certs

package
v1.8.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Nov 30, 2023 License: Apache-2.0 Imports: 24 Imported by: 0

Documentation

Index

Constants

View Source
const (
	// CertificateBlockType is a possible value for pem.Block.Type.
	CertificateBlockType = "CERTIFICATE"
)

Variables

This section is empty.

Functions

func EncodeCertPEM

func EncodeCertPEM(cert *x509.Certificate) []byte

EncodeCertPEM returns PEM-encoded certificate data

func GeneratePrivateKey

func GeneratePrivateKey(keyType x509.PublicKeyAlgorithm) (crypto.Signer, error)

GeneratePrivateKey generates cert key with default size if 1024. it supports ECDSA and RAS algorithm.

func NewSignedCert

func NewSignedCert(cc *CertConfig, key crypto.Signer, caCert *x509.Certificate, caKey crypto.Signer, isCA bool) (*x509.Certificate, error)

NewSignedCert creates a signed certificate using the given CA certificate and key

func ParsePrivateKeyPEM

func ParsePrivateKeyPEM(keyData []byte) (crypto.Signer, error)

ParsePrivateKeyPEM parses crypto.Signer from byte array. the key must be encryption by ECDSA and RAS.

func RemoveDuplicateAltNames

func RemoveDuplicateAltNames(altNames *certutil.AltNames)

RemoveDuplicateAltNames removes duplicate items in altNames.

func SplitToPairName

func SplitToPairName(name string) string

SplitToPairName is default function to split cert pair name from a secret data key. It only works in this format: karmada.crt, karmada.key.

Types

type AltNamesMutatorConfig

type AltNamesMutatorConfig struct {
	Name                string
	Namespace           string
	ControlplaneAddress string
	Components          *operatorv1alpha1.KarmadaComponents
}

AltNamesMutatorConfig is a config to AltNamesMutator. It includes necessary configs to AltNamesMutator.

type CertConfig

type CertConfig struct {
	Name                string
	CAName              string
	NotAfter            *time.Time
	PublicKeyAlgorithm  x509.PublicKeyAlgorithm // TODO: All public key of karmada cert use the RSA algorithm by default
	Config              certutil.Config
	AltNamesMutatorFunc altNamesMutatorFunc
}

CertConfig represents a config to generate certificate by karmada.

func GetDefaultCertList

func GetDefaultCertList() []*CertConfig

GetDefaultCertList returns all of karmada certConfigs, it include karmada, front and etcd.

func KarmadaCertAdmin

func KarmadaCertAdmin() *CertConfig

KarmadaCertAdmin returns karmada client cert config.

func KarmadaCertApiserver

func KarmadaCertApiserver() *CertConfig

KarmadaCertApiserver returns karmada apiserver cert config.

func KarmadaCertClient

func KarmadaCertClient() *CertConfig

KarmadaCertClient returns karmada client cert config.

func KarmadaCertEtcdCA

func KarmadaCertEtcdCA() *CertConfig

KarmadaCertEtcdCA returns karmada front proxy client cert config.

func KarmadaCertEtcdClient

func KarmadaCertEtcdClient() *CertConfig

KarmadaCertEtcdClient returns etcd client cert config.

func KarmadaCertEtcdServer

func KarmadaCertEtcdServer() *CertConfig

KarmadaCertEtcdServer returns etcd server cert config.

func KarmadaCertFrontProxyCA

func KarmadaCertFrontProxyCA() *CertConfig

KarmadaCertFrontProxyCA returns karmada front proxy cert config.

func KarmadaCertFrontProxyClient

func KarmadaCertFrontProxyClient() *CertConfig

KarmadaCertFrontProxyClient returns karmada front proxy client cert config.

func KarmadaCertRootCA

func KarmadaCertRootCA() *CertConfig

KarmadaCertRootCA returns karmada ca cert config.

type CertStore

type CertStore interface {
	AddCert(cert *KarmadaCert)
	GetCert(name string) *KarmadaCert
	CertList() []*KarmadaCert
	LoadCertFromSecret(secret *corev1.Secret) error
}

CertStore is an Interface that define the cert read and store operator to a cache. And we can load a set of certs form a k8s secret.

func NewCertStore

func NewCertStore() CertStore

NewCertStore returns a cert store. It use default SplitToPairName function to get cert pair name form cert file name.

type KarmadaCert

type KarmadaCert struct {
	// contains filtered or unexported fields
}

KarmadaCert is karmada certificate, it includes certificate basic message. we can directly get the byte array of certificate key and cert from the object.

func CreateCertAndKeyFilesWithCA

func CreateCertAndKeyFilesWithCA(cc *CertConfig, caCertData, caKeyData []byte) (*KarmadaCert, error)

CreateCertAndKeyFilesWithCA loads the given certificate authority from disk, then generates and writes out the given certificate and key. The certSpec and caCertSpec should both be one of the variables from this package.

func NewCertificateAuthority

func NewCertificateAuthority(cc *CertConfig) (*KarmadaCert, error)

NewCertificateAuthority creates new certificate and private key for the certificate authority

func (*KarmadaCert) CertData

func (cert *KarmadaCert) CertData() []byte

CertData returns certificate cert data.

func (*KarmadaCert) CertName

func (cert *KarmadaCert) CertName() string

CertName returns cert file name. its default suffix is ".crt".

func (*KarmadaCert) KeyData

func (cert *KarmadaCert) KeyData() []byte

KeyData returns certificate key data.

func (*KarmadaCert) KeyName

func (cert *KarmadaCert) KeyName() string

KeyName returns cert key file name. its default suffix is ".key".

type KarmadaCertStore

type KarmadaCertStore struct {
	// contains filtered or unexported fields
}

KarmadaCertStore is a cache to store karmada certificate. the key is cert baseName by default.

func (*KarmadaCertStore) AddCert

func (store *KarmadaCertStore) AddCert(cert *KarmadaCert)

AddCert adds a cert to cert store, the cache key is cert pairName by default.

func (*KarmadaCertStore) CertList

func (store *KarmadaCertStore) CertList() []*KarmadaCert

CertList lists all of karmada certs in the cert cache.

func (*KarmadaCertStore) GetCert

func (store *KarmadaCertStore) GetCert(name string) *KarmadaCert

GetCert get cert from store by cert pairName.

func (*KarmadaCertStore) LoadCertFromSecret added in v1.8.0

func (store *KarmadaCertStore) LoadCertFromSecret(secret *corev1.Secret) error

LoadCertFromSecret loads a set of certs form k8s secret resource. we get cert cache key by calling the pairNameFunc function. if the secret data key suffix is ".crt", it be considered cert data. if the suffix is ".key", it be considered cert key data.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL