Documentation
¶
Index ¶
- func CheckCertificateAndPrivateKeyPairValidity(certificate, privateKey []byte, threshold time.Duration) (bool, error)
- func CheckCertificateNamesAndIPs(certificateBytes []byte, entries []string) (bool, error)
- func CheckPublicAndPrivateKeyValidity(publicKey, privateKey []byte) (bool, error)
- func GenerateCertificatePrivateKeyPair(template *x509.Certificate, caCertificate []byte, caPrivateKey []byte) (*bytes.Buffer, *bytes.Buffer, error)
- func IsValidCertificateKeyPairBytes(certificateBytes, privateKeyBytes []byte, expirationThreshold time.Duration) (bool, error)
- func NewCertificateTemplate(commonName string) *x509.Certificate
- func NewCertificateTemplateWithSANs(commonName string, dnsNames []string, ipAddresses []net.IP) *x509.Certificate
- func ParseCertificateBytes(content []byte) (*x509.Certificate, error)
- func ParsePrivateKeyBytes(content []byte) (crypto.Signer, error)
- func ParsePublicKeyBytes(content []byte) (*rsa.PublicKey, error)
- func VerifyCertificate(cert, ca []byte, usages ...x509.ExtKeyUsage) (bool, error)
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func CheckCertificateAndPrivateKeyPairValidity ¶
func CheckCertificateAndPrivateKeyPairValidity(certificate, privateKey []byte, threshold time.Duration) (bool, error)
CheckCertificateAndPrivateKeyPairValidity checks if the certificate and private key pair are valid.
func CheckCertificateNamesAndIPs ¶
CheckCertificateNamesAndIPs checks if the Kubernetes API Server certificate matches the Control Plane Endpoint and SAN stored in the kubeadm: it must check both IPs and DNS names, and returns a false if the required entry isn't available. In case of removal of entries, this function returns true nevertheless to avoid reloading a Control Plane uselessly.
func CheckPublicAndPrivateKeyValidity ¶
CheckPublicAndPrivateKeyValidity checks if the given bytes for the private and public keys are valid.
func GenerateCertificatePrivateKeyPair ¶
func GenerateCertificatePrivateKeyPair(template *x509.Certificate, caCertificate []byte, caPrivateKey []byte) (*bytes.Buffer, *bytes.Buffer, error)
GenerateCertificatePrivateKeyPair starts from the Certificate Authority bytes a certificate using the provided template, returning the bytes both for the certificate and its key.
func IsValidCertificateKeyPairBytes ¶
func IsValidCertificateKeyPairBytes(certificateBytes, privateKeyBytes []byte, expirationThreshold time.Duration) (bool, error)
IsValidCertificateKeyPairBytes checks if the certificate matches the private key bounded to it.
func NewCertificateTemplate ¶
func NewCertificateTemplate(commonName string) *x509.Certificate
NewCertificateTemplate returns the template that must be used to generate a certificate, used to perform the authentication against the DataStore.
func NewCertificateTemplateWithSANs ¶
func NewCertificateTemplateWithSANs(commonName string, dnsNames []string, ipAddresses []net.IP) *x509.Certificate
NewCertificateTemplateWithSANs returns a certificate template with DNS names and/or IP addresses in the Subject Alternative Names field. This is required for TLS server certificates where clients verify the hostname matches the certificate.
func ParseCertificateBytes ¶
func ParseCertificateBytes(content []byte) (*x509.Certificate, error)
ParseCertificateBytes takes the certificate bytes returning a x509 certificate by parsing it.
func ParsePrivateKeyBytes ¶
ParsePrivateKeyBytes takes the private key bytes returning an RSA private key by parsing it.
func ParsePublicKeyBytes ¶
ParsePublicKeyBytes takes the public key bytes returning an RSA public key by parsing it.
func VerifyCertificate ¶
func VerifyCertificate(cert, ca []byte, usages ...x509.ExtKeyUsage) (bool, error)
Types ¶
This section is empty.
Source Files