Documentation

Index

Constants

View Source
const (
	// ECPrivateKeyBlockType is a possible value for pem.Block.Type.
	ECPrivateKeyBlockType = "EC PRIVATE KEY"
	// RSAPrivateKeyBlockType is a possible value for pem.Block.Type.
	RSAPrivateKeyBlockType = "RSA PRIVATE KEY"
	// PrivateKeyBlockType is a possible value for pem.Block.Type.
	PrivateKeyBlockType = "PRIVATE KEY"
	// PublicKeyBlockType is a possible value for pem.Block.Type.
	PublicKeyBlockType = "PUBLIC KEY"
	// CertificateBlockType is a possible value for pem.Block.Type.
	CertificateBlockType = "CERTIFICATE"
	// CertificateRequestBlockType is a possible value for pem.Block.Type.
	CertificateRequestBlockType = "CERTIFICATE REQUEST"
)

Variables

This section is empty.

Functions

func CanReadCertAndKey

func CanReadCertAndKey(certPath, keyPath string) (bool, error)

    CanReadCertAndKey returns true if the certificate and key files already exists, otherwise returns false. If lost one of cert and key, returns error.

    func CertsFromFile

    func CertsFromFile(file string) ([]*x509.Certificate, error)

      CertsFromFile returns the x509.Certificates contained in the given PEM-encoded file. Returns an error if the file could not be read, a certificate could not be parsed, or if the file does not contain any certificates

      func EncodeCertPEM

      func EncodeCertPEM(cert *x509.Certificate) []byte

        EncodeCertPEM returns PEM-endcoded certificate data

        func EncodePKCS8PrivateKeyPEM

        func EncodePKCS8PrivateKeyPEM(key *rsa.PrivateKey) ([]byte, error)

          EncodePKCS8PrivateKeyPEM returns PEM-encoded PKCS#8 private key data

          func EncodePrivateKeyPEM

          func EncodePrivateKeyPEM(key *rsa.PrivateKey) []byte

            EncodePrivateKeyPEM returns PEM-encoded private key data

            func EncodePublicKeyPEM

            func EncodePublicKeyPEM(key *rsa.PublicKey) ([]byte, error)

              EncodePublicKeyPEM returns PEM-encoded public data

              func FormatBytesCert

              func FormatBytesCert(cert []byte) (string, error)

                FormatBytesCert receives byte array certificate and formats in human-readable format

                func FormatCert

                func FormatCert(c *x509.Certificate) string

                  FormatCert receives certificate and formats in human-readable format

                  func GenerateSelfSignedCertKey

                  func GenerateSelfSignedCertKey(host string, alternateIPs []net.IP, alternateDNS []string) ([]byte, []byte, error)

                    GenerateSelfSignedCertKey creates a self-signed certificate and key for the given host. Host may be an IP or a DNS name You may also specify additional subject alt names (either ip or dns names) for the certificate.

                    func GenerateSelfSignedCertKeyWithFixtures

                    func GenerateSelfSignedCertKeyWithFixtures(host string, alternateIPs []net.IP, alternateDNS []string, fixtureDirectory string) ([]byte, []byte, error)

                      GenerateSelfSignedCertKeyWithFixtures creates a self-signed certificate and key for the given host. Host may be an IP or a DNS name. You may also specify additional subject alt names (either ip or dns names) for the certificate.

                      If fixtureDirectory is non-empty, it is a directory path which can contain pre-generated certs. The format is: <host>_<ip>-<ip>_<alternateDNS>-<alternateDNS>.crt <host>_<ip>-<ip>_<alternateDNS>-<alternateDNS>.key Certs/keys not existing in that directory are created.

                      func LoadOrGenerateKeyFile

                      func LoadOrGenerateKeyFile(keyPath string) (data []byte, wasGenerated bool, err error)

                        LoadOrGenerateKeyFile looks for a key in the file at the given path. If it can't find one, it will generate a new key and store it there.

                        func MakeCSR

                        func MakeCSR(privateKey interface{}, subject *pkix.Name, dnsSANs []string, ipSANs []net.IP) (csr []byte, err error)

                          MakeCSR generates a PEM-encoded CSR using the supplied private key, subject, and SANs. All key types that are implemented via crypto.Signer are supported (This includes *rsa.PrivateKey and *ecdsa.PrivateKey.)

