crypto

package

v0.1.0 Latest Latest Go to latest Published: Aug 20, 2024 License: Apache-2.0 Imports: 19 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/flightctl/flightctl

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
func CNFromDeviceFingerprint(fingerprint string) (string, error)
func CNFromRequestedName(uuid string) (string, error)
func EnsureKey(keyFile string) (crypto.PublicKey, crypto.PrivateKey, bool, error)
func HashPublicKey(key crypto.PublicKey) ([]byte, error)
func LoadKey(keyFile string) (crypto.PrivateKey, error)
func MakeCSR(privateKey crypto.Signer, subjectName string) ([]byte, error)
func NewKeyPair() (crypto.PublicKey, crypto.PrivateKey, error)
func NewKeyPairWithHash() (crypto.PublicKey, crypto.PrivateKey, []byte, error)
func PEMEncodeKey(key crypto.PrivateKey) ([]byte, error)
func ParseCSR(csrPEM []byte) (*x509.CertificateRequest, error)
func ParseKeyPEM(pemKey []byte) (crypto.PrivateKey, error)
func TLSConfigForClient(caConfig, clientConfig *TLSCertificateConfig) (*tls.Config, error)
func TLSConfigForServer(caConfig, serverConfig *TLSCertificateConfig) (*tls.Config, *tls.Config, *tls.Config, error)
func WriteKey(keyPath string, key crypto.PrivateKey) error
type CA
- func EnsureCA(certFile, keyFile, serialFile, subjectName string, expireDays int) (*CA, bool, error)
- func GetCA(certFile, keyFile, serialFile string) (*CA, error)
- func MakeSelfSignedCA(certFile, keyFile, serialFile, subjectName string, expiryDays int) (*CA, error)
- func (ca *CA) EnsureClientCertificate(certFile, keyFile string, subjectName string, expireDays int) (*TLSCertificateConfig, bool, error)
- func (ca *CA) EnsureServerCertificate(certFile, keyFile string, hostnames []string, expireDays int) (*TLSCertificateConfig, bool, error)
- func (ca *CA) IssueRequestedClientCertificate(csr *x509.CertificateRequest, expirySeconds int) ([]byte, error)
- func (ca *CA) MakeAndWriteServerCert(certFile, keyFile string, hostnames []string, expireDays int) (*TLSCertificateConfig, error)
- func (ca *CA) MakeClientCertificate(certFile, keyFile string, subject string, expiryDays int) (*TLSCertificateConfig, error)
- func (ca *CA) MakeServerCert(hostnames []string, expiryDays int, fns ...CertificateExtensionFunc) (*TLSCertificateConfig, error)
type CertificateExtensionFunc
type TLSCertificateConfig
- func GetClientCertificate(certFile, keyFile string, subjectName string) (*TLSCertificateConfig, error)
- func GetServerCert(certFile, keyFile string, hostnames []string) (*TLSCertificateConfig, error)
- func GetTLSCertificateConfig(certFile, keyFile string) (*TLSCertificateConfig, error)
- func (c *TLSCertificateConfig) GetPEMBytes() ([]byte, []byte, error)
- func (c *TLSCertificateConfig) WriteCertConfigFile(certFile, keyFile string) error

Constants ¶

View Source

const AdminCommonName = "flightctl-admin"

View Source

const ClientBootstrapCommonName = "client-enrollment"

Wraps openshift/library-go/pkg/crypto to use ECDSA and simplify the interface

View Source

const DeviceCommonNamePrefix = "device:"

View Source

const UuidCommonNamePrefix = "client-enrollment-"

Variables ¶

This section is empty.

