cert

package module

v1.6.0 Latest Latest Go to latest Published: Feb 29, 2024 License: Apache-2.0 Imports: 21 Imported by: 39

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/gomodules/cert

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
func CanReadCertAndKey(certPath, keyPath string) (bool, error)
func CertsFromFile(file string) ([]*x509.Certificate, error)
func EncodeCertPEM(cert *x509.Certificate) []byte
func EncodePKCS8PrivateKeyPEM(key *rsa.PrivateKey) ([]byte, error)
func EncodePrivateKeyPEM(key *rsa.PrivateKey) []byte
func EncodePublicKeyPEM(key *rsa.PublicKey) ([]byte, error)
func FormatBytesCert(cert []byte) (string, error)
func FormatCert(c *x509.Certificate) string
func GenerateSelfSignedCertKey(host string, alternateIPs []net.IP, alternateDNS []string) ([]byte, []byte, error)
func GenerateSelfSignedCertKeyWithFixtures(host string, alternateIPs []net.IP, alternateDNS []string, ...) ([]byte, []byte, error)
func LoadOrGenerateKeyFile(keyPath string) (data []byte, wasGenerated bool, err error)
func MakeCSR(privateKey interface{}, subject *pkix.Name, dnsSANs []string, ipSANs []net.IP) (csr []byte, err error)
func MakeCSRFromTemplate(privateKey interface{}, template *x509.CertificateRequest) ([]byte, error)
func MakeEllipticPrivateKeyPEM() ([]byte, error)
func MarshalPrivateKeyToPEM(privateKey crypto.PrivateKey) ([]byte, error)
func NewPool(filename string) (*x509.CertPool, error)
func NewPrivateKey() (*rsa.PrivateKey, error)
func NewSelfSignedCACert(cfg Config, key crypto.Signer) (*x509.Certificate, error)
func NewSignedCert(cfg Config, key crypto.Signer, caCert *x509.Certificate, caKey crypto.Signer) (*x509.Certificate, error)
func ParseCertsPEM(pemCerts []byte) ([]*x509.Certificate, error)
func ParsePrivateKeyPEM(keyData []byte) (interface{}, error)
func ParsePublicKeysPEM(keyData []byte) ([]interface{}, error)
func ParseRootCAs(rest []byte) ([]*x509.Certificate, []*x509.Certificate, error)
func PrivateKeyFromFile(file string) (interface{}, error)
func PublicKeysFromFile(file string) ([]interface{}, error)
func ToX509CombinedKeyPair(cert *tls.Certificate) ([]byte, error)
func ToX509KeyPair(cert *tls.Certificate) (certPEMBlock, keyPEMBlock []byte, err error)
func WriteCert(certPath string, data []byte) error
func WriteKey(keyPath string, data []byte) error
type AltNames
type Config
- func (cfg Config) GetDuration() time.Duration

Constants ¶

View Source

const (
	// ECPrivateKeyBlockType is a possible value for pem.Block.Type.
	ECPrivateKeyBlockType = "EC PRIVATE KEY"
	// RSAPrivateKeyBlockType is a possible value for pem.Block.Type.
	RSAPrivateKeyBlockType = "RSA PRIVATE KEY"
	// PrivateKeyBlockType is a possible value for pem.Block.Type.
	PrivateKeyBlockType = "PRIVATE KEY"
	// PublicKeyBlockType is a possible value for pem.Block.Type.
	PublicKeyBlockType = "PUBLIC KEY"
	// CertificateBlockType is a possible value for pem.Block.Type.
	CertificateBlockType = "CERTIFICATE"
	// CertificateRequestBlockType is a possible value for pem.Block.Type.
	CertificateRequestBlockType = "CERTIFICATE REQUEST"
)

Variables ¶

This section is empty.

