factory

package
v1.0.100 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Apr 7, 2022 License: Apache-2.0 Imports: 21 Imported by: 0

Documentation

Index

Constants

View Source
const (
	CertificateBlockType = "CERTIFICATE"
)
View Source
const (
	Static = "listener.cattle.io/static"
)

Variables

This section is empty.

Functions

func GenCA

func GenCA() (*x509.Certificate, crypto.Signer, error)

func IsStatic

func IsStatic(secret *v1.Secret) bool

IsStatic returns true if the Secret has an attribute indicating that it contains a static (aka user-provided) certificate, which should not be modified.

func LoadCA

func LoadCA(caPem, caKey []byte) (*x509.Certificate, crypto.Signer, error)

func LoadCerts

func LoadCerts(certFile, keyFile string) (*x509.Certificate, crypto.Signer, error)

func LoadOrGenCA

func LoadOrGenCA() (*x509.Certificate, crypto.Signer, error)

func Marshal

func Marshal(x509Cert *x509.Certificate, privateKey crypto.Signer) ([]byte, []byte, error)

Marshal returns the given cert and key as byte slices.

func NeedsUpdate

func NeedsUpdate(maxSANs int, secret *v1.Secret, cn ...string) bool

NeedsUpdate returns true if any of the CNs are not currently present on the secret's Certificate, as recorded in the cnPrefix annotations. It will return false if all requested CNs are already present, or if maxSANs is non-zero and has been exceeded.

func NewPrivateKey

func NewPrivateKey() (crypto.Signer, error)

NewPrivateKey returnes a new ECDSA key

func NewSelfSignedCACert

func NewSelfSignedCACert(key crypto.Signer, cn string, org ...string) (*x509.Certificate, error)

func NewSignedCert

func NewSignedCert(signer crypto.Signer, caCert *x509.Certificate, caKey crypto.Signer, cn string, orgs []string,
	domains []string, ips []net.IP) (*x509.Certificate, error)

func NewSignedClientCert

func NewSignedClientCert(signer crypto.Signer, caCert *x509.Certificate, caKey crypto.Signer, cn string) (*x509.Certificate, error)

func ParseCertPEM

func ParseCertPEM(pemCerts []byte) (*x509.Certificate, error)

Types

type TLS

type TLS struct {
	CACert       *x509.Certificate
	CAKey        crypto.Signer
	CN           string
	Organization []string
	FilterCN     func(...string) []string
}

func (*TLS) AddCN

func (t *TLS) AddCN(secret *v1.Secret, cn ...string) (*v1.Secret, bool, error)

AddCN attempts to add a list of CN strings to a given Secret, returning the potentially-modified Secret along with a bool indicating whether or not it has been updated. The Secret will not be changed if it has an attribute indicating that it is static (aka user-provided), or if no new CNs were added.

func (*TLS) Filter

func (t *TLS) Filter(cn ...string) []string

Filter ensures that the CNs are all valid accorting to both internal logic, and any filter callbacks. The returned list will contain only approved CN entries.

func (*TLS) Merge

func (t *TLS) Merge(target, additional *v1.Secret) (*v1.Secret, bool, error)

Merge combines the SAN lists from the target and additional Secrets, and returns a potentially modified Secret, along with a bool indicating if the returned Secret has been updated or not. If the two SAN lists alread matched and no merging was necessary, but the Secrets' certificate fingerprints differed, the second secret is returned and the updated bool is set to true despite neither certificate having actually been modified. This is required to support handling certificate renewal within the kubernetes storage provider.

func (*TLS) Regenerate

func (t *TLS) Regenerate(secret *v1.Secret) (*v1.Secret, error)

func (*TLS) Renew

func (t *TLS) Renew(secret *v1.Secret) (*v1.Secret, error)

Renew returns a copy of the given certificate that has been re-signed to extend the NotAfter date. It is an error to attempt to renew a static (user-provided) certificate.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL