tls

package
v0.7.0-alpha1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Nov 27, 2023 License: Apache-2.0 Imports: 17 Imported by: 1

Documentation

Overview

Package tls implements the logic to generate and install TLS certificates.

Index

Constants

View Source
const (

	// ServerKey is the default filename of the client private key.
	ServerKey = "server.key"

	// ClientKey is the default filename of the client private key.
	ClientKey = "client.key"

	// CAKey is the default filename of the certificate authority private key.
	CAKey = "ca.key"

	// CACert is the default filename of the certificate authority certificate.
	CACert = "ca.crt"

	// ServerCert is the default filename of the server certificate.
	ServerCert = "server.crt"

	// ClientCert is the default filename of the client certificate.
	ClientCert = "client.crt"

	// DefaultRSABits is the default bit size to generate an RSA keypair.
	DefaultRSABits int = 4096

	// DefaultAlgorithm is the default digital signature algorithm.
	DefaultAlgorithm = RSAType

	// ECDSAType represents the ECDSA DSA algorithm.
	ECDSAType DSAType = "ecdsa"

	// RSAType represents the RSA DSA algorithm.
	RSAType DSAType = "rsa"

	// RSADefaultSize is the default size of the RSA-signed key.
	RSADefaultSize = 2048

	// RSAPrivateKeyPEMHeader is the header of PEM-encoded RSA-signed keys.
	RSAPrivateKeyPEMHeader = "RSA PRIVATE KEY"

	// ECDSAPrivateKeyPEMHeader is the header of PEM-encoded ECDSA-signed keys.
	ECDSAPrivateKeyPEMHeader = "ECDSA PRIVATE KEY"

	// CertificatePEMHeader is the header of PEM-encoded x509 certificate.
	CertificatePEMHeader = "CERTIFICATE"
)

Variables

This section is empty.

Functions

This section is empty.

Types

type DSAKey added in v0.5.0

type DSAKey interface {
	Public() crypto.PublicKey
}

DSAKey represents a key pair used for digital signing.

type DSAKeyGenerator added in v0.5.0

type DSAKeyGenerator interface {
	GenerateKey() (DSAKey, error)
	PEMEncode(key DSAKey) (*bytes.Buffer, error)
}

DSAKeyGenerator is a generator of key pairs used for digital signing.

func NewKeyGenerator added in v0.5.0

func NewKeyGenerator(dsa DSAType) DSAKeyGenerator

NewKeyGenerator returns a new DSAKeyGenerator, based on the DSAType argument.

type DSAType added in v0.5.0

type DSAType string

DSAType represents an algorithm for digital signing.

type ECDSAKeyGenerator added in v0.5.0

type ECDSAKeyGenerator struct {
	// contains filtered or unexported fields
}

ECDSAKeyGenerator is a generator of ECDSA key pairs.

func (*ECDSAKeyGenerator) GenerateKey added in v0.5.0

func (r *ECDSAKeyGenerator) GenerateKey() (DSAKey, error)

GenerateKey returns an ECDSA key pair, with an error.

func (*ECDSAKeyGenerator) PEMEncode added in v0.5.0

func (r *ECDSAKeyGenerator) PEMEncode(key DSAKey) (*bytes.Buffer, error)

PEMEncode encodes the private key in PEM format and returns a buffer and an error.

func (*ECDSAKeyGenerator) SetCurve added in v0.5.0

func (r *ECDSAKeyGenerator) SetCurve(curve elliptic.Curve)

SetCurve sets the elliptic curve to generate the key.

type GRPCTLS

type GRPCTLS struct {

	// Size of the private key.
	RSABits      int
	Country      string
	Organization string
	CommonName   string
	Expiration   time.Duration

	// Subject Alternate Names as DNS domain names.
	DNSSANs []string

	// Subject Alternate Names as IP addresses.
	IPSANs []string

	// The digital signing algorithm to sign the key pair.
	DSA DSAType

	// KeyGenerator is the DSA-signed key generator.
	KeyGenerator DSAKeyGenerator
	// contains filtered or unexported fields
}

A GRPCTLS represents a TLS Generator for Falco.

func GRPCTLSGenerator

func GRPCTLSGenerator(
	country, organization, name string,
	days, keySize int,
	alternateNames, alternateAddresses []string, algorithm string,
	keyGenerator DSAKeyGenerator) *GRPCTLS

GRPCTLSGenerator is used to init a new TLS Generator for Falco.

func (*GRPCTLS) Certs added in v0.5.0

func (g *GRPCTLS) Certs() map[string]*bytes.Buffer

Certs returns the certificate material as map of buffers.

func (*GRPCTLS) FlushToDisk

func (g *GRPCTLS) FlushToDisk(path string, logger *pterm.Logger) error

FlushToDisk is used to persist the cert material from a GRPCTLS to disk given a path.

func (*GRPCTLS) Generate

func (g *GRPCTLS) Generate() error

Generate is used to first generate TLS material in memory.

func (*GRPCTLS) GenerateCA added in v0.5.0

func (g *GRPCTLS) GenerateCA(notBefore, notAfter time.Time, serialNumberLimit *big.Int) (*x509.Certificate, DSAKey, error)

GenerateCA returns the certificate and private key pair for a certificate authority, and an error.

func (*GRPCTLS) GenerateClient added in v0.5.0

func (g *GRPCTLS) GenerateClient(caTemplate *x509.Certificate, caKey DSAKey, notBefore, notAfter time.Time) error

GenerateClient returns the certificate and private key pair for a server, and an error.

func (*GRPCTLS) GenerateServer added in v0.5.0

func (g *GRPCTLS) GenerateServer(caTemplate *x509.Certificate, caKey DSAKey, notBefore, notAfter time.Time, serialNumberLimit *big.Int) error

GenerateServer returns the certificate and private key pair for a server, and an error.

type Options

type Options struct {
	Country   string
	Org       string
	Name      string
	Path      string
	Days      int
	RSABits   int
	DNSSANs   []string
	IPSANs    []string
	Algorithm string

	Common *commonoptions.Common
}

Options represents the `install tls` command o.

func (*Options) Run

func (o *Options) Run() error

Run executes the business logic of the `install tls` command.

type RSAKeyGenerator added in v0.5.0

type RSAKeyGenerator struct {
	// contains filtered or unexported fields
}

RSAKeyGenerator is a generator of RSA key pairs.

func (*RSAKeyGenerator) GenerateKey added in v0.5.0

func (r *RSAKeyGenerator) GenerateKey() (DSAKey, error)

GenerateKey returns an RSA key pair, with an error.

func (*RSAKeyGenerator) PEMEncode added in v0.5.0

func (r *RSAKeyGenerator) PEMEncode(key DSAKey) (*bytes.Buffer, error)

PEMEncode encodes the private key in PEM format and returns a buffer and an error.

func (*RSAKeyGenerator) SetSize added in v0.5.0

func (r *RSAKeyGenerator) SetSize(bits int)

SetSize sets the size of the RSA key to be generated.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL