Documentation

Overview

    Package certauthority implements a simple x509 certificate authority suitable for use in an aggregated API service.

    Index

    Constants

    This section is empty.

    Variables

    View Source
    var ErrInvalidCACertificate = fmt.Errorf("invalid CA certificate")

      ErrInvalidCACertificate is returned when the contents of the loaded CA certificate do not meet our assumptions.

      Functions

      func ToPEM

      func ToPEM(cert *tls.Certificate) ([]byte, []byte, error)

        Encode a tls.Certificate into a private key PEM and a cert chain PEM.

        Types

        type CA

        type CA struct {
        	// contains filtered or unexported fields
        }

          CA holds the state for a simple x509 certificate authority suitable for use in an aggregated API service.

          func Load

          func Load(certPEM string, keyPEM string) (*CA, error)

            Load a certificate authority from an existing certificate and private key (in PEM format).

            func New

            func New(subject pkix.Name, ttl time.Duration) (*CA, error)

              New generates a fresh certificate authority with the given subject and ttl.

              func (*CA) Bundle

              func (c *CA) Bundle() []byte

                Bundle returns the current CA signing bundle in concatenated PEM format.

                func (*CA) Issue

                func (c *CA) Issue(subject pkix.Name, dnsNames []string, ips []net.IP, ttl time.Duration) (*tls.Certificate, error)

                  Issue a new server certificate for the given identity and duration.

                  func (*CA) IssuePEM

                  func (c *CA) IssuePEM(subject pkix.Name, dnsNames []string, ttl time.Duration) ([]byte, []byte, error)

                    IssuePEM issues a new server certificate for the given identity and duration, returning it as a pair of PEM-formatted byte slices for the certificate and private key.

                    func (*CA) Pool

                    func (c *CA) Pool() *x509.CertPool

                      Pool returns the current CA signing bundle as a *x509.CertPool.

                      Source Files

                      Directories

                      Path Synopsis
                      Package dynamiccertauthority implements a x509 certificate authority capable of issuing certificates from a dynamically updating CA keypair.
                      Package dynamiccertauthority implements a x509 certificate authority capable of issuing certificates from a dynamically updating CA keypair.