cert

package
v0.1.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Sep 27, 2023 License: Apache-2.0 Imports: 17 Imported by: 1

Documentation

Index

Constants

View Source 
const (
	// CertificatePEMBlockType is a possible value for pem.Block.Type.
	CertificatePEMBlockType = "CERTIFICATE"
	// CertificateRequestPEMBlockType is a possible value for pem.Block.Type.
	CertificateRequestPEMBlockType = "CERTIFICATE REQUEST"
	// RASPrivateKeyPEMBlockType is a possible value for pem.Block.Type.
	RASPrivateKeyPEMBlockType = "RSA PRIVATE KEY"
	// ECDSAPrivateKeyPEMBlockType is a possible value for pem.Block.Type.
	ECDSAPrivateKeyPEMBlockType = "EC PRIVATE KEY"
)

Variables

This section is empty.

Functions

func NewCertificateRequest 

func NewCertificateRequest(cfg Options, key crypto.Signer) (*x509.CertificateRequest, error)

NewCertificateRequest returns a new x509 certificate request

func NewCertificateRequestBytes 

func NewCertificateRequestBytes(cfg Options, key crypto.Signer) ([]byte, error)

NewCertificateRequestBytes returns a new certificate bytes in DER encoding

func NewECDSAPrivateKey 

func NewECDSAPrivateKey(curve string) (*ecdsa.PrivateKey, error)

NewECDSAPrivateKey create a new ECDSA provate key by curve

func NewRSAPrivateKey 

func NewRSAPrivateKey() (*rsa.PrivateKey, error)

NewRSAPrivateKey creates a new RSA private key

func NewSelfSignedCACert 

func NewSelfSignedCACert(cfg Options, key crypto.Signer) (*x509.Certificate, error)

NewSelfSignedCACert returns a new self-signed CA x509 certificate

All keys types that are implemented via crypto.Signer are supported (This includes *rsa.PrivateKey and *ecdsa.PrivateKey.)

func NewSelfSignedCACertBytes 

func NewSelfSignedCACertBytes(cfg Options, key crypto.Signer) ([]byte, error)

NewSelfSignedCACertBytes returns a new self-signed CA certificate in DER encoding

All keys types that are implemented via crypto.Signer are supported (This includes *rsa.PrivateKey and *ecdsa.PrivateKey.)

func NewSelfSignedCertificate 

func NewSelfSignedCertificate(cfg Options, key crypto.Signer) (*x509.Certificate, error)

NewSelfSignedCertificate returns a new self-signed x509 certificate

All keys types that are implemented via crypto.Signer are supported (This includes *rsa.PrivateKey and *ecdsa.PrivateKey.)

func NewSelfSignedCertificateBytes 

func NewSelfSignedCertificateBytes(cfg Options, key crypto.Signer) ([]byte, error)

NewSelfSignedCertificateBytes returns a new self-signed certificate in DER encoding

All keys types that are implemented via crypto.Signer are supported (This includes *rsa.PrivateKey and *ecdsa.PrivateKey.)

func NewSignedCert 

func NewSignedCert(cfg Options, key crypto.Signer, caKey crypto.Signer, caCert *x509.Certificate) (*x509.Certificate, error)

NewSignedCert returns a new certificate signed by given ca key and certificate

All keys types that are implemented via crypto.Signer are supported (This includes *rsa.PrivateKey and *ecdsa.PrivateKey.)

func ParseCertPEM 

func ParseCertPEM(pemBytes []byte) (*x509.Certificate, error)

ParseCertPEM decode first valid certificate pem blocks to x509 certificate

func ParseCertsPEM 

func ParseCertsPEM(pemBytes []byte) ([]*x509.Certificate, error)

ParseCertsPEM decode all valid certificate pem blocks to x509 certificates

func ParsePrivateKey 

func ParsePrivateKey(der []byte) (crypto.Signer, error)

ParsePrivateKey attempts to parse the given private key DER block. OpenSSL 0.9.8 generates PKCS#1 private keys by default, while OpenSSL 1.0.0 generates PKCS#8 keys. OpenSSL ecparam generates SEC1 EC private keys for ECDSA. We try all three.

func ParsePrivateKeyPEM 

func ParsePrivateKeyPEM(pemBytes []byte) (crypto.Signer, error)

ParsePrivateKeyPEM find and decode the first valid private key pem block, then convert it to crypto.PrivateKey(maybe rsa.PrivateKey or ecdsa.PrivateKey)

Types

type Options 

type Options struct {
	CommonName   string
	Organization []string
	DNSNames     []string
	IPs          []net.IP
	Usages       []x509.ExtKeyUsage
}

Options contains various common Options for creating a certificate

type PEMBlock 

type PEMBlock struct {
	Block *pem.Block
}

PEMBlock contains the raw bytes and a block of pem

func DecryptPrivateKeyBytes 

func DecryptPrivateKeyBytes(keyPEMBlock []byte, passwd string) (*PEMBlock, error)