Functions ¶

func CNFromDeviceFingerprint ¶

func CNFromDeviceFingerprint(fingerprint string) (string, error)

func CNFromRequestedName ¶

func CNFromRequestedName(uuid string) (string, error)

func EnsureKey ¶

func EnsureKey(keyFile string) (crypto.PublicKey, crypto.PrivateKey, bool, error)

func HashPublicKey ¶

func HashPublicKey(key crypto.PublicKey) ([]byte, error)

func LoadKey ¶

func LoadKey(keyFile string) (crypto.PrivateKey, error)

func MakeCSR ¶

func MakeCSR(privateKey crypto.Signer, subjectName string) ([]byte, error)

func NewKeyPair ¶

func NewKeyPair() (crypto.PublicKey, crypto.PrivateKey, error)

func NewKeyPairWithHash ¶

func NewKeyPairWithHash() (crypto.PublicKey, crypto.PrivateKey, []byte, error)

func PEMEncodeKey ¶

func PEMEncodeKey(key crypto.PrivateKey) ([]byte, error)

func ParseCSR ¶

func ParseCSR(csrPEM []byte) (*x509.CertificateRequest, error)

func ParseKeyPEM ¶

func ParseKeyPEM(pemKey []byte) (crypto.PrivateKey, error)

func TLSConfigForClient ¶

func TLSConfigForClient(caConfig, clientConfig *TLSCertificateConfig) (*tls.Config, error)

func TLSConfigForServer ¶

func TLSConfigForServer(caConfig, serverConfig *TLSCertificateConfig) (*tls.Config, *tls.Config, *tls.Config, error)

func WriteKey ¶

func WriteKey(keyPath string, key crypto.PrivateKey) error

Types ¶

type CA ¶

type CA struct {
	Config *TLSCertificateConfig

	SerialGenerator oscrypto.SerialGenerator
}

func EnsureCA ¶

func EnsureCA(certFile, keyFile, serialFile, subjectName string, expireDays int) (*CA, bool, error)

func GetCA ¶

func GetCA(certFile, keyFile, serialFile string) (*CA, error)

func MakeSelfSignedCA ¶

func MakeSelfSignedCA(certFile, keyFile, serialFile, subjectName string, expiryDays int) (*CA, error)

func (*CA) EnsureClientCertificate ¶

func (ca *CA) EnsureClientCertificate(certFile, keyFile string, subjectName string, expireDays int) (*TLSCertificateConfig, bool, error)

func (*CA) EnsureServerCertificate ¶

func (ca *CA) EnsureServerCertificate(certFile, keyFile string, hostnames []string, expireDays int) (*TLSCertificateConfig, bool, error)

func (*CA) IssueRequestedClientCertificate ¶

func (ca *CA) IssueRequestedClientCertificate(csr *x509.CertificateRequest, expirySeconds int) ([]byte, error)

IssueRequestedClientCertificate issues a client certificate based on the provided Certificate Signing Request (CSR) and the desired expiration time in seconds.

func (*CA) MakeAndWriteServerCert ¶

func (ca *CA) MakeAndWriteServerCert(certFile, keyFile string, hostnames []string, expireDays int) (*TLSCertificateConfig, error)

func (*CA) MakeClientCertificate ¶

func (ca *CA) MakeClientCertificate(certFile, keyFile string, subject string, expiryDays int) (*TLSCertificateConfig, error)

func (*CA) MakeServerCert ¶

func (ca *CA) MakeServerCert(hostnames []string, expiryDays int, fns ...CertificateExtensionFunc) (*TLSCertificateConfig, error)

type CertificateExtensionFunc ¶

type CertificateExtensionFunc func(*x509.Certificate) error

type TLSCertificateConfig ¶

type TLSCertificateConfig oscrypto.TLSCertificateConfig

func GetClientCertificate ¶

func GetClientCertificate(certFile, keyFile string, subjectName string) (*TLSCertificateConfig, error)

func GetServerCert ¶

func GetServerCert(certFile, keyFile string, hostnames []string) (*TLSCertificateConfig, error)

func GetTLSCertificateConfig ¶

func GetTLSCertificateConfig(certFile, keyFile string) (*TLSCertificateConfig, error)

func (*TLSCertificateConfig) GetPEMBytes ¶

func (c *TLSCertificateConfig) GetPEMBytes() ([]byte, []byte, error)

func (*TLSCertificateConfig) WriteCertConfigFile ¶

func (c *TLSCertificateConfig) WriteCertConfigFile(certFile, keyFile string) error

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL