Documentation
¶
Overview ¶
Package certs provides certificate pair (private key + certificate) management.
This package handles TLS certificate pairs consisting of a private key and its corresponding certificate. It supports multiple input formats including PEM-encoded strings, file paths, and certificate chains.
Key Features:
- Parse certificate pairs from PEM-encoded strings or files
- Support for certificate chains (multiple certificates with one private key)
- Multiple configuration formats (pair, chain, single certificate)
- Convert to tls.Certificate for use with TLS connections
- Multiple encoding format support (JSON, YAML, TOML, CBOR)
- Thread-safe operations
Certificate Formats:
- ConfigPair: Separate private key and certificate strings
- ConfigChain: Combined PEM string with both key and certificate(s)
- File paths: Load from files on disk
Example:
keyPEM := `-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEA...`
certPEM := `-----BEGIN CERTIFICATE-----
MIIDXTCCAkWgAwIBAgIJ...`
cert, err := certs.Parse(keyPEM + "\n" + certPEM)
if err != nil {
log.Fatal(err)
}
tlsCert := cert.GetTLS()
Index ¶
- Variables
- func ViperDecoderHook() libmap.DecodeHookFuncType
- type Cert
- type Certif
- func (o *Certif) Cert() Cert
- func (o *Certif) Chain() (string, error)
- func (o *Certif) GetCerts() []string
- func (o *Certif) IsChain() bool
- func (o *Certif) IsFile() bool
- func (o *Certif) IsPair() bool
- func (o *Certif) MarshalBinary() (data []byte, err error)
- func (o *Certif) MarshalCBOR() ([]byte, error)
- func (o *Certif) MarshalJSON() ([]byte, error)
- func (o *Certif) MarshalTOML() ([]byte, error)
- func (o *Certif) MarshalText() (text []byte, err error)
- func (o *Certif) MarshalYAML() (interface{}, error)
- func (o *Certif) Model() Certif
- func (o *Certif) Pair() (pub string, key string, err error)
- func (o *Certif) String() string
- func (o *Certif) TLS() tls.Certificate
- func (o *Certif) UnmarshalBinary(data []byte) error
- func (o *Certif) UnmarshalCBOR(bytes []byte) error
- func (o *Certif) UnmarshalJSON(p []byte) error
- func (o *Certif) UnmarshalTOML(i interface{}) error
- func (o *Certif) UnmarshalText(text []byte) error
- func (o *Certif) UnmarshalYAML(value *yaml.Node) error
- type Config
- type ConfigChain
- type ConfigPair
Constants ¶
This section is empty.
Variables ¶
Functions ¶
func ViperDecoderHook ¶
func ViperDecoderHook() libmap.DecodeHookFuncType
Types ¶
type Cert ¶
type Cert interface {
encoding.TextMarshaler
encoding.TextUnmarshaler
encoding.BinaryMarshaler
encoding.BinaryUnmarshaler
json.Marshaler
json.Unmarshaler
yaml.Marshaler
yaml.Unmarshaler
toml.Marshaler
toml.Unmarshaler
cbor.Marshaler
cbor.Unmarshaler
fmt.Stringer
// Chain returns the certificate chain from the internal representation.
// It returns an empty string and no error if the internal representation
// is not a chain.
//
// The returned string is a PEM encoded certificate chain, where each
// certificate is separated by a newline.
//
// If there is an error during parsing, it returns an empty string and
// the error.
//
// The returned error is of type `x509.ParseCertificate` or
// `x509.ParsePKCS7` if there is an error during parsing.
Chain() (string, error)
// Pair returns a pair of PEM encoded public and private keys.
// It returns empty strings and no error if the internal representation
// is not a pair.
//
// The returned public key is a PEM encoded public key, and the returned
// private key is a PEM encoded private key.
//
// If there is an error during parsing, it returns empty strings and
// the error.
//
// The returned error is of type `x509.ParseCertificate` or
// `x509.ParsePKCS7` if there is an error during parsing.
Pair() (pub string, key string, err error)
// TLS returns the currently active certificate pair in the TLS configuration.
//
// The returned value is a tls.Certificate which contains the currently
// active certificate pair in the TLS configuration.
//
// The returned value is empty if the TLS configuration does not contain
// any certificate pairs.
//
// The TLS configuration is updated when a new certificate pair is added
// using the `AddCertificatePair` functions.
//
// The TLS configuration is not updated when a new certificate pair is added
// using the `AddCertificatePairString` functions.
//
// The TLS configuration is not updated when a new certificate pair is added
// using the `AddCertificatePairFile` functions.
TLS() tls.Certificate
// Model returns the internal representation of the certificate.
//
// The returned value is a certificate which contains the internal
// representation of the certificate.
//
// The returned value is empty if the internal representation is not a
// valid certificate.
//
Model() Certif
// IsChain returns true if the internal representation of the certificate is
// a chain, and false otherwise.
