encryption

Documentation

Index

• func CreateCertificate(key *ed25519.PrivateKey, hostnames []string, expire time.Duration) (tls.Certificate, error)
• func DecodeText(state, key string) (string, error)
• func DecryptDataBlock(cipherText, key []byte) ([]byte, error)
• func EncodeText(plaintext string, key string) (string, error)
• func EncryptDataBlock(plaintext, key []byte) ([]byte, error)
• func LoadCA(cert, key string) (*tls.Certificate, error)
• type CertificationRotation
  • func NewCertificateRotator(cert, key string, log *zap.Logger, metric *prometheus.Counter) (*CertificationRotation, error)
  • func (c *CertificationRotation) GetCertificate(_ *tls.ClientHelloInfo) (*tls.Certificate, error)
  • func (c *CertificationRotation) Watch() error
• type SelfSignedCertificate
  • func NewSelfSignedCertificate(hostnames []string, expiry time.Duration, log *zap.Logger) (*SelfSignedCertificate, error)
  • func (c *SelfSignedCertificate) GetCertificate(_ *tls.ClientHelloInfo) (*tls.Certificate, error)

Functions

func CreateCertificate

func CreateCertificate(key *ed25519.PrivateKey, hostnames []string, expire time.Duration) (tls.Certificate, error)

createCertificate is responsible for creating a certificate

func DecodeText

func DecodeText(state, key string) (string, error)

decodeText decodes the session state cookie value

func DecryptDataBlock

func DecryptDataBlock(cipherText, key []byte) ([]byte, error)

decryptDataBlock decrypts some cipher text

func EncodeText

func EncodeText(plaintext string, key string) (string, error)

encodeText encodes the session state information into a value for a cookie to consume

func EncryptDataBlock

func EncryptDataBlock(plaintext, key []byte) ([]byte, error)

encryptDataBlock encrypts the plaintext string with the key

func LoadCA

func LoadCA(cert, key string) (*tls.Certificate, error)

loadCA loads the certificate authority

Types

type CertificationRotation

type CertificationRotation struct {
	sync.RWMutex
	// contains filtered or unexported fields
}

func NewCertificateRotator

func NewCertificateRotator(cert, key string, log *zap.Logger, metric *prometheus.Counter) (*CertificationRotation, error)

newCertificateRotator creates a new certificate

func (*CertificationRotation) GetCertificate

func (c *CertificationRotation) GetCertificate(_ *tls.ClientHelloInfo) (*tls.Certificate, error)

GetCertificate is responsible for retrieving

func (*CertificationRotation) Watch

func (c *CertificationRotation) Watch() error

watch is responsible for adding a file notification and watch on the files for changes

type SelfSignedCertificate

type SelfSignedCertificate struct {
	sync.RWMutex
	// contains filtered or unexported fields
}

func NewSelfSignedCertificate

func NewSelfSignedCertificate(hostnames []string, expiry time.Duration, log *zap.Logger) (*SelfSignedCertificate, error)

newSelfSignedCertificate creates and returns a self signed certificate manager

func (*SelfSignedCertificate) GetCertificate

func (c *SelfSignedCertificate) GetCertificate(_ *tls.ClientHelloInfo) (*tls.Certificate, error)

GetCertificate is responsible for retrieving