                          func MakeCSRFromTemplate

                          func MakeCSRFromTemplate(privateKey interface{}, template *x509.CertificateRequest) ([]byte, error)

                            MakeCSRFromTemplate generates a PEM-encoded CSR using the supplied private key and certificate request as a template. All key types that are implemented via crypto.Signer are supported (This includes *rsa.PrivateKey and *ecdsa.PrivateKey.)

                            func MakeEllipticPrivateKeyPEM

                            func MakeEllipticPrivateKeyPEM() ([]byte, error)

                              MakeEllipticPrivateKeyPEM creates an ECDSA private key

                              func MarshalPrivateKeyToPEM

                              func MarshalPrivateKeyToPEM(privateKey crypto.PrivateKey) ([]byte, error)

                                MarshalPrivateKeyToPEM converts a known private key type of RSA or ECDSA to a PEM encoded block or returns an error.

                                func NewPool

                                func NewPool(filename string) (*x509.CertPool, error)

                                  NewPool returns an x509.CertPool containing the certificates in the given PEM-encoded file. Returns an error if the file could not be read, a certificate could not be parsed, or if the file does not contain any certificates

                                  func NewPrivateKey

                                  func NewPrivateKey() (*rsa.PrivateKey, error)

                                    NewPrivateKey creates an RSA private key

                                    func NewSelfSignedCACert

                                    func NewSelfSignedCACert(cfg Config, key crypto.Signer) (*x509.Certificate, error)

                                      NewSelfSignedCACert creates a CA certificate

                                      func NewSignedCert

                                      func NewSignedCert(cfg Config, key crypto.Signer, caCert *x509.Certificate, caKey crypto.Signer) (*x509.Certificate, error)

                                        NewSignedCert creates a signed certificate using the given CA certificate and key

                                        func ParseCertsPEM

                                        func ParseCertsPEM(pemCerts []byte) ([]*x509.Certificate, error)

                                          ParseCertsPEM returns the x509.Certificates contained in the given PEM-encoded byte array Returns an error if a certificate could not be parsed, or if the data does not contain any certificates

                                          func ParsePrivateKeyPEM

                                          func ParsePrivateKeyPEM(keyData []byte) (interface{}, error)

                                            ParsePrivateKeyPEM returns a private key parsed from a PEM block in the supplied data. Recognizes PEM blocks for "EC PRIVATE KEY", "RSA PRIVATE KEY", or "PRIVATE KEY"

                                            func ParsePublicKeysPEM

                                            func ParsePublicKeysPEM(keyData []byte) ([]interface{}, error)

                                              ParsePublicKeysPEM is a helper function for reading an array of rsa.PublicKey or ecdsa.PublicKey from a PEM-encoded byte array. Reads public keys from both public and private key files.

                                              func PrivateKeyFromFile

                                              func PrivateKeyFromFile(file string) (interface{}, error)

                                                PrivateKeyFromFile returns the private key in rsa.PrivateKey or ecdsa.PrivateKey format from a given PEM-encoded file. Returns an error if the file could not be read or if the private key could not be parsed.

                                                func PublicKeysFromFile

                                                func PublicKeysFromFile(file string) ([]interface{}, error)

                                                  PublicKeysFromFile returns the public keys in rsa.PublicKey or ecdsa.PublicKey format from a given PEM-encoded file. Reads public keys from both public and private key files.

                                                  func WriteCert

                                                  func WriteCert(certPath string, data []byte) error

                                                    WriteCert writes the pem-encoded certificate data to certPath. The certificate file will be created with file mode 0644. If the certificate file already exists, it will be overwritten. The parent directory of the certPath will be created as needed with file mode 0755.

                                                    func WriteKey

                                                    func WriteKey(keyPath string, data []byte) error

                                                      WriteKey writes the pem-encoded key data to keyPath. The key file will be created with file mode 0600. If the key file already exists, it will be overwritten. The parent directory of the keyPath will be created as needed with file mode 0755.

                                                      Types

                                                      type AltNames

                                                      type AltNames struct {
                                                      	DNSNames []string
                                                      	IPs      []net.IP
                                                      }

                                                        AltNames contains the domain names and IP addresses that will be added to the API Server's x509 certificate SubAltNames field. The values will be passed directly to the x509.Certificate object.

                                                        type Config

                                                        type Config struct {
                                                        	CommonName   string
                                                        	Organization []string
                                                        	AltNames     AltNames
                                                        	Usages       []x509.ExtKeyUsage
                                                        }

                                                          Config contains the basic fields required for creating a certificate

                                                          Directories

                                                          Path Synopsis