crypto

package
v1.19.2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 19, 2026 License: Apache-2.0 Imports: 20 Imported by: 2

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func DecodeCertificates 

func DecodeCertificates(certBytes []byte) ([]*x509.Certificate, error)

func DecodePrivateKey 

func DecodePrivateKey(keyBytes []byte) (*rsa.PrivateKey, error)

func EncodeCertificates 

func EncodeCertificates(certificates ...*x509.Certificate) ([]byte, error)

func EncodePrivateKey 

func EncodePrivateKey(key *rsa.PrivateKey) ([]byte, error)

func FilterOutDuplicateCertificates 

func FilterOutDuplicateCertificates(certs []*x509.Certificate) []*x509.Certificate

func FilterOutExpiredCertificates 

func FilterOutExpiredCertificates(certs []*x509.Certificate, now time.Time) []*x509.Certificate

func GetTLSCertificatesFromBytes 

func GetTLSCertificatesFromBytes(certBytes, keyBytes []byte) ([]*x509.Certificate, *rsa.PrivateKey, error)

func HasCertificate 

func HasCertificate(certs []*x509.Certificate, cert *x509.Certificate) bool

func MakeCABundle 

func MakeCABundle(currentCert *x509.Certificate, previousCerts []*x509.Certificate, now time.Time) []*x509.Certificate

func SignCertificate 

func SignCertificate(template *x509.Certificate, requestKey *rsa.PublicKey, issuer *x509.Certificate, issuerKey *rsa.PrivateKey) (*x509.Certificate, error)

Types

type CACertCreatorConfig 

type CACertCreatorConfig struct {
	Subject pkix.Name
}

func (*CACertCreatorConfig) ToCreator 

func (c *CACertCreatorConfig) ToCreator() *X509CertCreator

type CertCreator 

type CertCreator interface {
	MakeCertificateTemplate(now time.Time, validity time.Duration) *x509.Certificate
	MakeCertificate(ctx context.Context, keyGetter RSAKeyGetter, signer Signer, validity time.Duration) (*x509.Certificate, *rsa.PrivateKey, error)
}

type CertificateAuthority 

type CertificateAuthority struct {
	// contains filtered or unexported fields
}

func NewCertificateAuthority 

func NewCertificateAuthority(cert *x509.Certificate, key *rsa.PrivateKey, nowFunc func() time.Time) (*CertificateAuthority, error)

func (*CertificateAuthority) GetCert 

func (ca *CertificateAuthority) GetCert() *x509.Certificate

func (*CertificateAuthority) GetSubjectKeyID added in v1.19.1 

func (ca *CertificateAuthority) GetSubjectKeyID() []byte

func (*CertificateAuthority) Now 

func (ca *CertificateAuthority) Now() time.Time

func (*CertificateAuthority) SignCertificate 

func (ca *CertificateAuthority) SignCertificate(template *x509.Certificate, requestKey *rsa.PublicKey) (*x509.Certificate, error)

func (*CertificateAuthority) VerifyCertificate 

func (ca *CertificateAuthority) VerifyCertificate(cert *x509.Certificate) error

type ClientCertCreatorConfig 

type ClientCertCreatorConfig struct {
	Subject  pkix.Name
	DNSNames []string
}

func (*ClientCertCreatorConfig) ToCreator 

func (c *ClientCertCreatorConfig) ToCreator() *X509CertCreator

type DesiredCertTemplate 

type DesiredCertTemplate struct {
	Subject               pkixName
	KeyUsage              x509.KeyUsage
	ExtKeyUsage           []x509.ExtKeyUsage
	BasicConstraintsValid bool
	IsCA                  bool
	MaxPathLen            int
	MaxPathLenZero        bool
	// RFC 5280, 4.2.2.1 (Authority Information Access)
	OCSPServer            []string
	IssuingCertificateURL []string
	// Subject Alternate Name values.
	DNSNames       []string
	EmailAddresses []string
	IPAddresses    []net.IP
	URIs           []*url.URL
	// Name constraints
	PermittedDNSDomainsCritical bool // if true then the name constraints are marked critical.
	PermittedDNSDomains         []string
	ExcludedDNSDomains          []string
	PermittedIPRanges           []*net.IPNet
	ExcludedIPRanges            []*net.IPNet
	PermittedEmailAddresses     []string
	ExcludedEmailAddresses      []string
	PermittedURIDomains         []string
	ExcludedURIDomains          []string
	// CRL Distribution Points
	CRLDistributionPoints []string
	PolicyIdentifiers     []asn1.ObjectIdentifier
}

