cert

package
v3.0.0-...-544aea1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jan 24, 2025 License: Apache-2.0 Imports: 15 Imported by: 0

Documentation

Overview

Utility functions for managing HTTPS server certificates and SSH known host entries for ArgoCD

Index

Constants

View Source
const (
	// Text marker indicating start of certificate in PEM format
	CertificateBeginMarker = "-----BEGIN CERTIFICATE-----"
	// Text marker indicating end of certificate in PEM format
	CertificateEndMarker = "-----END CERTIFICATE-----"
	// Maximum number of lines for a single certificate
	CertificateMaxLines = 128
	// Maximum number of certificates or known host entries in a stream
	CertificateMaxEntriesPerStream = 256
)

Variables

This section is empty.

Functions

func DecodePEMCertificateToX509

func DecodePEMCertificateToX509(pemData string) (*x509.Certificate, error)

Decode a certificate in PEM format to X509 data structure

func GetCertBundlePathForRepository

func GetCertBundlePathForRepository(serverName string) (string, error)

Gets the full path for a certificate bundle configured from a ConfigMap mount. This function makes sure that the path returned actually contain at least one valid certificate, and no invalid data.

func GetCertPoolFromPEMData

func GetCertPoolFromPEMData(pemData []string) *x509.CertPool

Convert a list of certificates in PEM format to a x509.CertPool object, usable for most golang TLS functions.

func GetCertificateForConnect

func GetCertificateForConnect(serverName string) ([]string, error)

Load certificate data from a file. If the file does not exist, we do not consider it an error and just return empty data.

func GetSSHKnownHostsDataPath

func GetSSHKnownHostsDataPath() string

Get the configured path to where SSH certificates are stored on the local filesystem. If ARGOCD_SSH_DATA_PATH environment is set, path is taken from there, otherwise the default will be returned.

func GetTLSCertificateDataPath

func GetTLSCertificateDataPath() string

Get the configured path to where TLS certificates are stored on the local filesystem. If ARGOCD_TLS_DATA_PATH environment is set, path is taken from there, otherwise the default will be returned.

func IsValidHostname

func IsValidHostname(hostname string, fqdn bool) bool

Can be used to test whether a given string represents a valid hostname If fqdn is true, given string must also be a FQDN representation.

func IsValidSSHKnownHostsEntry

func IsValidSSHKnownHostsEntry(line string) bool

Checks whether we can use a line from ssh_known_hosts data as an actual data source for a RepoCertificate object. This function only checks for syntactic validity, not if the data in the line is valid.

func KnownHostsLineToPublicKey

func KnownHostsLineToPublicKey(line string) ([]string, ssh.PublicKey, error)

Parse a raw known hosts line into a PublicKey object and a list of hosts the key would be valid for.

func MatchHostName

func MatchHostName(hostname, pattern string) bool

We do not use full fledged regular expression for matching the hostname. Instead, we use a less expensive file system glob, which should be fully sufficient for our use case.

func ParseSSHKnownHostsFromData

func ParseSSHKnownHostsFromData(data string) ([]string, error)

Parse SSH Known Hosts data from a multiline string

func ParseSSHKnownHostsFromPath

func ParseSSHKnownHostsFromPath(sourceFile string) ([]string, error)

Parse SSH Known Hosts data from a file

func ParseSSHKnownHostsFromStream

func ParseSSHKnownHostsFromStream(stream io.Reader) ([]string, error)

Parses a list of strings in SSH's known host data format from a stream and returns the valid entries in an array.

func ParseTLSCertificatesFromData

func ParseTLSCertificatesFromData(data string) ([]string, error)

Parse TLS certificates from a multiline string

func ParseTLSCertificatesFromPath

func ParseTLSCertificatesFromPath(sourceFile string) ([]string, error)

Parse TLS certificates from a file

func ParseTLSCertificatesFromStream

func ParseTLSCertificatesFromStream(stream io.Reader) ([]string, error)

Parse TLS certificate data from a data stream. The stream may contain more than one certificate. Each found certificate will generate a unique entry in the returned slice, so the length of the slice indicates how many certificates have been found.

func SSHFingerprintSHA256

func SSHFingerprintSHA256(key ssh.PublicKey) string

base64 sha256 hash with the trailing equal sign removed

func SSHFingerprintSHA256FromString

func SSHFingerprintSHA256FromString(key string) string

Convenience wrapper around SSHFingerprintSHA256

func ServerNameWithoutPort

func ServerNameWithoutPort(serverName string) string

Remove possible port number from hostname and return just the FQDN

func TokenizeSSHKnownHostsEntry

func TokenizeSSHKnownHostsEntry(knownHostsEntry string) (string, string, []byte, error)

Tokenize a known_hosts entry into hostname, key sub type and actual key data

func TokenizedDataToPublicKey

func TokenizedDataToPublicKey(hostname string, subType string, rawKeyData string) ([]string, ssh.PublicKey, error)

Types

type CertificateListSelector

type CertificateListSelector struct {
	// Pattern to match the hostname with
	HostNamePattern string
	// Type of certificate to match
	CertType string
	// Subtype of certificate to match
	CertSubType string
}

Helper struct for certificate selection

type SSHKnownHostsEntry

type SSHKnownHostsEntry struct {
	// Hostname the key is for
	Host string
	// The type of the key
	SubType string
	// The data of the key, including the type
	Data string
	// The SHA256 fingerprint of the key
	Fingerprint string
}

A struct representing an entry in the list of SSH known hosts.

type TLSCertificate

type TLSCertificate struct {
	// Subject of the certificate
	Subject string
	// Issuer of the certificate
	Issuer string
	// Certificate data
	Data string
}

A representation of a TLS certificate

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL