View Source
const (
	// DefaultRSAKeySize is the default key size used when created RSA keys.
	DefaultRSAKeySize = 2048

	// DefaultCertDuration is the default lifespan used when creating certificates.
	DefaultCertDuration = time.Hour * 24 * 365

	// When client certificates have less than ClientCertificateRenewalDuration
	// left before expiry, they will be regenerated.
	ClientCertificateRenewalDuration = DefaultCertDuration / 2


This section is empty.


func DecodeCertPEM

func DecodeCertPEM(encoded []byte) (*x509.Certificate, error)

    DecodeCertPEM attempts to return a decoded certificate or nil if the encoded input does not contain a certificate.

    func DecodePrivateKeyPEM

    func DecodePrivateKeyPEM(encoded []byte) (crypto.Signer, error)

      DecodePrivateKeyPEM attempts to return a decoded key or nil if the encoded input does not contain a private key.

      func EncodeCertPEM

      func EncodeCertPEM(cert *x509.Certificate) []byte

        EncodeCertPEM returns PEM-endcoded certificate data.

        func EncodePrivateKeyPEM

        func EncodePrivateKeyPEM(key *rsa.PrivateKey) []byte

          EncodePrivateKeyPEM returns PEM-encoded private key data.

          func EncodePublicKeyPEM

          func EncodePublicKeyPEM(key *rsa.PublicKey) ([]byte, error)

            EncodePublicKeyPEM returns PEM-encoded public key data.

            func NewPrivateKey

            func NewPrivateKey() (*rsa.PrivateKey, error)

              NewPrivateKey creates an RSA private key


              type AltNames

              type AltNames struct {
              	DNSNames []string
              	IPs      []net.IP

                AltNames contains the domain names and IP addresses that will be added to the API Server's x509 certificate SubAltNames field. The values will be passed directly to the x509.Certificate object.

                type Config

                type Config struct {
                	CommonName   string
                	Organization []string
                	AltNames     AltNames
                	Usages       []x509.ExtKeyUsage

                  Config contains the basic fields required for creating a certificate.

                  func (*Config) NewSignedCert

                  func (cfg *Config) NewSignedCert(key *rsa.PrivateKey, caCert *x509.Certificate, caKey crypto.Signer) (*x509.Certificate, error)

                    NewSignedCert creates a signed certificate using the given CA certificate and key.

                    type KeyPair

                    type KeyPair struct {
                    	Cert, Key []byte

                      KeyPair holds the raw bytes for a certificate and key.

                      func (*KeyPair) IsValid

                      func (k *KeyPair) IsValid() bool

                        IsValid returns true if both the certificate and key are non-nil.