pki

package

v0.73.1 Latest Latest Go to latest Published: Mar 4, 2026 License: Apache-2.0 Imports: 15 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/zarf-dev/zarf

Links

Open Source Insights

Documentation ¶

Overview ¶

Package pki provides a simple way to generate a CA and signed server keypair.

Index ¶

func CheckForExpiredCert(ctx context.Context, pk GeneratedPKI) error
func GenerateCA(subject string) ([]byte, []byte, error)
func GenerateClientCert(caCertPEM, caKeyPEM []byte, commonName string) ([]byte, []byte, error)
func GenerateMTLSCerts(caSubject string, serverDNSNames []string, serverCommonName string, ...) (server GeneratedPKI, client GeneratedPKI, err error)
func GenerateServerCert(caCertPEM, caKeyPEM []byte, commonName string, dnsNames []string) ([]byte, []byte, error)
func GetRemainingCertLifePercentage(certData []byte) (float64, error)
func TransportWithKey(certs GeneratedPKI) (http.RoundTripper, error)
type CertType
type GeneratedPKI
- func GeneratePKI(host string, dnsNames ...string) (GeneratedPKI, error)

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func CheckForExpiredCert ¶ added in v0.52.0

func CheckForExpiredCert(ctx context.Context, pk GeneratedPKI) error

CheckForExpiredCert checks if the certificate is expired

func GenerateCA ¶ added in v0.71.0

func GenerateCA(subject string) ([]byte, []byte, error)

GenerateCA creates a CA certificate and returns the PEM-encoded certificate and private key

func GenerateClientCert ¶ added in v0.71.0

func GenerateClientCert(caCertPEM, caKeyPEM []byte, commonName string) ([]byte, []byte, error)

GenerateClientCert creates a client certificate signed by the provided CA

func GenerateMTLSCerts ¶ added in v0.71.0

func GenerateMTLSCerts(caSubject string, serverDNSNames []string, serverCommonName string, clientCommonName string) (server GeneratedPKI, client GeneratedPKI, err error)

GenerateMTLSCerts generates a complete set of mTLS certificates including CA, server cert, and client cert. Returns two GeneratedPKI structs: one for the server (containing server cert, key, and CA) and one for the client (containing client cert, key, and CA).

func GenerateServerCert ¶ added in v0.71.0

func GenerateServerCert(caCertPEM, caKeyPEM []byte, commonName string, dnsNames []string) ([]byte, []byte, error)

GenerateServerCert creates a server certificate signed by the provided CA

func GetRemainingCertLifePercentage ¶ added in v0.71.0

func GetRemainingCertLifePercentage(certData []byte) (float64, error)

GetRemainingCertLifePercentage gives back the percentage of the given certificates total lifespan that it has left before it's expired

func TransportWithKey ¶ added in v0.71.0

func TransportWithKey(certs GeneratedPKI) (http.RoundTripper, error)

TransportWithKey creates an HTTP transport configured with mTLS certificates.

Types ¶

type CertType ¶ added in v0.71.0

type CertType int

CertType defines the type of certificate to generate

const (
	CertTypeServer CertType = iota
	CertTypeClient
)

The different types of Certs that can be generated

type GeneratedPKI ¶ added in v0.52.0

type GeneratedPKI struct {
	CA   []byte `json:"ca"`
	Cert []byte `json:"cert"`
	Key  []byte `json:"key"`
}

GeneratedPKI is a struct for storing generated PKI data.

func GeneratePKI ¶

func GeneratePKI(host string, dnsNames ...string) (GeneratedPKI, error)

GeneratePKI create a CA and signed server keypair.

Source Files ¶

View all Source files

pki.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL