crypto

package
v3.9.0-alpha.4+incompa... Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jan 28, 2018 License: Apache-2.0 Imports: 25 Imported by: 0

Documentation

Index

Constants

View Source
const (
	DefaultCertificateLifetimeInDays   = 365 * 2 // 2 years
	DefaultCACertificateLifetimeInDays = 365 * 5 // 5 years

)

Variables

This section is empty.

Functions

func CertsFromPEM

func CertsFromPEM(pemCerts []byte) ([]*x509.Certificate, error)

func CipherSuite added in v1.5.1

func CipherSuite(cipherName string) (uint16, error)

func CipherSuiteToNameOrDie

func CipherSuiteToNameOrDie(intVal uint16) string

CipherSuiteToNameOrDie given a cipher suite as an int, return its readable name

func CipherSuitesOrDie added in v1.5.1

func CipherSuitesOrDie(cipherNames []string) []uint16

func CipherSuitesToNamesOrDie

func CipherSuitesToNamesOrDie(intVals []uint16) []string

CipherSuitesToNamesOrDie given a list of cipher suites as ints, return their readable names

func DefaultCiphers added in v1.5.1

func DefaultCiphers() []uint16

func DefaultTLSVersion added in v1.5.1

func DefaultTLSVersion() uint16

func IPAddressesDNSNames

func IPAddressesDNSNames(hosts []string) ([]net.IP, []string)

func NewKeyPair

func NewKeyPair() (crypto.PublicKey, crypto.PrivateKey, error)

func SecureTLSConfig added in v1.0.7

func SecureTLSConfig(config *tls.Config) *tls.Config

SecureTLSConfig enforces the default minimum security settings for the cluster.

func TLSVersion added in v1.5.1

func TLSVersion(versionName string) (uint16, error)

func TLSVersionOrDie added in v1.5.1

func TLSVersionOrDie(versionName string) uint16

func TLSVersionToNameOrDie

func TLSVersionToNameOrDie(intVal uint16) string

TLSVersionToNameOrDie given a tls version as an int, return its readable name

func ValidCipherSuites added in v1.5.1

func ValidCipherSuites() []string

func ValidTLSVersions added in v1.5.1

func ValidTLSVersions() []string

Types

type CA

type CA struct {
	Config *TLSCertificateConfig

	SerialGenerator SerialGenerator
}

func EnsureCA

func EnsureCA(certFile, keyFile, serialFile, name string, expireDays int) (*CA, bool, error)

EnsureCA returns a CA, whether it was created (as opposed to pre-existing), and any error if serialFile is empty, a RandomSerialGenerator will be used

func GetCA

func GetCA(certFile, keyFile, serialFile string) (*CA, error)

if serialFile is empty, a RandomSerialGenerator will be used

func MakeCA

func MakeCA(certFile, keyFile, serialFile, name string, expireDays int) (*CA, error)

if serialFile is empty, a RandomSerialGenerator will be used

func (*CA) EnsureClientCertificate

func (ca *CA) EnsureClientCertificate(certFile, keyFile string, u user.Info, expireDays int) (*TLSCertificateConfig, bool, error)

func (*CA) EnsureServerCert

func (ca *CA) EnsureServerCert(certFile, keyFile string, hostnames sets.String, expireDays int) (*TLSCertificateConfig, bool, error)

func (*CA) MakeAndWriteServerCert added in v1.3.0

func (ca *CA) MakeAndWriteServerCert(certFile, keyFile string, hostnames sets.String, expireDays int) (*TLSCertificateConfig, error)

func (*CA) MakeClientCertificate

func (ca *CA) MakeClientCertificate(certFile, keyFile string, u user.Info, expireDays int) (*TLSCertificateConfig, error)

func (*CA) MakeServerCert

func (ca *CA) MakeServerCert(hostnames sets.String, expireDays int, fns ...CertificateExtensionFunc) (*TLSCertificateConfig, error)

type CertificateExtensionFunc added in v1.5.1

type CertificateExtensionFunc func(*x509.Certificate) error

CertificateExtensionFunc is passed a certificate that it may extend, or return an error if the extension attempt failed.

type RandomSerialGenerator added in v1.1.4

type RandomSerialGenerator struct {
}

RandomSerialGenerator returns a serial based on time.Now and the subject

func (*RandomSerialGenerator) Next added in v1.1.4

func (s *RandomSerialGenerator) Next(template *x509.Certificate) (int64, error)

type SerialFileGenerator added in v1.1.4

type SerialFileGenerator struct {
	SerialFile string

	Serial int64
	// contains filtered or unexported fields
}

SerialFileGenerator returns a unique, monotonically increasing serial number and ensures the CA on disk records that value.

func NewSerialFileGenerator added in v1.1.4

func NewSerialFileGenerator(serialFile string, createIfNeeded bool) (*SerialFileGenerator, error)

func (*SerialFileGenerator) Next added in v1.1.4

func (s *SerialFileGenerator) Next(template *x509.Certificate) (int64, error)

Next returns a unique, monotonically increasing serial number and ensures the CA on disk records that value.

type SerialGenerator added in v1.1.4

type SerialGenerator interface {
	Next(template *x509.Certificate) (int64, error)
}

SerialGenerator is an interface for getting a serial number for the cert. It MUST be thread-safe.

type TLSCARoots

type TLSCARoots struct {
	Roots []*x509.Certificate
}

func GetTLSCARoots

func GetTLSCARoots(caFile string) (*TLSCARoots, error)

type TLSCertificateConfig

type TLSCertificateConfig struct {
	Certs []*x509.Certificate
	Key   crypto.PrivateKey
}

func GetServerCert

func GetServerCert(certFile, keyFile string, hostnames sets.String) (*TLSCertificateConfig, error)

func GetTLSCertificateConfig

func GetTLSCertificateConfig(certFile, keyFile string) (*TLSCertificateConfig, error)

func (*TLSCertificateConfig) GetPEMBytes added in v1.3.0

func (c *TLSCertificateConfig) GetPEMBytes() ([]byte, []byte, error)

Directories

Path Synopsis
Package extensions defines cryptographic extensions for OpenShift.
Package extensions defines cryptographic extensions for OpenShift.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL