Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func ParseTLSCertificate ¶
func ParseTLSCertificate(cert *Certificate) (tls.Certificate, error)
ParseTLSCertificate converts a Certificate to a tls.Certificate This is useful for integrating with libraries that expect tls.Certificate
Types ¶
type CertManagerConfig ¶
type CertManagerConfig struct {
// CAValidityDays specifies how many days the CA certificate is valid
CAValidityDays int
// HostCertValidityDays specifies how many days host certificates are valid
HostCertValidityDays int
// KeySize specifies the RSA key size in bits
KeySize int
}
CertManagerConfig holds configuration for certificate generation
func DefaultCertManagerConfig ¶
func DefaultCertManagerConfig() CertManagerConfig
DefaultCertManagerConfig returns a configuration with reasonable defaults
func (*CertManagerConfig) SetDefaults ¶
func (c *CertManagerConfig) SetDefaults()
SetDefaults sets reasonable defaults for zero values in the configuration
func (*CertManagerConfig) Validate ¶
func (c *CertManagerConfig) Validate() error
Validate checks if the configuration is valid after defaults have been set
type Certificate ¶
type Certificate struct {
// PEM encoded certificate
Certificate []byte
// PEM encoded private key
PrivateKey []byte
// Parsed X.509 certificate
X509Cert *x509.Certificate
// Parsed private key
PrivKey crypto.PrivateKey
}
Certificate represents a TLS certificate with its private key Both certificate and private key are stored in PEM-encoded format
func GenerateCA ¶
func GenerateCA(config CertManagerConfig) (*Certificate, error)
GenerateCA generates a new self-signed CA certificate using the given configuration
type CertificateCache ¶
type CertificateCache interface {
// Get retrieves a cached certificate for the given hostname
Get(hostname string) (*Certificate, bool)
// Set stores a certificate for the given hostname
Set(hostname string, cert *Certificate)
// Clear removes all cached certificates
Clear()
// Size returns the number of cached certificates
Size() int
}
CertificateCache defines the interface for certificate caching
type CertificateManager ¶
type CertificateManager interface {
// GetCA returns the Certificate Authority certificate and key
GetCA() (*Certificate, error)
// GenerateCertForHost creates a certificate for the given hostname
// Uses caching to avoid regeneration of certificates
// The certificate is signed by the CA and includes the hostname in the SAN
GenerateCertForHost(hostname string) (*Certificate, error)
// GetTLSConfig returns a tls.Config for the given hostname
// This is a convenience method that generates/retrieves the certificate
// and creates a tls.Config
GetTLSConfig(hostname string) (*tls.Config, error)
}
CertificateManager handles TLS certificate lifecycle management
func NewCertificateManagerWithCA ¶
func NewCertificateManagerWithCA(ca *Certificate, config CertManagerConfig) (CertificateManager, error)
NewCertificateManagerWithCA creates a new certificate manager with an existing CA certificate
type InMemoryCache ¶
type InMemoryCache struct {
// contains filtered or unexported fields
}
InMemoryCache implements CertificateCache using an in-memory map
func NewInMemoryCache ¶
func NewInMemoryCache() *InMemoryCache
NewInMemoryCache creates a new in-memory certificate cache
func (*InMemoryCache) Clear ¶
func (c *InMemoryCache) Clear()
func (*InMemoryCache) Get ¶
func (c *InMemoryCache) Get(hostname string) (*Certificate, bool)
func (*InMemoryCache) Set ¶
func (c *InMemoryCache) Set(hostname string, cert *Certificate)
func (*InMemoryCache) Size ¶
func (c *InMemoryCache) Size() int
Source Files