DesiredCertTemplate holds desired fields from a certificate that are not dependent on time.

func ExtractDesiredFieldsFromTemplate 

func ExtractDesiredFieldsFromTemplate(template *x509.Certificate) *DesiredCertTemplate

func (*DesiredCertTemplate) StringOrDie 

func (t *DesiredCertTemplate) StringOrDie() string

func (*DesiredCertTemplate) ToJson 

func (t *DesiredCertTemplate) ToJson() ([]byte, error)

type RSAKeyGenerator added in v1.9.0 

type RSAKeyGenerator struct {
	itemgenerator.Generator[rsa.PrivateKey]
}

func NewRSAKeyGenerator added in v1.9.0 

func NewRSAKeyGenerator(min, max, keySize int, delay time.Duration) (*RSAKeyGenerator, error)

func (*RSAKeyGenerator) GetNewKey added in v1.9.0 

func (g *RSAKeyGenerator) GetNewKey(ctx context.Context) (*rsa.PrivateKey, error)

type RSAKeyGetter added in v1.9.0 

type RSAKeyGetter interface {
	GetNewKey(ctx context.Context) (*rsa.PrivateKey, error)
}

type SelfSignedSigner 

type SelfSignedSigner struct {
	// contains filtered or unexported fields
}

func NewSelfSignedSigner 

func NewSelfSignedSigner(nowFunc func() time.Time) *SelfSignedSigner

func NewSelfSignedSignerWithKey 

func NewSelfSignedSignerWithKey(nowFunc func() time.Time, privateKey *rsa.PrivateKey) *SelfSignedSigner

func (*SelfSignedSigner) GetSubjectKeyID added in v1.19.1 

func (s *SelfSignedSigner) GetSubjectKeyID() []byte

func (*SelfSignedSigner) Now 

func (s *SelfSignedSigner) Now() time.Time

func (*SelfSignedSigner) SignCertificate 

func (s *SelfSignedSigner) SignCertificate(template *x509.Certificate, requestKey *rsa.PublicKey) (*x509.Certificate, error)

func (*SelfSignedSigner) VerifyCertificate 

func (s *SelfSignedSigner) VerifyCertificate(cert *x509.Certificate) error

type ServingCertCreatorConfig 

type ServingCertCreatorConfig struct {
	Subject     pkix.Name
	IPAddresses []net.IP
	DNSNames    []string
}

func (*ServingCertCreatorConfig) ToCreator 

func (c *ServingCertCreatorConfig) ToCreator() *X509CertCreator

type Signer 

type Signer interface {
	Now() time.Time
	GetSubjectKeyID() []byte
	SignCertificate(template *x509.Certificate, requestKey *rsa.PublicKey) (*x509.Certificate, error)
	VerifyCertificate(cert *x509.Certificate) error
}

type X509CertCreator 

type X509CertCreator struct {
	Subject     pkix.Name
	IPAddresses []net.IP
	DNSNames    []string
	KeyUsage    x509.KeyUsage
	ExtKeyUsage []x509.ExtKeyUsage
	IsCA        bool
}

func (*X509CertCreator) MakeCertificate 

func (c *X509CertCreator) MakeCertificate(ctx context.Context, keyGetter RSAKeyGetter, signer Signer, validity time.Duration) (*x509.Certificate, *rsa.PrivateKey, error)

func (*X509CertCreator) MakeCertificateTemplate 

func (c *X509CertCreator) MakeCertificateTemplate(now time.Time, validity time.Duration) *x509.Certificate

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.