Functions ¶

func CanReadCertAndKey ¶

func CanReadCertAndKey(certPath, keyPath string) (bool, error)

CanReadCertAndKey returns true if the certificate and key files already exists, otherwise returns false. If lost one of cert and key, returns error.

func CertsFromFile ¶

func CertsFromFile(file string) ([]*x509.Certificate, error)

CertsFromFile returns the x509.Certificates contained in the given PEM-encoded file. Returns an error if the file could not be read, a certificate could not be parsed, or if the file does not contain any certificates

func EncodeCertPEM ¶

func EncodeCertPEM(cert *x509.Certificate) []byte

EncodeCertPEM returns PEM-endcoded certificate data

func EncodePKCS8PrivateKeyPEM ¶ added in v1.1.0

func EncodePKCS8PrivateKeyPEM(key *rsa.PrivateKey) ([]byte, error)

EncodePKCS8PrivateKeyPEM returns PEM-encoded PKCS#8 private key data

func EncodePrivateKeyPEM ¶

func EncodePrivateKeyPEM(key *rsa.PrivateKey) []byte

EncodePrivateKeyPEM returns PEM-encoded private key data

func EncodePublicKeyPEM ¶

func EncodePublicKeyPEM(key *rsa.PublicKey) ([]byte, error)

EncodePublicKeyPEM returns PEM-encoded public data

func FormatBytesCert ¶

func FormatBytesCert(cert []byte) (string, error)

FormatBytesCert receives byte array certificate and formats in human-readable format

func FormatCert ¶

func FormatCert(c *x509.Certificate) string

FormatCert receives certificate and formats in human-readable format

func GenerateSelfSignedCertKey ¶

func GenerateSelfSignedCertKey(host string, alternateIPs []net.IP, alternateDNS []string) ([]byte, []byte, error)

GenerateSelfSignedCertKey creates a self-signed certificate and key for the given host. Host may be an IP or a DNS name You may also specify additional subject alt names (either ip or dns names) for the certificate.

func GenerateSelfSignedCertKeyWithFixtures ¶

func GenerateSelfSignedCertKeyWithFixtures(host string, alternateIPs []net.IP, alternateDNS []string, fixtureDirectory string) ([]byte, []byte, error)

GenerateSelfSignedCertKeyWithFixtures creates a self-signed certificate and key for the given host. Host may be an IP or a DNS name. You may also specify additional subject alt names (either ip or dns names) for the certificate.

If fixtureDirectory is non-empty, it is a directory path which can contain pre-generated certs. The format is: <host>_<ip>-<ip>_<alternateDNS>-<alternateDNS>.crt <host>_<ip>-<ip>_<alternateDNS>-<alternateDNS>.key Certs/keys not existing in that directory are created.

func LoadOrGenerateKeyFile ¶

func LoadOrGenerateKeyFile(keyPath string) (data []byte, wasGenerated bool, err error)

LoadOrGenerateKeyFile looks for a key in the file at the given path. If it can't find one, it will generate a new key and store it there.

func MakeCSR ¶

func MakeCSR(privateKey interface{}, subject *pkix.Name, dnsSANs []string, ipSANs []net.IP) (csr []byte, err error)

MakeCSR generates a PEM-encoded CSR using the supplied private key, subject, and SANs. All key types that are implemented via crypto.Signer are supported (This includes *rsa.PrivateKey and *ecdsa.PrivateKey.)

func MakeCSRFromTemplate ¶

func MakeCSRFromTemplate(privateKey interface{}, template *x509.CertificateRequest) ([]byte, error)

MakeCSRFromTemplate generates a PEM-encoded CSR using the supplied private key and certificate request as a template. All key types that are implemented via crypto.Signer are supported (This includes *rsa.PrivateKey and *ecdsa.PrivateKey.)

func MakeEllipticPrivateKeyPEM ¶

func MakeEllipticPrivateKeyPEM() ([]byte, error)

MakeEllipticPrivateKeyPEM creates an ECDSA private key

func MarshalPrivateKeyToPEM ¶

func MarshalPrivateKeyToPEM(privateKey crypto.PrivateKey) ([]byte, error)

MarshalPrivateKeyToPEM converts a known private key type of RSA or ECDSA to a PEM encoded block or returns an error.

func NewPool ¶

func NewPool(filename string) (*x509.CertPool, error)

NewPool returns an x509.CertPool containing the certificates in the given PEM-encoded file. Returns an error if the file could not be read, a certificate could not be parsed, or if the file does not contain any certificates

func NewPrivateKey ¶

func NewPrivateKey() (*rsa.PrivateKey, error)

