Versions in this module Expand all Collapse all v1 v1.1.4 Jan 1, 2018 Changes in this version + const CAPem + const ClientPem + const EmbeddedCACert + const EmbeddedCAKey + const EmbeddedCertsDir + const EmbeddedNodeCert + const EmbeddedNodeKey + const EmbeddedRootCert + const EmbeddedRootKey + const EmbeddedTestUserCert + const EmbeddedTestUserKey + const NodePem + const NodeUser + const RootUser + var ErrEmptyPassword = errors.New("empty passwords are not permitted") + func CompareHashAndPassword(hashedPassword []byte, password string) error + func CreateCAPair(certsDir, caKeyPath string, keySize int, lifetime time.Duration, ...) error + func CreateClientPair(certsDir, caKeyPath string, keySize int, lifetime time.Duration, ...) error + func CreateNodePair(certsDir, caKeyPath string, keySize int, lifetime time.Duration, ...) error + func ExtKeyUsageToString(eku x509.ExtKeyUsage) string + func GenerateCA(signer crypto.Signer, lifetime time.Duration) ([]byte, error) + func GenerateClientCert(caCert *x509.Certificate, caPrivateKey crypto.PrivateKey, ...) ([]byte, error) + func GenerateServerCert(caCert *x509.Certificate, caPrivateKey crypto.PrivateKey, ...) ([]byte, error) + func GetCertificateUser(tlsState *tls.ConnectionState) (string, error) + func HashPassword(password string) ([]byte, error) + func KeyUsageToString(ku x509.KeyUsage) []string + func LoadClientTLSConfig(sslCA, sslCert, sslCertKey string) (*tls.Config, error) + func LoadServerTLSConfig(sslCA, sslCert, sslCertKey string) (*tls.Config, error) + func PEMContentsToX509(contents []byte) ([]*x509.Certificate, error) + func PEMToCertificates(contents []byte) ([]*pem.Block, error) + func PEMToPrivateKey(contents []byte) (crypto.PrivateKey, error) + func PrivateKeyToPEM(key crypto.PrivateKey) (*pem.Block, error) + func PromptForPassword() (string, error) + func PromptForPasswordAndHash() ([]byte, error) + func PromptForPasswordTwice() (string, error) + func ProtoAuthHook(insecureMode bool, tlsState *tls.ConnectionState) (func(proto.Message, bool) error, error) + func ResetAssetLoader() + func SetAssetLoader(al AssetLoader) + func WritePEMToFile(path string, mode os.FileMode, overwrite bool, blocks ...*pem.Block) error + type AssetLoader struct + ReadDir func(dirname string) ([]os.FileInfo, error) + ReadFile func(filename string) ([]byte, error) + Stat func(name string) (os.FileInfo, error) + type CertInfo struct + Error error + ExpirationTime time.Time + FileContents []byte + FileUsage pemUsage + Filename string + KeyFileContents []byte + KeyFilename string + Name string + ParsedCertificates []*x509.Certificate + type CertificateLoader struct + func NewCertificateLoader(certsDir string) *CertificateLoader + func (cl *CertificateLoader) Certificates() []*CertInfo + func (cl *CertificateLoader) Load() error + func (cl *CertificateLoader) MaybeCreateCertsDir() error + func (cl *CertificateLoader) TestDisablePermissionChecks() + type CertificateManager struct + func NewCertificateManager(certsDir string) (*CertificateManager, error) + func NewCertificateManagerFirstRun(certsDir string) (*CertificateManager, error) + func (cm *CertificateManager) CACert() *CertInfo + func (cm *CertificateManager) CACertPath() string + func (cm *CertificateManager) ClientCertPath(user string) string + func (cm *CertificateManager) ClientCerts() map[string]*CertInfo + func (cm *CertificateManager) ClientKeyPath(user string) string + func (cm *CertificateManager) GetCACertPath() (string, error) + func (cm *CertificateManager) GetClientCertPaths(user string) (string, string, error) + func (cm *CertificateManager) GetClientTLSConfig(user string) (*tls.Config, error) + func (cm *CertificateManager) GetEmbeddedServerTLSConfig(_ *tls.ClientHelloInfo) (*tls.Config, error) + func (cm *CertificateManager) GetServerTLSConfig() (*tls.Config, error) + func (cm *CertificateManager) ListCertificates() ([]*CertInfo, error) + func (cm *CertificateManager) LoadCertificates() error + func (cm *CertificateManager) Metrics() CertificateMetrics + func (cm *CertificateManager) NodeCert() *CertInfo + func (cm *CertificateManager) NodeCertPath() string + func (cm *CertificateManager) NodeKeyPath() string + func (cm *CertificateManager) RegisterSignalHandler(stopper *stop.Stopper) + type CertificateMetrics struct + CAExpiration *metric.Gauge + NodeExpiration *metric.Gauge + type RequestWithUser interface + GetUser func() string + type UserAuthHook func(string, bool) error + func UserAuthCertHook(insecureMode bool, tlsState *tls.ConnectionState) (UserAuthHook, error) + func UserAuthPasswordHook(insecureMode bool, password string, hashedPassword []byte) UserAuthHook