//
// A chain is a PEM encoded certificate chain, where each certificate is
// separated by a newline.
//
// The IsChain function does not check if the certificate chain is valid.
// It only checks if the internal representation is a valid chain.
//
// The IsChain function is thread-safe.
// Multiple goroutines can call the IsChain function at the same time without
// affecting the correctness of the TLS configuration.
IsChain() bool
// IsPair returns true if the internal representation of the certificate is a pair,
// and false otherwise.
//
// A pair is a PEM encoded private key and a PEM encoded public key.
//
// The IsPair function does not check if the pair is valid.
// It only checks if the internal representation is a valid pair.
//
// The IsPair function is thread-safe.
// Multiple goroutines can call the IsPair function at the same time without
// affecting the correctness of the TLS configuration.
IsPair() bool
// IsFile returns true if the internal representation of the certificate is a file,
// and false otherwise.
//
// A file is a path to a PEM file containing a certificate pair.
//
// The IsFile function does not check if the file is valid.
// It only checks if the internal representation is a valid file.
//
// The IsFile function is thread-safe.
// Multiple goroutines can call the IsFile function at the same time without
// affecting the correctness of the TLS configuration.
IsFile() bool
// GetCerts returns the internal representation of the certificate as a slice of
// strings.
//
// The returned slice of strings contains the internal representation of the
// certificate. The internal representation can be a chain, a pair or a file.
//
// The GetCerts function does not check if the internal representation is
// valid. It only returns the internal representation as a slice of strings.
//
// The GetCerts function is thread-safe.
// Multiple goroutines can call the GetCerts function at the same time without
// affecting the correctness of the TLS configuration.
GetCerts() []string
}
Cert represents a certificate pair (private key + certificate) for TLS connections. It provides methods for managing, parsing, and encoding certificate pairs. All operations are thread-safe.
func Parse ¶
Parse parses a certificate chain from a PEM encoded string.
The Parse function takes a PEM encoded certificate chain as a string parameter. It returns a certificate and an error.
If the PEM encoded string cannot be parsed into a valid certificate chain, the Parse function returns an error of type tlscrt.ParseError.
If the certificate chain is empty, the Parse function returns an error of type ErrInvalidPairCertificate.
The Parse function is thread-safe. Multiple goroutines can call the Parse function at the same time without affecting the correctness of the TLS configuration.
func ParsePair ¶
ParsePair parses a certificate pair from a PEM encoded string.
The ParsePair function takes two strings as parameters, the first parameter is a PEM encoded private key and the second parameter is a PEM encoded public key.
It returns a certificate and an error.
If the PEM encoded string cannot be parsed into a valid certificate pair, the ParsePair function returns an error of type tlscrt.ParseError.
If the certificate pair is empty, the ParsePair function returns an error of type ErrInvalidPairCertificate.
The ParsePair function is thread-safe. Multiple goroutines can call the ParsePair function at the same time without affecting the correctness of the TLS configuration.
type Certif ¶
type Certif struct {
// contains filtered or unexported fields
}
func (*Certif) MarshalBinary ¶
func (*Certif) MarshalCBOR ¶
func (*Certif) MarshalJSON ¶
func (*Certif) MarshalTOML ¶
func (*Certif) MarshalText ¶
func (*Certif) MarshalYAML ¶
func (*Certif) TLS ¶
func (o *Certif) TLS() tls.Certificate
func (*Certif) UnmarshalBinary ¶
func (*Certif) UnmarshalCBOR ¶
func (*Certif) UnmarshalJSON ¶
func (*Certif) UnmarshalTOML ¶
func (*Certif) UnmarshalText ¶
type ConfigChain ¶
type ConfigChain string
func (*ConfigChain) Cert ¶
func (c *ConfigChain) Cert() (*tls.Certificate, error)
func (*ConfigChain) GetCerts ¶
func (c *ConfigChain) GetCerts() []string
func (*ConfigChain) IsChain ¶
func (c *ConfigChain) IsChain() bool
func (*ConfigChain) IsFile ¶
func (c *ConfigChain) IsFile() bool
func (*ConfigChain) IsPair ¶
func (c *ConfigChain) IsPair() bool
type ConfigPair ¶
type ConfigPair struct {
Key string `mapstructure:"key" json:"key" yaml:"key" toml:"key"`
Pub string `mapstructure:"pub" json:"pub" yaml:"pub" toml:"pub"`
}
func (*ConfigPair) Cert ¶
func (c *ConfigPair) Cert() (*tls.Certificate, error)
func (*ConfigPair) GetCerts ¶
func (c *ConfigPair) GetCerts() []string
func (*ConfigPair) IsChain ¶
func (c *ConfigPair) IsChain() bool
func (*ConfigPair) IsFile ¶
func (c *ConfigPair) IsFile() bool
func (*ConfigPair) IsPair ¶
func (c *ConfigPair) IsPair() bool
Source Files
Click to show internal directories.
Click to hide internal directories.