tlsutil

package
v0.0.2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Oct 23, 2025 License: MIT Imports: 21 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func EncodeCABundle 

func EncodeCABundle(caCertPEM, caKeyPEM []byte) ([]byte, error)

EncodeCABundle concatenates the CA certificate and private key into a PEM file.

func EncodeClientBundle 

func EncodeClientBundle(caCertPEM, clientCertPEM, clientKeyPEM []byte) ([]byte, error)

EncodeClientBundle encodes a client PEM (CA cert + client cert + key).

func EncodeServerBundle 

func EncodeServerBundle(caCertPEM, caKeyPEM, serverCertPEM, serverKeyPEM []byte, denylist []string) ([]byte, error)

EncodeServerBundle encodes the server bundle components into PEM.

func FirstCertificateFromPEM 

func FirstCertificateFromPEM(pemBytes []byte) (*x509.Certificate, error)

FirstCertificateFromPEM returns the first certificate contained in pemBytes.

func NormalizeSerials 

func NormalizeSerials(serials []string) []string

NormalizeSerials lowercases, trims, de-duplicates, and sorts serials.

Types

type Bundle 

type Bundle struct {
	ServerCertificate  tls.Certificate
	ServerCert         *x509.Certificate
	ServerCertPEM      []byte
	ServerKeyPEM       []byte
	CACertificate      *x509.Certificate
	CACertPEM          []byte
	CAPrivateKey       crypto.Signer
	CAPrivateKeyPEM    []byte
	CAPool             *x509.CertPool
	Denylist           map[string]struct{}
	DenylistEntries    []string
	MetadataRootKey    keymgmt.RootKey
	MetadataDescriptor keymgmt.Descriptor
}

Bundle represents the parsed contents of a combined PEM bundle containing CA certificates, a server certificate, and the associated private key.

func LoadBundle 

func LoadBundle(bundlePath, denylistPath string) (*Bundle, error)

LoadBundle parses a lockd server bundle from path, optionally applying a denylist of revoked serial numbers.

type CA 

type CA struct {
	Cert    *x509.Certificate
	CertPEM []byte
	Key     ed25519.PrivateKey
	KeyPEM  []byte
}

CA holds a certificate authority keypair.

func CAFromBundle 

func CAFromBundle(b *Bundle) (*CA, error)

CAFromBundle constructs a CA helper from a parsed bundle.

func GenerateCA 

func GenerateCA(commonName string, validity time.Duration) (*CA, error)

GenerateCA creates a new self-signed certificate authority.

func LoadCA 

func LoadCA(path string) (*CA, error)

LoadCA reads a CA certificate + private key PEM from path.

func (*CA) IssueClient 

func (ca *CA) IssueClient(commonName string, validity time.Duration) ([]byte, []byte, error)

IssueClient issues a mutually-authenticated client certificate.

func (*CA) IssueServer 

func (ca *CA) IssueServer(hosts []string, commonName string, validity time.Duration) ([]byte, []byte, error)

IssueServer issues a server certificate for hosts.

type ClientBundle 

type ClientBundle struct {
	Certificate   tls.Certificate
	ClientCert    *x509.Certificate
	ClientCertPEM []byte
	ClientKeyPEM  []byte
	CACerts       []*x509.Certificate
	CAPool        *x509.CertPool
}

ClientBundle represents a parsed client PEM bundle containing CA certs and a client certificate+key pair suitable for building an mTLS HTTP client.

func LoadClientBundle 

func LoadClientBundle(path string) (*ClientBundle, error)

LoadClientBundle parses a client bundle from path.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.