sslconfigs

package
v0.4.10 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jul 24, 2022 License: BSD-3-Clause Imports: 12 Imported by: 2

Documentation

Index

Constants

This section is empty.

Variables

View Source
var AllTLSCipherSuites = []TLSCipherSuite{
	"TLS_RSA_WITH_RC4_128_SHA",
	"TLS_RSA_WITH_3DES_EDE_CBC_SHA",
	"TLS_RSA_WITH_AES_128_CBC_SHA",
	"TLS_RSA_WITH_AES_256_CBC_SHA",
	"TLS_RSA_WITH_AES_128_CBC_SHA256",
	"TLS_RSA_WITH_AES_128_GCM_SHA256",
	"TLS_RSA_WITH_AES_256_GCM_SHA384",
	"TLS_ECDHE_ECDSA_WITH_RC4_128_SHA",
	"TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA",
	"TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA",
	"TLS_ECDHE_RSA_WITH_RC4_128_SHA",
	"TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA",
	"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA",
	"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA",
	"TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256",
	"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256",
	"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
	"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
	"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
	"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
	"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305",
	"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305",
	"TLS_AES_128_GCM_SHA256",
	"TLS_AES_256_GCM_SHA384",
	"TLS_CHACHA20_POLY1305_SHA256",
}
View Source
var AllTlsVersions = []TLSVersion{"SSL 3.0", "TLS 1.0", "TLS 1.1", "TLS 1.2", "TLS 1.3"}
View Source
var TLSIntermediateCipherSuites = []string{
	"TLS_AES_128_GCM_SHA256",
	"TLS_CHACHA20_POLY1305_SHA256",
	"TLS_AES_256_GCM_SHA384",

	"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305",
	"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305",
	"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
	"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
	"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
	"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
	"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256",
	"TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256",

	"TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA",
	"TLS_RSA_WITH_3DES_EDE_CBC_SHA",
}
View Source
var TLSModernCipherSuites = []string{
	"TLS_AES_128_GCM_SHA256",
	"TLS_CHACHA20_POLY1305_SHA256",
	"TLS_AES_256_GCM_SHA384",

	"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305",
	"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305",
	"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
	"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
	"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
	"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
}

Functions

func AllSSLClientAuthTypes

func AllSSLClientAuthTypes() []maps.Map

所有的客户端认证类型

func FindSSLClientAuthTypeName

func FindSSLClientAuthTypeName(authType SSLClientAuthType) string

查找单个认证方式的名称

func GoSSLClientAuthType

func GoSSLClientAuthType(authType SSLClientAuthType) tls.ClientAuthType

认证类型和tls包内类型的映射

Types

type HSTSConfig

type HSTSConfig struct {
	IsOn              bool     `yaml:"isOn" json:"isOn"`
	MaxAge            int      `yaml:"maxAge" json:"maxAge"` // 单位秒
	IncludeSubDomains bool     `yaml:"includeSubDomains" json:"includeSubDomains"`
	Preload           bool     `yaml:"preload" json:"preload"`
	Domains           []string `yaml:"domains" json:"domains"`
	// contains filtered or unexported fields
}

HSTS设置 参考: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security

func (*HSTSConfig) HeaderKey

func (this *HSTSConfig) HeaderKey() string

Header Key

func (*HSTSConfig) HeaderValue

func (this *HSTSConfig) HeaderValue() string

取得当前的Header值

func (*HSTSConfig) Init

func (this *HSTSConfig) Init() error

校验

func (*HSTSConfig) Match

func (this *HSTSConfig) Match(domain string) bool

判断是否匹配域名

type SSLCertConfig

type SSLCertConfig struct {
	Id          int64  `yaml:"id" json:"id"`
	IsOn        bool   `yaml:"isOn" json:"isOn"`
	Name        string `yaml:"name" json:"name"`
	Description string `yaml:"description" json:"description"` // 说明
	CertData    []byte `yaml:"certData" json:"certData"`       // 证书数据
	KeyData     []byte `yaml:"keyData" json:"keyData"`         // 密钥数据
	ServerName  string `yaml:"serverName" json:"serverName"`   // 证书使用的主机名,在请求TLS服务器时需要
	IsCA        bool   `yaml:"isCA" json:"isCA"`               // 是否为CA证书
	IsACME      bool   `yaml:"isACME" json:"isACME"`           // 是否通过ACME协议免费申请

	// 以下是从证书中分析所得
	TimeBeginAt int64    `yaml:"timeBeginAt" json:"timeBeginAt"`
	TimeEndAt   int64    `yaml:"timeEndAt" json:"timeEndAt"`
	DNSNames    []string `yaml:"dnsNames" json:"dnsNames"`
	CommonNames []string `yaml:"commonNames" json:"commonNames"`

	// OCSP
	OCSP          []byte `yaml:"ocsp" json:"ocsp"`
	OCSPExpiresAt int64  `yaml:"ocspExpiresAt" json:"ocspExpiresAt"`
	OCSPError     string `yaml:"ocspError" json:"ocspError"`
	// contains filtered or unexported fields
}