NewPrivateKey creates an RSA private key

func NewSelfSignedCACert ¶

func NewSelfSignedCACert(cfg Config, key crypto.Signer) (*x509.Certificate, error)

NewSelfSignedCACert creates a CA certificate

func NewSignedCert ¶

func NewSignedCert(cfg Config, key crypto.Signer, caCert *x509.Certificate, caKey crypto.Signer) (*x509.Certificate, error)

NewSignedCert creates a signed certificate using the given CA certificate and key

func ParseCertsPEM ¶

func ParseCertsPEM(pemCerts []byte) ([]*x509.Certificate, error)

ParseCertsPEM returns the x509.Certificates contained in the given PEM-encoded byte array Returns an error if a certificate could not be parsed, or if the data does not contain any certificates

func ParsePrivateKeyPEM ¶

func ParsePrivateKeyPEM(keyData []byte) (interface{}, error)

ParsePrivateKeyPEM returns a private key parsed from a PEM block in the supplied data. Recognizes PEM blocks for "EC PRIVATE KEY", "RSA PRIVATE KEY", or "PRIVATE KEY"

func ParsePublicKeysPEM ¶

func ParsePublicKeysPEM(keyData []byte) ([]interface{}, error)

ParsePublicKeysPEM is a helper function for reading an array of rsa.PublicKey or ecdsa.PublicKey from a PEM-encoded byte array. Reads public keys from both public and private key files.

func ParseRootCAs ¶ added in v1.4.0

func ParseRootCAs(rest []byte) ([]*x509.Certificate, []*x509.Certificate, error)

ParseRootCAs returns a list of self-signed root CA x509.Certificates and non-root x509.Certificates contained in the given PEM-encoded byte array Returns an error if a certificate could not be parsed For self-signed certs, the Issuer and Subject fields are equal. For a self-signed certificate the Authority Key Identifier will either be absent or have the same value as the Subject Key Identifier. See also: https://security.stackexchange.com/a/162263

func PrivateKeyFromFile ¶

func PrivateKeyFromFile(file string) (interface{}, error)

PrivateKeyFromFile returns the private key in rsa.PrivateKey or ecdsa.PrivateKey format from a given PEM-encoded file. Returns an error if the file could not be read or if the private key could not be parsed.

func PublicKeysFromFile ¶

func PublicKeysFromFile(file string) ([]interface{}, error)

PublicKeysFromFile returns the public keys in rsa.PublicKey or ecdsa.PublicKey format from a given PEM-encoded file. Reads public keys from both public and private key files.

func ToX509CombinedKeyPair ¶ added in v1.3.0

func ToX509CombinedKeyPair(cert *tls.Certificate) ([]byte, error)

func ToX509KeyPair ¶ added in v1.3.0

func ToX509KeyPair(cert *tls.Certificate) (certPEMBlock, keyPEMBlock []byte, err error)

func WriteCert ¶

func WriteCert(certPath string, data []byte) error

WriteCert writes the pem-encoded certificate data to certPath. The certificate file will be created with file mode 0644. If the certificate file already exists, it will be overwritten. The parent directory of the certPath will be created as needed with file mode 0755.

func WriteKey ¶

func WriteKey(keyPath string, data []byte) error

WriteKey writes the pem-encoded key data to keyPath. The key file will be created with file mode 0600. If the key file already exists, it will be overwritten. The parent directory of the keyPath will be created as needed with file mode 0755.

Types ¶

type AltNames ¶

type AltNames struct {
	DNSNames []string
	IPs      []net.IP
}

AltNames contains the domain names and IP addresses that will be added to the API Server's x509 certificate SubAltNames field. The values will be passed directly to the x509.Certificate object.

type Config ¶

type Config struct {
	CommonName   string
	Organization []string
	AltNames     AltNames
	Usages       []x509.ExtKeyUsage
	Duration     time.Duration
}

Config contains the basic fields required for creating a certificate

func (Config) GetDuration ¶ added in v1.6.0

func (cfg Config) GetDuration() time.Duration

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
certstore

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL