mtls

package
v1.0.7 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Mar 4, 2022 License: Apache-2.0 Imports: 9 Imported by: 0

Documentation

Overview

Package mtls facilitates Mutual TLS authentication for SansShell.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func LoadClientCredentials

func LoadClientCredentials(ctx context.Context, loaderName string) (credentials.TransportCredentials, error)

LoadClientCredentials returns transport credentials for SansShell clients, based on the provided `loaderName`

func LoadClientTLS

func LoadClientTLS(clientCertFile, clientKeyFile string, CAPool *x509.CertPool) (credentials.TransportCredentials, error)

LoadClientTLS reads the certificates and keys from disk at the supplied paths, and assembles them into a set of TransportCredentials for the gRPC client.

func LoadRootOfTrust

func LoadRootOfTrust(filename string) (*x509.CertPool, error)

LoadRootOfTrust will load an CA root of trust(s) from the given file and return a CertPool to use in validating certificates. All CA's to validate against must be presented together in the PEM file.

func LoadServerCredentials

func LoadServerCredentials(ctx context.Context, loaderName string) (credentials.TransportCredentials, error)

LoadServerCredentials returns transport credentials for a SansShell server as retrieved from the specified `loaderName`

func LoadServerTLS

func LoadServerTLS(clientCertFile, clientKeyFile string, CAPool *x509.CertPool) (credentials.TransportCredentials, error)

LoadServerTLS reads the certificates and keys from disk at the supplied paths, and assembles them into a set of TransportCredentials for the gRPC server.

func Loaders

func Loaders() []string

Loaders returns the names of all currently registered CredentialLoader implementations as a sorted list of strings.

func NewClientCredentials

func NewClientCredentials(cert tls.Certificate, CAPool *x509.CertPool) credentials.TransportCredentials

NewClientCredentials returns transport credentials for SansShell clients.

func NewServerCredentials

func NewServerCredentials(cert tls.Certificate, CAPool *x509.CertPool) credentials.TransportCredentials

NewServerCredentials creates transport credentials for a SansShell server.

func Register

func Register(name string, loader CredentialsLoader) error

Register associates a name with a mechanism for loading credentials. Implementations of CredentialsLoader will typically call Register during init()

Types

type CredentialsLoader

type CredentialsLoader interface {
	// LoadClientCA returns a CertPool which should be used by a server to
	// validate client certificates.
	// NOTE: The pool returned here will be the only pool used to validate certificates.
	//       Inclusion of system certificates should be done by copying from x509.SystemCertPool(),
	//       with any custom certificates appended.
	LoadClientCA(context.Context) (*x509.CertPool, error)

	// LoadRootCA returns a CertPool which should be used by clients to
	// validate server certificates.
	// NOTE: The pool returned here will be the only pool used to validate certificates.
	//       Inclusion of system certificates should be done by copying from x509.SystemCertPool(),
	//       with any custom certificates appended.
	LoadRootCA(context.Context) (*x509.CertPool, error)

	// LoadClientCertificates returns the certificate that should be presented
	// by the client when connecting to a server.
	LoadClientCertificate(context.Context) (tls.Certificate, error)

	// LoadServerCertificate returns the certificate that should be presented
	// by the server to incoming clients.
	LoadServerCertificate(context.Context) (tls.Certificate, error)
}

A CredentialsLoader loads mTLS credential data.

func Loader

func Loader(name string) (CredentialsLoader, error)

Loader returns the CredentialsLoader associated with `name` or an error if no such implementation is registered.

Directories

Path Synopsis
Package flags provides flag support for loading client/server certs and CA root of trust.
Package flags provides flag support for loading client/server certs and CA root of trust.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL