certutils

package

v0.3.0 Latest Latest Go to latest Published: Apr 10, 2026 License: Apache-2.0 Imports: 33 Imported by: 0

Documentation ¶

Index ¶

Variables
func CertFingerprint(certPEM []byte) (string, error)
func CertificateSubjectToPkixName(subject *clientpb.CertificateSubject) *pkix.Name
func GenerateClientCert(host, name string, port int) (*mtls.ClientConfig, string, error)
func GenerateListenerCert(host, name string, port int) (*mtls.ClientConfig, string, error)
func GenerateRootCert() error
func GenerateSelfTLS(name string, certsSubject *clientpb.CertificateSubject) (*clientpb.TLS, error)
func GenerateServerCert(name string) ([]byte, []byte, error)
func GetCertificateAuthority() (*x509.Certificate, *rsa.PrivateKey, error)
func GetCertificateAuthorityPEM(caCertPath, caKeyPath string) ([]byte, []byte, error)
func GetMTlsConfig(serverCert *implanttypes.CertConfig, caCert *implanttypes.CertConfig) (*tls.Config, error)
func GetOperatorServerMTLSConfig(host string) *tls.Config
func GetTlsConfig(config *implanttypes.CertConfig) (*tls.Config, error)
func NewDNSProvider(providerName string, credentials map[string]string) (challenge.Provider, error)
func ObtainCert(domain, providerName, email, caURL string, credentials map[string]string) (certPEM, keyPEM []byte, err error)
func ParseCertificateAuthority(certPEM, keyPEM []byte) (*x509.Certificate, *rsa.PrivateKey, error)
func SaveCertificateAuthority(caType int, cert []byte, key []byte)
func TlsConfig(cert tls.Certificate) *tls.Config
func WrapWithTls(lsn net.Listener, cert *implanttypes.CertConfig) (net.Listener, error)
type AcmeUser
- func (u *AcmeUser) GetEmail() string
- func (u *AcmeUser) GetPrivateKey() crypto.PrivateKey
- func (u *AcmeUser) GetRegistration() *registration.Resource

Constants ¶

This section is empty.

Variables ¶

View Source

var SupportedProviders = []string{"cloudflare", "alidns", "dnspod", "route53"}

Functions ¶

func CertFingerprint ¶ added in v0.3.0

func CertFingerprint(certPEM []byte) (string, error)

CertFingerprint computes SHA-256 hex fingerprint from PEM-encoded certificate.

func CertificateSubjectToPkixName ¶ added in v0.1.1

func CertificateSubjectToPkixName(subject *clientpb.CertificateSubject) *pkix.Name

func GenerateClientCert ¶

func GenerateClientCert(host, name string, port int) (*mtls.ClientConfig, string, error)

func GenerateListenerCert ¶

func GenerateListenerCert(host, name string, port int) (*mtls.ClientConfig, string, error)

func GenerateRootCert ¶

func GenerateRootCert() error

func GenerateSelfTLS ¶ added in v0.1.1

func GenerateSelfTLS(name string, certsSubject *clientpb.CertificateSubject) (*clientpb.TLS, error)

func GenerateServerCert ¶

func GenerateServerCert(name string) ([]byte, []byte, error)

func GetCertificateAuthority ¶

func GetCertificateAuthority() (*x509.Certificate, *rsa.PrivateKey, error)

GetCertificateAuthority - Get the current CA certificate

func GetCertificateAuthorityPEM ¶

func GetCertificateAuthorityPEM(caCertPath, caKeyPath string) ([]byte, []byte, error)

GetCertificateAuthorityPEM - Get PEM encoded CA cert/key

func GetMTlsConfig ¶ added in v0.3.0

func GetMTlsConfig(serverCert *implanttypes.CertConfig, caCert *implanttypes.CertConfig) (*tls.Config, error)

GetMTlsConfig creates a TLS config that requires and verifies client certificates against the given CA. This enables mutual TLS for pipeline connections.

func GetOperatorServerMTLSConfig ¶

func GetOperatorServerMTLSConfig(host string) *tls.Config

GetOperatorServerMTLSConfig - Get the TLS config for the operator server

func GetTlsConfig ¶ added in v0.1.0

func GetTlsConfig(config *implanttypes.CertConfig) (*tls.Config, error)

func NewDNSProvider ¶ added in v0.3.0

func NewDNSProvider(providerName string, credentials map[string]string) (challenge.Provider, error)

NewDNSProvider creates a DNS challenge provider based on provider name and credentials

func ObtainCert ¶ added in v0.3.0

func ObtainCert(domain, providerName, email, caURL string, credentials map[string]string) (certPEM, keyPEM []byte, err error)

ObtainCert obtains a certificate for the given domain using DNS-01 challenge via lego. Parameters from the request take precedence over server config defaults.

func ParseCertificateAuthority ¶

func ParseCertificateAuthority(certPEM, keyPEM []byte) (*x509.Certificate, *rsa.PrivateKey, error)

func SaveCertificateAuthority ¶

func SaveCertificateAuthority(caType int, cert []byte, key []byte)

SaveCertificateAuthority - Save the certificate and the key to the filesystem doesn't return an error because errors are fatal. If we can't generate CAs, then we can't secure communication and we should die a horrible death.

func TlsConfig ¶ added in v0.1.1

func TlsConfig(cert tls.Certificate) *tls.Config

func WrapWithTls ¶

func WrapWithTls(lsn net.Listener, cert *implanttypes.CertConfig) (net.Listener, error)

Types ¶

type AcmeUser ¶ added in v0.3.0

type AcmeUser struct {
	Email        string                 `json:"email"`
	Registration *registration.Resource `json:"registration"`
	// contains filtered or unexported fields
}

AcmeUser implements registration.User interface for lego

func (*AcmeUser) GetEmail ¶ added in v0.3.0

func (u *AcmeUser) GetEmail() string

func (*AcmeUser) GetPrivateKey ¶ added in v0.3.0

func (u *AcmeUser) GetPrivateKey() crypto.PrivateKey

func (*AcmeUser) GetRegistration ¶ added in v0.3.0

func (u *AcmeUser) GetRegistration() *registration.Resource

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL