CommonNameForCertificate returns the common name that should be used for the given Certificate resource, by inspecting the CommonName and DNSNames fields.

DecodePKCS1PrivateKeyBytes will decode a PEM encoded RSA private key.

DecodePrivateKeyBytes will decode a PEM encoded private key into a crypto.Signer.

DecodeX509CertificateBytes will decode a PEM encoded x509 Certificate.

DecodeX509CertificateChainBytes will decode a PEM encoded x509 Certificate chain.

DNSNamesForCertificate returns the DNS names that should be used for the given Certificate resource, by inspecting the CommonName and DNSNames fields.

EncodeCSR calls x509.CreateCertificateRequest to sign the given CSR template.

EncodeECPrivateKey will marshal an ECDSA private key into x509 PEM format.

EncodePKCS1PrivateKey will marshal a RSA private key into x509 PEM format.

EncodePKCS8PrivateKey will marshal a private key into x509 PEM format.

EncodePrivateKey will encode a given crypto.PrivateKey by first inspecting the type of key provided.

EncodeX509 will encode a *x509.Certificate into PEM format.

EncodeX509Chain will encode an *x509.Certificate chain into PEM format.

GenerateCSR will generate a new *x509.CertificateRequest template to be used by issuers that utilise CSRs to obtain Certificates.

GenerateECPrivateKey will generate an ECDSA private key of the given size.

GeneratePrivateKeyForCertificate will generate a private key suitable for the provided cert-manager Certificate resource, taking into account the parameters on the provided resource.

GenerateRSAPrivateKey will generate a RSA private key of the given size.

GenerateTemplate will create a x509.Certificate for the given Certificate resource.

OrganizationForCertificate will return the Organization to set for the Certificate resource.

PublicKeyForPrivateKey will return the crypto.PublicKey for the given crypto.PrivateKey.

PublicKeyMatchesCertificate can be used to verify the given public key is the correct counter-part to the given x509 Certificate.

PublicKeyMatchesCSR can be used to verify the given public key is the correct counter-part to the given x509 CertificateRequest.

SignatureAlgorithm will determine the appropriate signature algorithm for the given certificate.

SignCertificate returns a signed x509.Certificate object for the given *v1alpha1.Certificate crt.

ECCurve256 represents a 256bit ECDSA key.

ECCurve384 represents a 384bit ECDSA key.

ECCurve521 represents a 521bit ECDSA key.

MaxRSAKeySize is the maximum RSA keysize allowed to be generated by the generator functions in this package.

MinRSAKeySize is the minimum RSA keysize allowed to be generated by the generator functions in this package.