tlsconfig

package
v0.0.0-...-f179113 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Dec 5, 2024 License: AGPL-3.0 Imports: 13 Imported by: 0

Documentation

Overview

Package tlsconfig contains TLS-related interfaces, helpers, and implementations.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type DefaultManager

type DefaultManager struct {
	// contains filtered or unexported fields
}

DefaultManager is the default implementation of Manager.

func NewDefaultManager

func NewDefaultManager(conf *DefaultManagerConfig) (m *DefaultManager, err error)

NewDefaultManager returns a new initialized *DefaultManager.

func (*DefaultManager) Add

func (m *DefaultManager) Add(
	ctx context.Context,
	certPath string,
	keyPath string,
) (err error)

Add implements the Manager interface for *DefaultManager.

func (*DefaultManager) Clone

func (m *DefaultManager) Clone() (clone *tls.Config)

Clone implements the Manager interface for *DefaultManager.

func (*DefaultManager) CloneWithMetrics

func (m *DefaultManager) CloneWithMetrics(
	proto string,
	srvName string,
	deviceDomains []string,
) (conf *tls.Config)

CloneWithMetrics implements the Manager interface for *DefaultManager.

func (*DefaultManager) Refresh

func (m *DefaultManager) Refresh(ctx context.Context) (err error)

Refresh implements the agdservice.Refresher interface for *DefaultManager.

func (*DefaultManager) RotateTickets

func (m *DefaultManager) RotateTickets(ctx context.Context) (err error)

RotateTickets rereads and resets TLS session tickets.

type DefaultManagerConfig

type DefaultManagerConfig struct {
	// Logger is used for logging the operation of the TLS manager.
	Logger *slog.Logger

	// ErrColl is used to collect TLS-related errors.
	ErrColl errcoll.Interface

	// Metrics is used to collect TLS-related statistics.
	Metrics Metrics

	// KeyLogFilename, if not empty, is the name of the TLS key log file.
	KeyLogFilename string

	// SessionTicketPaths are paths to files containing the TLS session tickets.
	SessionTicketPaths []string
}

DefaultManagerConfig is the configuration structure for DefaultManager.

TODO(s.chzhen): Use it.

type EmptyMetrics

type EmptyMetrics struct{}

EmptyMetrics is the implementation of the Metrics interface that does nothing.

func (EmptyMetrics) AfterHandshake

func (EmptyMetrics) AfterHandshake(
	_ string,
	_ string,
	_ []string,
	_ []*tls.Certificate,
) (f func(s tls.ConnectionState) (err error))

AfterHandshake implements the Metrics interface for EmptyMetrics by returning a function that does nothing.

func (EmptyMetrics) BeforeHandshake

func (EmptyMetrics) BeforeHandshake(
	_ string,
) (f func(info *tls.ClientHelloInfo) (c *tls.Config, err error))

BeforeHandshake implements the Metrics interface for EmptyMetrics by returning a function that does nothing.

func (EmptyMetrics) SetCertificateInfo

func (EmptyMetrics) SetCertificateInfo(_ context.Context, _, _ string, _ time.Time)

SetCertificateInfo implements the Metrics interface for EmptyMetrics.

func (EmptyMetrics) SetSessionTicketRotationStatus

func (EmptyMetrics) SetSessionTicketRotationStatus(_ context.Context, _ bool)

SetSessionTicketRotationStatus implements the Metrics interface for EmptyMetrics.

type Manager

type Manager interface {
	// Add saves an initialized TLS certificate using the provided paths to a
	// certificate and a key.  certPath and keyPath must not be empty.
	Add(ctx context.Context, certPath, keyPath string) (err error)

	// Clone returns the TLS configuration that contains saved TLS certificates.
	Clone() (c *tls.Config)

	// CloneWithMetrics is like [Manager.Clone] but it also sets metrics.
	CloneWithMetrics(proto, srvName string, deviceDomains []string) (c *tls.Config)
}

Manager stores and updates TLS configurations.

type Metrics

type Metrics interface {
	// BeforeHandshake returns a function that needs to be passed to
	// [tls.Config.GetConfigForClient].  f must not be nil.
	BeforeHandshake(proto string) (f func(*tls.ClientHelloInfo) (c *tls.Config, err error))

	// AfterHandshake returns a function that needs to be passed to
	// [tls.Config.VerifyConnection].  f must not be nil.
	AfterHandshake(
		proto string,
		srvName string,
		devDomains []string,
		srvCerts []*tls.Certificate,
	) (f func(s tls.ConnectionState) (err error))

	// SetCertificateInfo sets the TLS certificate information.
	SetCertificateInfo(ctx context.Context, algo, subj string, notAfter time.Time)

	// SetSessionTicketRotationStatus sets the TLS session ticket rotation
	// status.
	SetSessionTicketRotationStatus(ctx context.Context, enabled bool)
}

Metrics is an interface that is used for the collection of the TLS-related statistics.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL