pki

package
v1.28.7 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jul 19, 2024 License: Apache-2.0 Imports: 24 Imported by: 288

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var DefaultPrivateKeySize = 2048

DefaultPrivateKeySize is the key size to use when generating private keys It can be overridden by the KOPS_RSA_PRIVATE_KEY_SIZE env var, or by tests (as generating RSA keys can be a bottleneck for testing)

Functions

func BuildPKISerial 

func BuildPKISerial(timestamp int64) *big.Int

BuildPKISerial produces a serial number for certs that is vanishingly unlikely to collide The timestamp should be provided as an input (time.Now().UnixNano()), and then we combine that with a 32 bit random crypto-rand integer. We also know that a bigger value was created later (modulo clock skew)

func BuildTypeDescription added in v1.19.0 

func BuildTypeDescription(cert *x509.Certificate) string

BuildTypeDescription extracts the type based on the certificate extensions

func ComputeAWSKeyFingerprint 

func ComputeAWSKeyFingerprint(publicKey string) (string, error)

ComputeAWSKeyFingerprint computes the AWS-specific fingerprint of the SSH public key

func ComputeOpenSSHKeyFingerprint 

func ComputeOpenSSHKeyFingerprint(publicKey string) (string, error)

ComputeOpenSSHKeyFingerprint computes the OpenSSH fingerprint of the SSH public key

func IssueCert added in v1.19.0 

func IssueCert(ctx context.Context, request *IssueCertRequest, keystore Keystore) (issuedCertificate *Certificate, issuedKey *PrivateKey, caCertificate *Certificate, err error)

IssueCert issues a certificate, either a self-signed CA or from a CA in a keystore.

func PkixNameToString added in v1.19.0 

func PkixNameToString(name *pkix.Name) string

Types

type Certificate 

type Certificate struct {
	Subject pkix.Name
	IsCA    bool

	Certificate *x509.Certificate
	PublicKey   crypto.PublicKey
}

func ParsePEMCertificate 

func ParsePEMCertificate(pemData []byte) (*Certificate, error)

func (*Certificate) AsBytes 

func (c *Certificate) AsBytes() ([]byte, error)

func (*Certificate) AsString 

func (c *Certificate) AsString() (string, error)

func (*Certificate) MarshalJSON 

func (c *Certificate) MarshalJSON() ([]byte, error)

func (*Certificate) UnmarshalJSON 

func (c *Certificate) UnmarshalJSON(b []byte) error

func (*Certificate) WriteTo 

func (c *Certificate) WriteTo(w io.Writer) (int64, error)

func (*Certificate) WriteToFile added in v1.18.0 

func (c *Certificate) WriteToFile(filename string, perm os.FileMode) error

type IssueCertRequest added in v1.19.0 

type IssueCertRequest struct {
	// Signer is the keypair to use to sign. Ignored if Type is "CA", in which case the cert will be self-signed.
	Signer string
	// Type is the type of certificate i.e. CA, server, client etc.
	Type string
	// Subject is the certificate subject.
	Subject pkix.Name
	// AlternateNames is a list of alternative names for this certificate.
	AlternateNames []string

	// PublicKey is the public key for this certificate. If nil, it will be calculated from PrivateKey.
	PublicKey crypto.PublicKey
	// PrivateKey is the private key for this certificate. If both this and PublicKey are nil, a new private key will be generated.
	PrivateKey *PrivateKey
	// Validity is the certificate validity. The default is 10 years.
	Validity time.Duration

	// Serial is the certificate serial number. If nil, a random number will be generated.
	Serial *big.Int
}

type Keystore added in v1.19.0 

type Keystore interface {
	// FindPrimaryKeypair finds a cert & private key, returning nil where either is not found
	// (if the certificate is found but not keypair, that is not an error: only the cert will be returned).
	// Also note that if the keypair is not found at all, this returns (nil, nil, nil)
	FindPrimaryKeypair(ctx context.Context, name string) (*Certificate, *PrivateKey, error)
}

type PrivateKey 

type PrivateKey struct {
	Key crypto.Signer
}

func GeneratePrivateKey 

func GeneratePrivateKey() (*PrivateKey, error)

func ParsePEMPrivateKey 

func ParsePEMPrivateKey(data []byte) (*PrivateKey, error)

func (*PrivateKey) AsBytes 

func (k *PrivateKey) AsBytes() ([]byte, error)

func (*PrivateKey) AsString 

func (k *PrivateKey) AsString() (string, error)

func (*PrivateKey) MarshalJSON 

func (k *PrivateKey) MarshalJSON() ([]byte, error)

func (*PrivateKey) UnmarshalJSON 

func (k *PrivateKey) UnmarshalJSON(b []byte) (err error)

func (*PrivateKey) WriteTo 

func (k *PrivateKey) WriteTo(w io.Writer) (int64, error)

func (*PrivateKey) WriteToFile added in v1.18.0 

func (k *PrivateKey) WriteToFile(filename string, perm os.FileMode) error

type PublicKey added in v1.24.0 

type PublicKey struct {
	Key crypto.PublicKey
}

func ParsePEMPublicKey added in v1.24.0 

func ParsePEMPublicKey(data []byte) (*PublicKey, error)

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.