DecryptPrivateKeyBytes takes a password encrypted PEM block and the password used to encrypt it and returns a slice of decrypted DER encoded bytes. It inspects the DEK-Info header to determine the algorithm used for decryption. If no DEK-Info header is present, an error is returned. If an incorrect password is detected an IncorrectPasswordError is returned. Because of deficiencies in the encrypted-PEM format, it's not always possible to detect an incorrect password. In these cases no error will be returned but the decrypted DER bytes will be random noise.

func DecryptPrivateKeyFile 

func DecryptPrivateKeyFile(keyFile, passwd string) (*PEMBlock, error)

DecryptPrivateKeyFile takes a password encrypted key file and the password 

used to encrypt it and returns a slice of decrypted DER encoded bytes.

func NewPEM 

func NewPEM(b *pem.Block) *PEMBlock

NewPEM creates a new PEM struct from pem.Block

func NewPEMForCSR 

func NewPEMForCSR(csr *x509.CertificateRequest) *PEMBlock

NewPEMForCSR returns a pemBlock for certificate request

func NewPEMForCSRDER 

func NewPEMForCSRDER(derBytes []byte) *PEMBlock

NewPEMForCSRDER returns a pemBlock for certificate request

func NewPEMForCert 

func NewPEMForCert(crt *x509.Certificate) *PEMBlock

NewPEMForCert returns a pemBlock for x509 certificate

func NewPEMForCertDER 

func NewPEMForCertDER(derBytes []byte) *PEMBlock

NewPEMForCertificate returns a pemBlock for x509 certificate

func NewPEMForECDSAKey 

func NewPEMForECDSAKey(key *ecdsa.PrivateKey) *PEMBlock

NewPEMForECDSAKey returns a pemBlock for ecdsa private key

func NewPEMForPrivateKey 

func NewPEMForPrivateKey(key crypto.Signer) (*PEMBlock, error)

NewPEMForPrivateKey returns a pemBlock for crypto private key It returns an error if the key is not *rsa.PrivateKey or *ecdsa.PrivateKey

func NewPEMForRSAKey 

func NewPEMForRSAKey(key *rsa.PrivateKey) *PEMBlock

NewPEMForRSAKey returns a pemBlock for ras private key

func ParseFirstPEMBlock 

func ParseFirstPEMBlock(pemBytes []byte) *PEMBlock

ParsePEM find valid pem block in bytes and decode the first block.

func ParsePEM 

func ParsePEM(pemBytes []byte) []*PEMBlock

ParsePEM decode input pem bytes to pem blocks.

func (*PEMBlock) Encode 

func (p *PEMBlock) Encode(out io.Writer) error

Encode writes the PEM encoding of block to out.

func (*PEMBlock) EncodeToMemory 

func (p *PEMBlock) EncodeToMemory() []byte

EncodeToMemory returns the PEM encoding bytes of p.

func (*PEMBlock) WriteFile 

func (p *PEMBlock) WriteFile(f string) error

WriteFile writes the PEM encoding to a file

type PkixName 

type PkixName struct {
	Organization []string `json:"organization,omitempty"`
	// CommonName
	CommonName string `json:"commonName,omitempty"`
}

PkixName represents an X.509 distinguished name. This only includes the common elements of a DN. When parsing, all elements are stored in Names and non-standard elements can be extracted from there. When marshaling, elements in ExtraNames are appended and override other values with the same OID.

type TLSCertificate 

type TLSCertificate struct {
	// certificate is not valid before this time
	NotBefore time.Time `json:"notBefore,omitempty"`
	// certificate is not valid after this time
	NotAfter time.Time `json:"notAfter,omitempty"`
	// Issuer information extracted from X.509 cert
	Issuer PkixName `json:"issuer,omitempty"`
	// Subject information extracted from X.509 cert
	Subject PkixName `json:"subject,omitempty"`

	// Subject Alternate Name values
	DNSNames    []string `json:"dnsNames,omitempty"`
	IPAddresses []net.IP `json:"ipAddresses,omitempty"`

	Cert     tls.Certificate   `json:"-"`
	X509Cert *x509.Certificate `json:"-"`
}

TLSCertificate represents the external cert api secret for https

func LoadX509KeyPair 

func LoadX509KeyPair(certFile, keyFile string) (*TLSCertificate, error)

LoadX509KeyPair reads and parses a public/private key pair from a pair of files. The files must contain PEM encoded data.

func LoadX509KeyPairWithPassword 

func LoadX509KeyPairWithPassword(certFile, keyFile, passwd string) (*TLSCertificate, error)

LoadX509KeyPairWithPassword parses a encryption public/private key pair from a pair of PEM encoded data.

func X509KeyPair 

func X509KeyPair(certPEMBlock, keyPEMBlock []byte) (*TLSCertificate, error)

X509KeyPair parses a public/private key pair from a pair of PEM encoded data.

func X509KeyPairWithPassword 

func X509KeyPairWithPassword(certPEMBlock, keyPEMBlock []byte, passwd string) (*TLSCertificate, error)

X509KeyPairWithPassword parses a public/private key pair from a pair of PEM encoded data.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.