security

package
v0.0.0-...-0486f84 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Dec 9, 2024 License: Apache-2.0 Imports: 6 Imported by: 0

Documentation

Index

Constants

View Source
const (
	KeyFileMode  = 0600
	CertFileMode = 0644
	RootUser     = "root"
)
View Source
const (
	CR            string = "cockroach"
	CERT          string = "cert"
	CREATE_CA     string = "create-ca"
	CREATE_NODE   string = "create-node"
	CREATE_CLIENT string = "create-client"

	CERTS_DIR  string = "--certs-dir=%s"
	CA_KEY     string = "--ca-key=%s"
	Life_Time  string = "--lifetime=%s"
	OVER_WRITE string = "--overwrite"
)

The following constants are used to run the crdb binary

Variables

This section is empty.

Functions

func CreateCAPair

func CreateCAPair(
	certsDir, caKeyPath string,
	keySize int,
	lifetime time.Duration,
	allowKeyReuse bool,
	overwrite bool,
) error

CreateCAPair creates a general CA certificate and associated key.

func CreateClientPair

func CreateClientPair(certsDir, caKeyPath string, keySize int, lifetime time.Duration, overwrite bool,
	user SQLUsername, wantPKCS8Key bool) error

CreateClientPair creates a node key and certificate. The CA cert and key must load properly. If multiple certificates exist in the CA cert, the first one is used. If a client CA exists, this is used instead. If wantPKCS8Key is true, the private key in PKCS#8 encoding is written as well.

func CreateNodePair

func CreateNodePair(certsDir, caKeyPath string, keySize int, lifetime time.Duration, overwrite bool, hosts []string) error

CreateNodePair creates a node key and certificate. The CA cert and key must load properly. If multiple certificates exist in the CA cert, the first one is used.

func GetCertObj

func GetCertObj(pemCert []byte) (*x509.Certificate, error)

Types

type PemUsage

type PemUsage uint32

PemUsage indicates the purpose of a given certificate.

const (

	// CAPem describes the main CA certificate.
	CAPem PemUsage
	// TenantClientCAPem describes the CA certificate used to broker authN/Z for SQL
	// tenants wishing to access the KV layer.
	TenantClientCAPem
	// ClientCAPem describes the CA certificate used to verify client certificates.
	ClientCAPem
	// UICAPem describes the CA certificate used to verify the Admin UI server certificate.
	UICAPem
	// NodePem describes the server certificate for the node, possibly a combined server/client
	// certificate for user Node if a separate 'client.node.crt' is not present.
	NodePem
	// UIPem describes the server certificate for the admin UI.
	UIPem
	// ClientPem describes a client certificate.
	ClientPem
	// TenantClientPem describes a SQL tenant client certificate.
	TenantClientPem
)

type SQLUsername

type SQLUsername struct {
	U string
}

SQLUsername is used to define the username created in the client certificate

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL