tls

package
v6.8.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 13, 2024 License: Apache-2.0 Imports: 24 Imported by: 1

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func CertFingerprint 

func CertFingerprint(cert *x509.Certificate) string

func CertFingerprintStr 

func CertFingerprintStr(c string) (string, error)

func CertificateTokenDecode 

func CertificateTokenDecode(input string) (*api.CertificateAddToken, error)

CertificateTokenDecode decodes a base64 and JSON encoded certificate add token.

func FindOrGenCert 

func FindOrGenCert(certf string, keyf string, certtype bool, addHosts bool) error

FindOrGenCert generates a keypair if needed. The type argument is false for server, true for client.

func GenCert 

func GenCert(certf string, keyf string, certtype bool, addHosts bool) error

GenCert will create and populate a certificate file and a key file.

func GenerateMemCert 

func GenerateMemCert(client bool, addHosts bool) ([]byte, []byte, error)

GenerateMemCert creates client or server certificate and key pair, returning them as byte arrays in memory.

func GenerateTrustCertificate 

func GenerateTrustCertificate(cert *CertInfo, name string) (*api.Certificate, error)

GenerateTrustCertificate converts the specified serverCert and serverName into an api.Certificate suitable for use as a trusted cluster server certificate.

func GetRemoteCertificate 

func GetRemoteCertificate(address string, useragent string) (*x509.Certificate, error)

func GetTLSConfig 

func GetTLSConfig(tlsRemoteCert *x509.Certificate) (*tls.Config, error)

func GetTLSConfigMem 

func GetTLSConfigMem(tlsClientCert string, tlsClientKey string, tlsClientCA string, tlsRemoteCertPEM string, insecureSkipVerify bool) (*tls.Config, error)

func InitTLSConfig 

func InitTLSConfig() *tls.Config

InitTLSConfig returns a tls.Config populated with default encryption parameters. This is used as baseline config for both client and server certificates.

func IsConnectionError 

func IsConnectionError(err error) bool

IsConnectionError returns true if the given error is due to the dialer not being able to connect to the target.

func RFC3493Dialer 

func RFC3493Dialer(context context.Context, network string, address string) (net.Conn, error)

RFC3493Dialer connects to the specified server and returns the connection. If the connection cannot be established then an error with the connectErrorPrefix is returned.

func ReadCert 

func ReadCert(fpath string) (*x509.Certificate, error)

Types

type CertInfo 

type CertInfo struct {
	// contains filtered or unexported fields
}

CertInfo captures TLS certificate information about a certain public/private keypair and an optional CA certificate and CRL.

Given support for PKI setups, these few bits of information are normally used and passed around together, so this structure helps with that (see doc/security.md for more details).

func KeyPairAndCA 

func KeyPairAndCA(dir, prefix string, kind CertKind, addHosts bool) (*CertInfo, error)

KeyPairAndCA returns a CertInfo object with a reference to the key pair and (optionally) CA certificate located in the given directory and having the given name prefix

The naming conversion for the various PEM encoded files is:

<prefix>.crt -> public key <prefix>.key -> private key <prefix>.ca -> CA certificate (optional) ca.crl -> CA certificate revocation list (optional)

If no public/private key files are found, a new key pair will be generated and saved on disk.

If a CA certificate is found, it will be returned as well as second return value (otherwise it will be nil).

func KeyPairFromRaw 

func KeyPairFromRaw(certificate []byte, key []byte) (*CertInfo, error)

KeyPairFromRaw returns a CertInfo from the raw certificate and key.

func TestingAltKeyPair 

func TestingAltKeyPair() *CertInfo

TestingAltKeyPair returns CertInfo object initialized with a test keypair which differs from the one returned by TestCertInfo. It's meant to be used only by tests.

func TestingKeyPair 

func TestingKeyPair() *CertInfo

TestingKeyPair returns CertInfo object initialized with a test keypair. It's meant to be used only by tests.

func (*CertInfo) CA 

func (c *CertInfo) CA() *x509.Certificate

CA returns the CA certificate.

func (*CertInfo) CRL 

func (c *CertInfo) CRL() *x509.RevocationList

CRL returns the certificate revocation list.

func (*CertInfo) Fingerprint 

func (c *CertInfo) Fingerprint() string

Fingerprint returns the fingerprint of the public key.

func (*CertInfo) KeyPair 

func (c *CertInfo) KeyPair() tls.Certificate

KeyPair returns the public/private key pair.

func (*CertInfo) PrivateKey 

func (c *CertInfo) PrivateKey() []byte

PrivateKey is a convenience to encode the underlying private key.

func (*CertInfo) PublicKey 

func (c *CertInfo) PublicKey() []byte

PublicKey is a convenience to encode the underlying public key to ASCII.

func (*CertInfo) PublicKeyX509 

func (c *CertInfo) PublicKeyX509() (*x509.Certificate, error)

PublicKeyX509 is a convenience to return the underlying public key as an *x509.Certificate.

type CertKind 

type CertKind int

CertKind defines the kind of certificate to generate from scratch in KeyPairAndCA when it's not there.

The two possible kinds are client and server, and they differ in the ext-key-usage bitmaps. See GenerateMemCert for more details. 

const (
	CertClient CertKind = iota
	CertServer
)

Possible kinds of certificates.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.