pki

package

v1.3.0 Latest Latest Go to latest Published: Apr 14, 2026 License: Apache-2.0 Imports: 14 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/NVIDIA/ncx-infra-controller-rest

Links

Open Source Insights

Documentation ¶

Overview ¶

Package pki provides certificate authority and PKI operations

Index ¶

Constants
func NewNativeCertificateIssuer(opts NativeCertificateIssuerOptions) (types.CertificateIssuer, error)
type CA
- func LoadCA(certFile, keyFile string) (*CA, error)
- func LoadCAFromPEM(certPEM, keyPEM []byte) (*CA, error)
type CRL
type NativeCertificateIssuer
type NativeCertificateIssuerOptions

Constants ¶

View Source

const (
	// RSAKeySize is the default key size for RSA keys
	RSAKeySize = 2048
	// DefaultCATTL is the default TTL for CA certificates (10 years)
	DefaultCATTL = 10 * 365 * 24 * time.Hour
)

Variables ¶

This section is empty.

Functions ¶

func NewNativeCertificateIssuer ¶

func NewNativeCertificateIssuer(opts NativeCertificateIssuerOptions) (types.CertificateIssuer, error)

NewNativeCertificateIssuer creates a new native Go certificate issuer.

Types ¶

type CA ¶

type CA struct {
	// contains filtered or unexported fields
}

CA represents a Certificate Authority

func LoadCA ¶

func LoadCA(certFile, keyFile string) (*CA, error)

LoadCA loads a Certificate Authority from PEM-encoded certificate and key files.

func LoadCAFromPEM ¶

func LoadCAFromPEM(certPEM, keyPEM []byte) (*CA, error)

LoadCAFromPEM loads a Certificate Authority from PEM-encoded bytes

func (*CA) GetCACertificatePEM ¶

func (ca *CA) GetCACertificatePEM() string

GetCACertificatePEM returns the CA certificate in PEM format

func (*CA) GetCRL ¶

func (ca *CA) GetCRL() string

GetCRL returns the Certificate Revocation List in PEM format

func (*CA) IssueCertificate ¶

func (ca *CA) IssueCertificate(commonName string, ttlHours int) (certPEM, keyPEM string, err error)

IssueCertificate issues a new certificate signed by this CA

type CRL ¶

type CRL struct {
	// contains filtered or unexported fields
}

CRL represents a Certificate Revocation List

type NativeCertificateIssuer ¶

type NativeCertificateIssuer struct {
	// contains filtered or unexported fields
}

NativeCertificateIssuer implements types.CertificateIssuer using native Go crypto

func (*NativeCertificateIssuer) GetCACertificate ¶

func (i *NativeCertificateIssuer) GetCACertificate(ctx context.Context) (string, error)

GetCACertificate implements types.CertificateIssuer

func (*NativeCertificateIssuer) GetCRL ¶

func (i *NativeCertificateIssuer) GetCRL(ctx context.Context) (string, error)

GetCRL implements types.CertificateIssuer

func (*NativeCertificateIssuer) NewCertificate ¶

func (i *NativeCertificateIssuer) NewCertificate(ctx context.Context, req *types.CertificateRequest) (string, string, error)

NewCertificate implements types.CertificateIssuer

func (*NativeCertificateIssuer) RawCertificate ¶

func (i *NativeCertificateIssuer) RawCertificate(ctx context.Context, sans string, ttl int) (string, string, error)

RawCertificate implements types.CertificateIssuer

type NativeCertificateIssuerOptions ¶

type NativeCertificateIssuerOptions struct {
	BaseDNS        string
	CertificateTTL string
	CACommonName   string
	CAOrganization string
	CACertFile     string
	CAKeyFile      string
	AltCACertFile  string
	AltCAKeyFile   string
}

NativeCertificateIssuerOptions defines options for the native issuer

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL