GO-2023-1955: Dapr API token authentication bypass in HTTP endpoints in github.com/dapr/dapr

certs

package

v1.2.0-rc.5 Latest Latest Go to latest Published: May 22, 2021 License: MIT Imports: 15 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/dapr/dapr

Documentation ¶

Index ¶

Constants
func CertPoolFromPEM(certPem []byte) (*x509.CertPool, error)
func CredentialsExist(conf config.SentryConfig) (bool, error)
func DecodePEMCertificates(crtb []byte) ([]*x509.Certificate, error)
func GenerateECPrivateKey() (*ecdsa.PrivateKey, error)
func ParsePemCSR(csrPem []byte) (*x509.CertificateRequest, error)
func StoreCredentials(conf config.SentryConfig, rootCertPem, issuerCertPem, issuerKeyPem []byte) error
type Credentials
- func PEMCredentialsFromFiles(certPem, keyPem []byte) (*Credentials, error)
type PrivateKey
- func DecodePEMKey(key []byte) (*PrivateKey, error)

Constants ¶

View Source

const (
	Certificate   = "CERTIFICATE"
	ECPrivateKey  = "EC PRIVATE KEY"
	RSAPrivateKey = "RSA PRIVATE KEY"
)

View Source

const (
	// KubeScrtName is the name of the kubernetes secret that holds the trust bundle
	KubeScrtName = "dapr-trust-bundle"
	// TrustAnchorsEnvVar is the environment variable name for the trust anchors in the sidecar
	TrustAnchorsEnvVar = "DAPR_TRUST_ANCHORS"
	CertChainEnvVar    = "DAPR_CERT_CHAIN"
	CertKeyEnvVar      = "DAPR_CERT_KEY"
)

Variables ¶

This section is empty.

Functions ¶

func CertPoolFromPEM ¶

func CertPoolFromPEM(certPem []byte) (*x509.CertPool, error)

CertPoolFromPEMString returns a CertPool from a PEM encoded certificates string.

func CredentialsExist ¶ added in v0.11.1

func CredentialsExist(conf config.SentryConfig) (bool, error)

CredentialsExist checks root and issuer credentials exist on a hosting platform

func DecodePEMCertificates ¶

func DecodePEMCertificates(crtb []byte) ([]*x509.Certificate, error)

DecodePEMCertificates takes a PEM encoded x509 certificates byte array and returns A x509 certificate and the block byte array.

func GenerateECPrivateKey ¶

func GenerateECPrivateKey() (*ecdsa.PrivateKey, error)

GenerateECPrivateKey returns a new EC Private Key

func ParsePemCSR ¶

func ParsePemCSR(csrPem []byte) (*x509.CertificateRequest, error)

ParsePemCSR constructs a x509 Certificate Request using the given PEM-encoded certificate signing request.

func StoreCredentials ¶

func StoreCredentials(conf config.SentryConfig, rootCertPem, issuerCertPem, issuerKeyPem []byte) error

StoreCredentials saves the trust bundle in a Kubernetes secret store or locally on disk, depending on the hosting platform

Types ¶

type Credentials ¶

type Credentials struct {
	PrivateKey  *PrivateKey
	Certificate *x509.Certificate
}

Credentials holds a certificate, private key and trust chain

func PEMCredentialsFromFiles ¶

func PEMCredentialsFromFiles(certPem, keyPem []byte) (*Credentials, error)

PEMCredentialsFromFiles takes a path for a key/cert pair and returns a validated Credentials wrapper with a trust chain.

type PrivateKey ¶

type PrivateKey struct {
	Type string
	Key  interface{}
}

PrivateKey wraps a EC or RSA private key

func DecodePEMKey ¶

func DecodePEMKey(key []byte) (*PrivateKey, error)

DecodePEMKey takes a key PEM byte array and returns a PrivateKey that represents Either an RSA or EC private key.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL