyAlg is not specified by the request, if the CA keys are provided it uses the key algorithm of the CA.

func GenerateServerConfig ¶

func GenerateServerConfig(caCertReader, caKeyReader io.ReadSeeker, validity time.Time, certOpts ...CertRequestOption) (*tls.Config, error)

GenerateServerConfig generates new server mTLS certificate based on the provided CA certificate/key for a validity period.

func GenerateServerConfigFromFile ¶

func GenerateServerConfigFromFile(caCertFile, caKeyFile string, validity time.Time, certOpts ...CertRequestOption) (*tls.Config, error)

GenerateServerConfigFromFile generates new server mTLS certificate based on the provided CA certificate/key for a validity period.

func LoadCACertificate ¶

func LoadCACertificate(caCert, caKey io.Reader) (tls.Certificate, error)

LoadCACertificate loads CA certificate and key

func MarshalCAPEM ¶

func MarshalCAPEM(cp *CAPEM) ([]byte, error)

MarshalCAPEM encodes a CAPEM instance and returns bytes.

func ServerConfig ¶

func ServerConfig(caCert, cert, key io.Reader) (*tls.Config, error)

ServerConfig returns a mTLS configuration for a server with the provided certificate and key.

Types ¶

type CAPEM ¶

type CAPEM struct {
	Cert []byte `json:"cert"`
	Key  []byte `json:"key"`
}

CAPEM defines CA certificate and key in PEM format.

func UnmarshalCAPEM ¶

func UnmarshalCAPEM(b []byte) (*CAPEM, error)

UnmarshalCAPEM decodes a byte encoded CAPEM and returns an instance of it.

type CertRequestConfig ¶

type CertRequestConfig struct {
	CN       string
	Validity time.Time
	IP       []net.IP
	DNS      []string
	CA       *tls.Certificate
	KeyAlg   KeyAlg
}

CertRequestConfig holds certificate creation configuration.

type CertRequestOption ¶

type CertRequestOption func(crc *CertRequestConfig)

CertRequestOption represents a certificate request option.

func WithCertRequestHostnames ¶

func WithCertRequestHostnames(hostnames ...string) CertRequestOption

WithCertRequestIPs specifies additional hostnames to add with the certificate request.

func WithCertRequestIPs ¶

func WithCertRequestIPs(ips ...net.IP) CertRequestOption

WithCertRequestIPs specifies additional IP address to add with the certificate request.

type KeyAlg ¶

type KeyAlg uint8

const (
	RSAKey KeyAlg = iota
	ECDSAKey
)

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL