Documentation ¶
Overview ¶
Package mtls facilitates Mutual TLS authentication for SansShell.
Index ¶
- func LoadClientCredentials(ctx context.Context, loaderName string) (credentials.TransportCredentials, error)
- func LoadClientTLS(clientCertFile, clientKeyFile string, CAPool *x509.CertPool) (credentials.TransportCredentials, error)
- func LoadRootOfTrust(filename string) (*x509.CertPool, error)
- func LoadServerCredentials(ctx context.Context, loaderName string) (credentials.TransportCredentials, error)
- func LoadServerTLS(clientCertFile, clientKeyFile string, CAPool *x509.CertPool) (credentials.TransportCredentials, error)
- func Loaders() []string
- func NewClientCredentials(cert tls.Certificate, CAPool *x509.CertPool) credentials.TransportCredentials
- func NewServerCredentials(cert tls.Certificate, CAPool *x509.CertPool) credentials.TransportCredentials
- func Register(name string, loader CredentialsLoader) error
- type CredentialsLoader
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func LoadClientCredentials ¶
func LoadClientCredentials(ctx context.Context, loaderName string) (credentials.TransportCredentials, error)
LoadClientCredentials returns transport credentials for SansShell clients, based on the provided `loaderName`
func LoadClientTLS ¶
func LoadClientTLS(clientCertFile, clientKeyFile string, CAPool *x509.CertPool) (credentials.TransportCredentials, error)
LoadClientTLS reads the certificates and keys from disk at the supplied paths, and assembles them into a set of TransportCredentials for the gRPC client.
func LoadRootOfTrust ¶
LoadRootOfTrust will load an CA root of trust(s) from the given file and return a CertPool to use in validating certificates. All CA's to validate against must be presented together in the PEM file.
func LoadServerCredentials ¶
func LoadServerCredentials(ctx context.Context, loaderName string) (credentials.TransportCredentials, error)
LoadServerCredentials returns transport credentials for a SansShell server as retrieved from the specified `loaderName`
func LoadServerTLS ¶
func LoadServerTLS(clientCertFile, clientKeyFile string, CAPool *x509.CertPool) (credentials.TransportCredentials, error)
LoadServerTLS reads the certificates and keys from disk at the supplied paths, and assembles them into a set of TransportCredentials for the gRPC server.
func Loaders ¶
func Loaders() []string
Loaders returns the names of all currently registered CredentialLoader implementations as a sorted list of strings.
func NewClientCredentials ¶
func NewClientCredentials(cert tls.Certificate, CAPool *x509.CertPool) credentials.TransportCredentials
NewClientCredentials returns transport credentials for SansShell clients.
func NewServerCredentials ¶
func NewServerCredentials(cert tls.Certificate, CAPool *x509.CertPool) credentials.TransportCredentials
NewServerCredentials creates transport credentials for a SansShell server.
func Register ¶
func Register(name string, loader CredentialsLoader) error
Register associates a name with a mechanism for loading credentials. Implementations of CredentialsLoader will typically call Register during init()
Types ¶
type CredentialsLoader ¶
type CredentialsLoader interface { // LoadClientCA returns a CertPool which should be used by a server to // validate client certificates. LoadClientCA(context.Context) (*x509.CertPool, error) // LoadRootCA returns a CertPool which should be used by clients to // validate server certificates. LoadRootCA(context.Context) (*x509.CertPool, error) // LoadClientCertificates returns the certificate that should be presented // by the client when connecting to a server. LoadClientCertificate(context.Context) (tls.Certificate, error) // LoadServerCertificate returns the certificate that should be presented // by the server to incoming clients. LoadServerCertificate(context.Context) (tls.Certificate, error) }
A CredentialsLoader loads mTLS credential data.
func Loader ¶
func Loader(name string) (CredentialsLoader, error)
Loader returns the CredentialsLoader associated with `name` or an error if no such implementation is registered.