mtls

package
v1.0.3 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 16, 2022 License: Apache-2.0 Imports: 9 Imported by: 0

Documentation

Overview

Package mtls facilitates Mutual TLS authentication for SansShell.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func LoadClientCredentials 

func LoadClientCredentials(ctx context.Context, loaderName string) (credentials.TransportCredentials, error)

LoadClientCredentials returns transport credentials for SansShell clients, based on the provided `loaderName`

func LoadClientTLS 

func LoadClientTLS(clientCertFile, clientKeyFile string, CAPool *x509.CertPool) (credentials.TransportCredentials, error)

LoadClientTLS reads the certificates and keys from disk at the supplied paths, and assembles them into a set of TransportCredentials for the gRPC client.

func LoadRootOfTrust 

func LoadRootOfTrust(filename string) (*x509.CertPool, error)

LoadRootOfTrust will load an CA root of trust from the given file and return a CertPool to use in validating certificates.

func LoadServerCredentials 

func LoadServerCredentials(ctx context.Context, loaderName string) (credentials.TransportCredentials, error)

LoadServerCredentials returns transport credentials for a SansShell server as retrieved from the specified `loaderName`

func LoadServerTLS 

func LoadServerTLS(clientCertFile, clientKeyFile string, CAPool *x509.CertPool) (credentials.TransportCredentials, error)

LoadServerTLS reads the certificates and keys from disk at the supplied paths, and assembles them into a set of TransportCredentials for the gRPC server.

func Loaders 

func Loaders() []string

Loaders returns the names of all currently registered CredentialLoader implementations as a sorted list of strings.

func NewClientCredentials 

func NewClientCredentials(cert tls.Certificate, CAPool *x509.CertPool) credentials.TransportCredentials

NewClientCredentials returns transport credentials for SansShell clients.

func NewServerCredentials 

func NewServerCredentials(cert tls.Certificate, CAPool *x509.CertPool) credentials.TransportCredentials

NewServerCredentials creates transport credentials for a SansShell server.

func Register 

func Register(name string, loader CredentialsLoader) error

Register associates a name with a mechanism for loading credentials. Implementations of CredentialsLoader will typically call Register during init()

Types

type CredentialsLoader 

type CredentialsLoader interface {
	// LoadClientCA returns a CertPool which should be used by a server to
	// validate client certificates.
	LoadClientCA(context.Context) (*x509.CertPool, error)

	// LoadRootCA returns a CertPool which should be used by clients to
	// validate server certificates.
	LoadRootCA(context.Context) (*x509.CertPool, error)

	// LoadClientCertificates returns the certificate that should be presented
	// by the client when connecting to a server.
	LoadClientCertificate(context.Context) (tls.Certificate, error)

	// LoadServerCertificate returns the certificate that should be presented
	// by the server to incoming clients.
	LoadServerCertificate(context.Context) (tls.Certificate, error)
}

A CredentialsLoader loads mTLS credential data.

func Loader 

func Loader(name string) (CredentialsLoader, error)

Loader returns the CredentialsLoader associated with `name` or an error if no such implementation is registered.

Source Files

View all Source files

Directories

Path Synopsis
Package flags provides flag support for loading client/server certs and CA root of trust.
 Package flags provides flag support for loading client/server certs and CA root of trust.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.