Documentation
¶
Overview ¶
Package tls implements the logic to generate and install TLS certificates.
Index ¶
- Constants
- type DSAKey
- type DSAKeyGenerator
- type DSAType
- type ECDSAKeyGenerator
- type GRPCTLS
- func (g *GRPCTLS) Certs() map[string]*bytes.Buffer
- func (g *GRPCTLS) FlushToDisk(path string, logger *pterm.Logger) error
- func (g *GRPCTLS) Generate() error
- func (g *GRPCTLS) GenerateCA(notBefore, notAfter time.Time, serialNumberLimit *big.Int) (*x509.Certificate, DSAKey, error)
- func (g *GRPCTLS) GenerateClient(caTemplate *x509.Certificate, caKey DSAKey, notBefore, notAfter time.Time) error
- func (g *GRPCTLS) GenerateServer(caTemplate *x509.Certificate, caKey DSAKey, notBefore, notAfter time.Time, ...) error
- type Options
- type RSAKeyGenerator
Constants ¶
const ( // ServerKey is the default filename of the client private key. ServerKey = "server.key" // ClientKey is the default filename of the client private key. ClientKey = "client.key" // CAKey is the default filename of the certificate authority private key. CAKey = "ca.key" // CACert is the default filename of the certificate authority certificate. CACert = "ca.crt" // ServerCert is the default filename of the server certificate. ServerCert = "server.crt" // ClientCert is the default filename of the client certificate. ClientCert = "client.crt" // DefaultRSABits is the default bit size to generate an RSA keypair. DefaultRSABits int = 4096 // DefaultAlgorithm is the default digital signature algorithm. DefaultAlgorithm = RSAType // ECDSAType represents the ECDSA DSA algorithm. ECDSAType DSAType = "ecdsa" // RSAType represents the RSA DSA algorithm. RSAType DSAType = "rsa" // RSADefaultSize is the default size of the RSA-signed key. RSADefaultSize = 2048 // RSAPrivateKeyPEMHeader is the header of PEM-encoded RSA-signed keys. RSAPrivateKeyPEMHeader = "RSA PRIVATE KEY" // ECDSAPrivateKeyPEMHeader is the header of PEM-encoded ECDSA-signed keys. ECDSAPrivateKeyPEMHeader = "ECDSA PRIVATE KEY" // CertificatePEMHeader is the header of PEM-encoded x509 certificate. CertificatePEMHeader = "CERTIFICATE" )
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type DSAKeyGenerator ¶ added in v0.5.0
type DSAKeyGenerator interface {
GenerateKey() (DSAKey, error)
PEMEncode(key DSAKey) (*bytes.Buffer, error)
}
DSAKeyGenerator is a generator of key pairs used for digital signing.
func NewKeyGenerator ¶ added in v0.5.0
func NewKeyGenerator(dsa DSAType) DSAKeyGenerator
NewKeyGenerator returns a new DSAKeyGenerator, based on the DSAType argument.
type DSAType ¶ added in v0.5.0
type DSAType string
DSAType represents an algorithm for digital signing.
type ECDSAKeyGenerator ¶ added in v0.5.0
type ECDSAKeyGenerator struct {
// contains filtered or unexported fields
}
ECDSAKeyGenerator is a generator of ECDSA key pairs.
func (*ECDSAKeyGenerator) GenerateKey ¶ added in v0.5.0
func (r *ECDSAKeyGenerator) GenerateKey() (DSAKey, error)
GenerateKey returns an ECDSA key pair, with an error.
func (*ECDSAKeyGenerator) PEMEncode ¶ added in v0.5.0
func (r *ECDSAKeyGenerator) PEMEncode(key DSAKey) (*bytes.Buffer, error)
PEMEncode encodes the private key in PEM format and returns a buffer and an error.
func (*ECDSAKeyGenerator) SetCurve ¶ added in v0.5.0
func (r *ECDSAKeyGenerator) SetCurve(curve elliptic.Curve)
SetCurve sets the elliptic curve to generate the key.
type GRPCTLS ¶
type GRPCTLS struct {
// Size of the private key.
RSABits int
Country string
Organization string
CommonName string
Expiration time.Duration
// Subject Alternate Names as DNS domain names.
DNSSANs []string
// Subject Alternate Names as IP addresses.
IPSANs []string
// The digital signing algorithm to sign the key pair.
DSA DSAType
// KeyGenerator is the DSA-signed key generator.
KeyGenerator DSAKeyGenerator
// contains filtered or unexported fields
}
A GRPCTLS represents a TLS Generator for Falco.
func GRPCTLSGenerator ¶
func GRPCTLSGenerator( country, organization, name string, days, keySize int, alternateNames, alternateAddresses []string, algorithm string, keyGenerator DSAKeyGenerator) *GRPCTLS
GRPCTLSGenerator is used to init a new TLS Generator for Falco.
func (*GRPCTLS) FlushToDisk ¶
FlushToDisk is used to persist the cert material from a GRPCTLS to disk given a path.
func (*GRPCTLS) GenerateCA ¶ added in v0.5.0
func (g *GRPCTLS) GenerateCA(notBefore, notAfter time.Time, serialNumberLimit *big.Int) (*x509.Certificate, DSAKey, error)
GenerateCA returns the certificate and private key pair for a certificate authority, and an error.
func (*GRPCTLS) GenerateClient ¶ added in v0.5.0
func (g *GRPCTLS) GenerateClient(caTemplate *x509.Certificate, caKey DSAKey, notBefore, notAfter time.Time) error
GenerateClient returns the certificate and private key pair for a server, and an error.
type Options ¶
type Options struct {
Country string
Org string
Name string
Path string
Days int
RSABits int
DNSSANs []string
IPSANs []string
Algorithm string
Common *commonoptions.Common
}
Options represents the `install tls` command o.
type RSAKeyGenerator ¶ added in v0.5.0
type RSAKeyGenerator struct {
// contains filtered or unexported fields
}
RSAKeyGenerator is a generator of RSA key pairs.
func (*RSAKeyGenerator) GenerateKey ¶ added in v0.5.0
func (r *RSAKeyGenerator) GenerateKey() (DSAKey, error)
GenerateKey returns an RSA key pair, with an error.
func (*RSAKeyGenerator) PEMEncode ¶ added in v0.5.0
func (r *RSAKeyGenerator) PEMEncode(key DSAKey) (*bytes.Buffer, error)
PEMEncode encodes the private key in PEM format and returns a buffer and an error.
func (*RSAKeyGenerator) SetSize ¶ added in v0.5.0
func (r *RSAKeyGenerator) SetSize(bits int)
SetSize sets the size of the RSA key to be generated.
Source Files