cert

package
v0.0.0-...-83bc882 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Aug 27, 2024 License: Apache-2.0 Imports: 23 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type AfterCheckFunctionType

type AfterCheckFunctionType func(certificate *Certificate, needsUpdate bool) error

AfterCheckFunctionType is the function signature for functions run if the check was triggered from outside or after the certificate was renewed.

type Certificate

type Certificate struct {
	// CACertificate is the PEM encoded certificate authority certificate.
	CACertificate []byte

	// CAPrivateKey is the PEM encoded certificate authority private key.
	CAPrivateKey []byte

	// ServerCertificate is the PEM encoded server certificate.
	ServerCertificate []byte

	// ServerPrivateKey is the PEM encoded server private key.
	ServerPrivateKey []byte
}

Certificate describes an x509 certificate.

func NewCertificate

func NewCertificate(dnsNames []string) (*Certificate, error)

NewCertificate returns a self-signed certificate generated for the specified DNS names or alternatively an error.

func NewCertificateFromDirectory

func NewCertificateFromDirectory(directoryPath string) (*Certificate, error)

NewCertificateFromDirectory returns a certificate by reading the corresponding certificate files from the specified directory path or alternatively an error.

func NewCertificateFromFileContents

func NewCertificateFromFileContents(fileContents map[string][]byte) *Certificate

NewCertificateFromFileContents returns a certificate by mapping the specified certificate file name keys and content values to the certificate fields.

func (*Certificate) Verify

func (certificate *Certificate) Verify(dnsName string, checkTime time.Time) bool

Verify returns true if

1. the server key pair is valid,

and the server certificate

2. is good for the specified DNS name,

3. is signed by the certificate authority certificate, and

4. is valid for the desired period of time,

otherwise returns false.

func (*Certificate) Write

func (certificate *Certificate) Write(directoryPath string) error

Write writes the content of the certificate files held by the certificate to files under the specified directory path using the standard certificate file names or returns an error.

type Renewer

type Renewer struct {
	// contains filtered or unexported fields
}

Renewer handles the automatic renewal of certificates.

func NewRenewer

func NewRenewer(
	logger logr.Logger,
	dnsNames []string,
	certificateDirectoryPath string,
	shouldCheckCertificate bool,
	afterCheckFunctions ...AfterCheckFunctionType,
) (*Renewer, error)

NewRenewer returns a certificate renewer configured to the specified values.

func (*Renewer) Start

func (renewer *Renewer) Start(ctx context.Context, triggers <-chan struct{}) error

func (*Renewer) WithAfterCheckFunctions

func (renewer *Renewer) WithAfterCheckFunctions(afterCheckFunctions ...AfterCheckFunctionType)

WithAfterCheckFunctions adds appends the specified functions to the existing after check function chain.

func (*Renewer) WithDNSNames

func (renewer *Renewer) WithDNSNames(dnsNames ...string)

WithDNSNames sets the DNS names used by the renewer in the certificate.

type WebhookCertifier

type WebhookCertifier struct {
	// contains filtered or unexported fields
}

WebhookCertifier handles the generation and renewal of webhook certificates.

func NewWebhookCertifier

func NewWebhookCertifier(
	logger logr.Logger,
	webhookName string,
	webhookManager manager.Manager,
	certificateRenewer *Renewer,
) *WebhookCertifier

NewWebhookCertifier returns an object which can manage the generation and renewal of a certificate based on a webhook configuration.

func (*WebhookCertifier) Start

func (certifier *WebhookCertifier) Start(ctx context.Context) error

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL