BuildCertificatesMaps returns to maps to get what certificate to use for which DNS or IPs.

BuildSANExtension builds a `pkix.Extension` of type "Subject Alternative Name" based on the given identities.

BuildSubjectAltNameExtension builds the SAN extension for the certificate.

CertToPEM converts the given *x509.Certificate to *pem.Block .

CSRFromCertificate generates a new CSR from the given certificate.

DecryptPrivateKey decrypts the given private key.

DecryptPrivateKeyPEM decrypts the given private key PEM bytes.

ECPrivateKeyGenerator generates a ECDSA private key.

EncryptPrivateKey encrypts the given private key.

EncryptPrivateKeyPEM encrypts the given private key PEM bytes.

ExtractIDs first finds the SAN extension from the given extension set, then extract identities from the SAN extension.

ExtractIDsFromSAN takes a SAN extension and extracts the identities.

ExtractSANExtension extracts the "Subject Alternative Name" externsion from the given PKIX extension set.

GenerateBase64PKCS12 generates a full PKCS certificate based on the input keys.

GenerateCSR generate a CSR using the given parameters.

GenerateCSRwithSANs generates a SPIFFE certificate CSR.

GeneratePKCS12 generates a pkcs12.

GeneratePKCS12FromFiles generates a full PKCS certificate based on the input keys.

GenerateSimpleCSR generate a CSR using the given parameters.

IssueCertiticate issues a new Certificate eventual signed using the signingCertificate and the given keyGen.

KeyToPEM converts the given crypto.PrivateKey to *pem.Block .

LoadCSRs loads the given bytes as an array of Certificate Signing Request.

ParseCertificate parse the given bytes to *x509.Certificate.

ParseCertificatePEM reads the certificate at the given path and returns an *x509.Certificate.

ReadCertificate returns a new *x509.Certificate from the PEM bytes pf a cert and a key and decrypts it with the given password if needed.

ReadCertificatePEM returns a new *x509.Certificate from the path of a cert, a key in PEM and decrypts it with the given password if needed.

ReadCertificatePEMFromData returns a certificate object out of a PEM encoded byte array.

RSAPrivateKeyGenerator generates a RSA private key.

SignCSR will sign the given CSR with the given signing cert.

SplitChain splits the given certificate data into the actual *x509.Certificate and a list of CA chain in a []*x509.Certificate.

SplitChainPEM splits the given cert PEM []byte as the actual certificate and []byte as the rest of the chain.

ToTLSCertificate converts the given cert and private key to a tls.Certificate.

Verify verifies the given certificate is signed by the given other certificate, and that the other certificate has the correct required key usage.

TypeDNS represents a DNS name.

TypeIP represents an IP address.

TypeURI represents a universal resource identifier.

URIScheme is the URI scheme for Spiffe identities.

Identity is an object holding both the encoded identifier bytes as well as the type of the identity.

IdentityType represents type of an identity.

PrivateKeyGenerator is the type of function that can generate a crypto.PrivateKey.