cert

package
v1.3.2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 26, 2026 License: Apache-2.0 Imports: 13 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func GetCertificateFingerprint 

func GetCertificateFingerprint(certPEM []byte) (string, error)

GetCertificateFingerprint calculates SHA256 fingerprint of certificate Used for export metadata to identify signing certificate

func ParseCertificate 

func ParseCertificate(certPEM []byte) (*x509.Certificate, error)

ParseCertificate parses a PEM-encoded X.509 certificate Used for validation and metadata extraction

Types

type CertificateOptions 

type CertificateOptions struct {
	// CommonName (CN) for the certificate (e.g., "data-storage-service")
	CommonName string

	// Organization name (O)
	Organization string

	// DNSNames for Subject Alternative Names (SAN)
	DNSNames []string

	// ValidityDuration (default: 8760h = 1 year)
	ValidityDuration time.Duration

	// KeySize in bits (default: 2048)
	KeySize int
}

CertificateOptions configures certificate generation

type CertificatePair 

type CertificatePair struct {
	// CertPEM is the X.509 certificate in PEM format (for tls.crt)
	CertPEM []byte

	// KeyPEM is the RSA private key in PEM format (for tls.key)
	KeyPEM []byte

	// NotBefore is the certificate start time
	NotBefore time.Time

	// NotAfter is the certificate expiry time
	NotAfter time.Time
}

CertificatePair contains the generated certificate and private key in PEM format

func GenerateSelfSigned 

func GenerateSelfSigned(opts CertificateOptions) (*CertificatePair, error)

GenerateSelfSigned generates a self-signed X.509 certificate Returns cert-manager compatible PEM-encoded certificate and private key

BR-AUDIT-007: Digital signature support for audit exports SOC2 CC8.1: Tamper-evident audit logs with cryptographic signatures

type Signer 

type Signer struct {
	// contains filtered or unexported fields
}

Signer provides digital signature capabilities for audit exports

func NewSignerFromPEM 

func NewSignerFromPEM(certPEM, keyPEM []byte) (*Signer, error)

NewSignerFromPEM creates a Signer from PEM-encoded certificate and key Used in testing and development

func NewSignerFromTLSCertificate 

func NewSignerFromTLSCertificate(tlsCert *tls.Certificate) (*Signer, error)

NewSignerFromTLSCertificate creates a Signer from a tls.Certificate Used in production when loading from cert-manager managed Secret

func (*Signer) GetAlgorithm 

func (s *Signer) GetAlgorithm() string

GetAlgorithm returns the signature algorithm name

func (*Signer) GetCertificate 

func (s *Signer) GetCertificate() *x509.Certificate

GetCertificate returns the X.509 certificate used for signing

func (*Signer) GetCertificateFingerprint 

func (s *Signer) GetCertificateFingerprint() string

GetCertificateFingerprint returns SHA256 fingerprint of the signing certificate Used for export metadata

func (*Signer) Sign 

func (s *Signer) Sign(data interface{}) (string, error)

Sign signs the provided data with SHA256-RSA Returns base64-encoded signature

BR-AUDIT-007: Digital signature support for audit exports SOC2 CC8.1: Tamper-evident audit logs

func (*Signer) Verify 

func (s *Signer) Verify(data interface{}, signatureBase64 string) error

Verify verifies a signature against the provided data Used for signature verification tools (Day 9.2)

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.