Documentation
¶
Overview ¶
Package xds contains non-user facing functionality of the xds credentials.
Index ¶
- func SetHandshakeInfo(addr resolver.Address, hInfo *HandshakeInfo) resolver.Address
- type HandshakeInfo
- func (hi *HandshakeInfo) ClientSideTLSConfig(ctx context.Context) (*tls.Config, error)
- func (hi *HandshakeInfo) GetSANMatchersForTesting() []matcher.StringMatcher
- func (hi *HandshakeInfo) MatchingSANExists(cert *x509.Certificate) bool
- func (hi *HandshakeInfo) ServerSideTLSConfig(ctx context.Context) (*tls.Config, error)
- func (hi *HandshakeInfo) SetIdentityCertProvider(identity certprovider.Provider)
- func (hi *HandshakeInfo) SetRequireClientCert(require bool)
- func (hi *HandshakeInfo) SetRootCertProvider(root certprovider.Provider)
- func (hi *HandshakeInfo) SetSANMatchers(sanMatchers []matcher.StringMatcher)
- func (hi *HandshakeInfo) UseFallbackCreds() bool
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func SetHandshakeInfo ¶
func SetHandshakeInfo(addr resolver.Address, hInfo *HandshakeInfo) resolver.Address
SetHandshakeInfo returns a copy of addr in which the Attributes field is updated with hInfo.
Types ¶
type HandshakeInfo ¶
type HandshakeInfo struct {
// contains filtered or unexported fields
}
HandshakeInfo wraps all the security configuration required by client and server handshake methods in xds credentials. The xDS implementation will be responsible for populating these fields.
Safe for concurrent access.
func GetHandshakeInfo ¶
func GetHandshakeInfo(attr *attributes.Attributes) *HandshakeInfo
GetHandshakeInfo returns a pointer to the HandshakeInfo stored in attr.
func NewHandshakeInfo ¶
func NewHandshakeInfo(root, identity certprovider.Provider) *HandshakeInfo
NewHandshakeInfo returns a new instance of HandshakeInfo with the given root and identity certificate providers.
func (*HandshakeInfo) ClientSideTLSConfig ¶
ClientSideTLSConfig constructs a tls.Config to be used in a client-side handshake based on the contents of the HandshakeInfo.
func (*HandshakeInfo) GetSANMatchersForTesting ¶
func (hi *HandshakeInfo) GetSANMatchersForTesting() []matcher.StringMatcher
GetSANMatchersForTesting returns the SAN matchers stored in HandshakeInfo. To be used only for testing purposes.
func (*HandshakeInfo) MatchingSANExists ¶
func (hi *HandshakeInfo) MatchingSANExists(cert *x509.Certificate) bool
MatchingSANExists returns true if the SANs contained in cert match the criteria enforced by the list of SAN matchers in HandshakeInfo.
If the list of SAN matchers in the HandshakeInfo is empty, this function returns true for all input certificates.
func (*HandshakeInfo) ServerSideTLSConfig ¶
ServerSideTLSConfig constructs a tls.Config to be used in a server-side handshake based on the contents of the HandshakeInfo.
func (*HandshakeInfo) SetIdentityCertProvider ¶
func (hi *HandshakeInfo) SetIdentityCertProvider(identity certprovider.Provider)
SetIdentityCertProvider updates the identity certificate provider.
func (*HandshakeInfo) SetRequireClientCert ¶
func (hi *HandshakeInfo) SetRequireClientCert(require bool)
SetRequireClientCert updates whether a client cert is required during the ServerHandshake(). A value of true indicates that we are performing mTLS.
func (*HandshakeInfo) SetRootCertProvider ¶
func (hi *HandshakeInfo) SetRootCertProvider(root certprovider.Provider)
SetRootCertProvider updates the root certificate provider.
func (*HandshakeInfo) SetSANMatchers ¶
func (hi *HandshakeInfo) SetSANMatchers(sanMatchers []matcher.StringMatcher)
SetSANMatchers updates the list of SAN matchers.
func (*HandshakeInfo) UseFallbackCreds ¶
func (hi *HandshakeInfo) UseFallbackCreds() bool
UseFallbackCreds returns true when fallback credentials are to be used based on the contents of the HandshakeInfo.
Source Files