SSLCertConfig SSL证书

func (*SSLCertConfig) CertObject

func (this *SSLCertConfig) CertObject() *tls.Certificate

CertObject 获取证书对象

func (*SSLCertConfig) Init

func (this *SSLCertConfig) Init() error

Init 校验

func (*SSLCertConfig) MatchDomain

func (this *SSLCertConfig) MatchDomain(domain string) bool

MatchDomain 校验是否匹配某个域名

func (*SSLCertConfig) TimeBegin

func (this *SSLCertConfig) TimeBegin() time.Time

TimeBegin 开始时间

func (*SSLCertConfig) TimeEnd

func (this *SSLCertConfig) TimeEnd() time.Time

TimeEnd 结束时间

type SSLCertRef

type SSLCertRef struct {
	IsOn   bool  `yaml:"isOn" json:"isOn"`
	CertId int64 `yaml:"certId" json:"certId"`
}

type SSLClientAuthType

type SSLClientAuthType = int

认证类型

const (
	SSLClientAuthTypeNoClientCert               SSLClientAuthType = 0
	SSLClientAuthTypeRequestClientCert          SSLClientAuthType = 1
	SSLClientAuthTypeRequireAnyClientCert       SSLClientAuthType = 2
	SSLClientAuthTypeVerifyClientCertIfGiven    SSLClientAuthType = 3
	SSLClientAuthTypeRequireAndVerifyClientCert SSLClientAuthType = 4
)

type SSLPolicy

type SSLPolicy struct {
	Id   int64 `yaml:"id" json:"id"`     // ID
	IsOn bool  `yaml:"isOn" json:"isOn"` // 是否开启

	CertRefs       []*SSLCertRef     `yaml:"certRefs" json:"certRefs"`
	Certs          []*SSLCertConfig  `yaml:"certs" json:"certs"`
	ClientAuthType SSLClientAuthType `yaml:"clientAuthType" json:"clientAuthType"` // 客户端认证类型
	ClientCARefs   []*SSLCertRef     `yaml:"clientCARefs" json:"clientCARefs"`     // 客户端认证CA证书引用
	ClientCACerts  []*SSLCertConfig  `yaml:"clientCACerts" json:"clientCACerts"`   // 客户端认证CA

	MinVersion       TLSVersion       `yaml:"minVersion" json:"minVersion"`             // 支持的最小版本
	CipherSuitesIsOn bool             `yaml:"cipherSuitesIsOn" json:"cipherSuitesIsOn"` // 是否自定义加密算法套件
	CipherSuites     []TLSCipherSuite `yaml:"cipherSuites" json:"cipherSuites"`         // 加密算法套件

	HSTS         *HSTSConfig `yaml:"hsts" json:"hsts"`                 // HSTS配置
	HTTP2Enabled bool        `yaml:"http2Enabled" json:"http2Enabled"` // 是否启用HTTP2

	OCSPIsOn bool `yaml:"ocspIsOn" json:"ocspIsOn"` // 是否启用OCSP
	// contains filtered or unexported fields
}

SSLPolicy SSL配置

func (*SSLPolicy) CAPool

func (this *SSLPolicy) CAPool() *x509.CertPool

CAPool CA证书Pool,用于TLS对客户端进行认证

func (*SSLPolicy) CheckOCSP

func (this *SSLPolicy) CheckOCSP()

CheckOCSP 检查OCSP过期时间

func (*SSLPolicy) ContainsCert

func (this *SSLPolicy) ContainsCert(certId int64) bool

ContainsCert 检查是否包括某个证书

func (*SSLPolicy) FirstCert

func (this *SSLPolicy) FirstCert() *tls.Certificate

FirstCert 取得第一个证书

func (*SSLPolicy) Init

func (this *SSLPolicy) Init() error

Init 校验配置

func (*SSLPolicy) MatchDomain

func (this *SSLPolicy) MatchDomain(domain string) (cert *tls.Certificate, ok bool)

MatchDomain 校验是否匹配某个域名

func (*SSLPolicy) OcspExpiresAt

func (this *SSLPolicy) OcspExpiresAt() int64

OcspExpiresAt OCSP最近过期时间

func (*SSLPolicy) TLSCipherSuites

func (this *SSLPolicy) TLSCipherSuites() []uint16

TLSCipherSuites 套件

func (*SSLPolicy) TLSConfig

func (this *SSLPolicy) TLSConfig() *tls.Config

func (*SSLPolicy) TLSMinVersion

func (this *SSLPolicy) TLSMinVersion() uint16

TLSMinVersion 取得最小版本

func (*SSLPolicy) UpdateCertOCSP

func (this *SSLPolicy) UpdateCertOCSP(certId int64, ocsp []byte, expiresAt int64)

UpdateCertOCSP 修改某个证书的OCSP

type SSLPolicyRef

type SSLPolicyRef struct {
	IsOn        bool  `yaml:"isOn" json:"isOn"`
	SSLPolicyId int64 `yaml:"sslPolicyId" json:"sslPolicyId"`
}

type TLSCipherSuite

type TLSCipherSuite = string

TLSCipherSuite Cipher Suites

type TLSVersion

type TLSVersion = string

TLSVersion TLS Version

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL