Documentation
¶
Overview ¶
Package pki is the package that provides functions to generate certificates
Index ¶
- Constants
- Variables
- func EncodeCertToPEM(cert *x509.Certificate) []byte
- func EncodePrivateKeyToPEM(privateKey crypto.PrivateKey) ([]byte, error)
- func GenerateCA(cn string, notBefore, notAfter time.Time) (cert *x509.Certificate, key crypto.Signer, err error)
- func GeneratePki(pkiPath string, sans ...string) error
- func GenerateSignCert(cn string, caCert *x509.Certificate, caKey crypto.Signer, ...) (cert *x509.Certificate, key crypto.Signer, err error)
- func NewCertAndKey(caCert *x509.Certificate, caKey crypto.Signer, config CertConfig) (*x509.Certificate, crypto.Signer, error)
- func NewCertificateAuthority(config CertConfig) (*x509.Certificate, crypto.Signer, error)
- func NewIntermediateCertificateAuthority(parentCert *x509.Certificate, parentKey crypto.Signer, config CertConfig) (*x509.Certificate, crypto.Signer, error)
- func NewSelfSignedCACert(cfg CertConfig, key crypto.Signer) (*x509.Certificate, error)
- func NewSignedCert(cfg CertConfig, key crypto.Signer, caCert *x509.Certificate, ...) (*x509.Certificate, error)
- func ReadCertAndKey(pkiPath string, name string) (*x509.Certificate, crypto.Signer, error)
- func WriteCertAndKey(pkiPath string, name string, cert *x509.Certificate, key crypto.Signer) error
- type AltNames
- type CertConfig
Constants ¶
const ( // CertificateBlockType is a possible value for pem.Block.Type. CertificateBlockType = "CERTIFICATE" // ECPrivateKeyBlockType is a possible value for pem.Block.Type. ECPrivateKeyBlockType = "EC PRIVATE KEY" // RSAPrivateKeyBlockType is a possible value for pem.Block.Type. RSAPrivateKeyBlockType = "RSA PRIVATE KEY" // CertificateValidity is the validity period of a certificate. CertificateValidity = 100 * 365 * 24 * time.Hour )
Variables ¶
var ( // DefaultUser is the default user for the admin user DefaultUser = "kwok-admin" // DefaultGroups is the default groups for the admin user DefaultGroups = []string{ "system:masters", } // DefaultAltNames is the default alt names for the admin user DefaultAltNames = []string{ "kubernetes", "kubernetes.default", "kubernetes.default.svc", "kubernetes.default.svc.cluster.local", "localhost", "127.0.0.1", "::1", } )
Functions ¶
func EncodeCertToPEM ¶ added in v0.3.0
func EncodeCertToPEM(cert *x509.Certificate) []byte
EncodeCertToPEM returns PEM-encoded certificate data
func EncodePrivateKeyToPEM ¶ added in v0.3.0
func EncodePrivateKeyToPEM(privateKey crypto.PrivateKey) ([]byte, error)
EncodePrivateKeyToPEM converts a known private key type of RSA or ECDSA to a PEM encoded block or returns an error.
func GenerateCA ¶ added in v0.3.0
func GenerateCA(cn string, notBefore, notAfter time.Time) (cert *x509.Certificate, key crypto.Signer, err error)
GenerateCA generates a CA certificate and key.
func GeneratePki ¶ added in v0.1.0
GeneratePki generates the pki for kwokctl
func GenerateSignCert ¶ added in v0.3.0
func GenerateSignCert(cn string, caCert *x509.Certificate, caKey crypto.Signer, notBefore, notAfter time.Time, organizations []string, sans []string) (cert *x509.Certificate, key crypto.Signer, err error)
GenerateSignCert generates a certificate and key signed by the given CA.
func NewCertAndKey ¶ added in v0.1.0
func NewCertAndKey(caCert *x509.Certificate, caKey crypto.Signer, config CertConfig) (*x509.Certificate, crypto.Signer, error)
NewCertAndKey creates new certificate and key by passing the certificate authority certificate and key
func NewCertificateAuthority ¶ added in v0.1.0
func NewCertificateAuthority(config CertConfig) (*x509.Certificate, crypto.Signer, error)
NewCertificateAuthority creates new certificate and private key for the certificate authority
func NewIntermediateCertificateAuthority ¶ added in v0.1.0
func NewIntermediateCertificateAuthority(parentCert *x509.Certificate, parentKey crypto.Signer, config CertConfig) (*x509.Certificate, crypto.Signer, error)
NewIntermediateCertificateAuthority creates new certificate and private key for an intermediate certificate authority
func NewSelfSignedCACert ¶ added in v0.1.0
func NewSelfSignedCACert(cfg CertConfig, key crypto.Signer) (*x509.Certificate, error)
NewSelfSignedCACert creates a CA certificate
func NewSignedCert ¶ added in v0.1.0
func NewSignedCert(cfg CertConfig, key crypto.Signer, caCert *x509.Certificate, caKey crypto.Signer, isCA bool) (*x509.Certificate, error)
NewSignedCert creates a signed certificate using the given CA certificate and key
func ReadCertAndKey ¶ added in v0.3.0
ReadCertAndKey reads certificate and key from the specified location
func WriteCertAndKey ¶ added in v0.3.0
WriteCertAndKey stores certificate and key at the specified location
Types ¶
type AltNames ¶ added in v0.1.0
AltNames contains the domain names and IP addresses that will be added to the API Server's x509 certificate SubAltNames field. The values will be passed directly to the x509.Certificate object.
type CertConfig ¶ added in v0.1.0
type CertConfig struct {
CommonName string
Organization []string
AltNames AltNames
Usages []x509.ExtKeyUsage
PublicKeyAlgorithm x509.PublicKeyAlgorithm
NotBefore time.Time
NotAfter time.Time
}
CertConfig contains the basic fields required for creating a certificate
Source Files