tls

package
v6.5.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Sep 6, 2024 License: Apache-2.0 Imports: 24 Imported by: 1

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func CertFingerprint

func CertFingerprint(cert *x509.Certificate) string

func CertFingerprintStr

func CertFingerprintStr(c string) (string, error)

func CertificateTokenDecode

func CertificateTokenDecode(input string) (*api.CertificateAddToken, error)

CertificateTokenDecode decodes a base64 and JSON encoded certificate add token.

func FindOrGenCert

func FindOrGenCert(certf string, keyf string, certtype bool, addHosts bool) error

FindOrGenCert generates a keypair if needed. The type argument is false for server, true for client.

func GenCert

func GenCert(certf string, keyf string, certtype bool, addHosts bool) error

GenCert will create and populate a certificate file and a key file.

func GenerateMemCert

func GenerateMemCert(client bool, addHosts bool) ([]byte, []byte, error)

GenerateMemCert creates client or server certificate and key pair, returning them as byte arrays in memory.

func GenerateTrustCertificate

func GenerateTrustCertificate(cert *CertInfo, name string) (*api.Certificate, error)

GenerateTrustCertificate converts the specified serverCert and serverName into an api.Certificate suitable for use as a trusted cluster server certificate.

func GetRemoteCertificate

func GetRemoteCertificate(address string, useragent string) (*x509.Certificate, error)

func GetTLSConfig

func GetTLSConfig(tlsRemoteCert *x509.Certificate) (*tls.Config, error)

func GetTLSConfigMem

func GetTLSConfigMem(tlsClientCert string, tlsClientKey string, tlsClientCA string, tlsRemoteCertPEM string, insecureSkipVerify bool) (*tls.Config, error)

func InitTLSConfig

func InitTLSConfig() *tls.Config

InitTLSConfig returns a tls.Config populated with default encryption parameters. This is used as baseline config for both client and server certificates.

func IsConnectionError

func IsConnectionError(err error) bool

IsConnectionError returns true if the given error is due to the dialer not being able to connect to the target.

func RFC3493Dialer

func RFC3493Dialer(context context.Context, network string, address string) (net.Conn, error)

RFC3493Dialer connects to the specified server and returns the connection. If the connection cannot be established then an error with the connectErrorPrefix is returned.

func ReadCert

func ReadCert(fpath string) (*x509.Certificate, error)

Types

type CertInfo

type CertInfo struct {
	// contains filtered or unexported fields
}

CertInfo captures TLS certificate information about a certain public/private keypair and an optional CA certificate and CRL.

Given support for PKI setups, these few bits of information are normally used and passed around together, so this structure helps with that (see doc/security.md for more details).

func KeyPairAndCA

func KeyPairAndCA(dir, prefix string, kind CertKind, addHosts bool) (*CertInfo, error)

KeyPairAndCA returns a CertInfo object with a reference to the key pair and (optionally) CA certificate located in the given directory and having the given name prefix

The naming conversion for the various PEM encoded files is:

<prefix>.crt -> public key <prefix>.key -> private key <prefix>.ca -> CA certificate (optional) ca.crl -> CA certificate revocation list (optional)

If no public/private key files are found, a new key pair will be generated and saved on disk.

If a CA certificate is found, it will be returned as well as second return value (otherwise it will be nil).

func KeyPairFromRaw

func KeyPairFromRaw(certificate []byte, key []byte) (*CertInfo, error)

KeyPairFromRaw returns a CertInfo from the raw certificate and key.

func TestingAltKeyPair

func TestingAltKeyPair() *CertInfo

TestingAltKeyPair returns CertInfo object initialized with a test keypair which differs from the one returned by TestCertInfo. It's meant to be used only by tests.

func TestingKeyPair

func TestingKeyPair() *CertInfo

TestingKeyPair returns CertInfo object initialized with a test keypair. It's meant to be used only by tests.

func (*CertInfo) CA

func (c *CertInfo) CA() *x509.Certificate

CA returns the CA certificate.

func (*CertInfo) CRL

func (c *CertInfo) CRL() *x509.RevocationList

CRL returns the certificate revocation list.

func (*CertInfo) Fingerprint

func (c *CertInfo) Fingerprint() string

Fingerprint returns the fingerprint of the public key.

func (*CertInfo) KeyPair

func (c *CertInfo) KeyPair() tls.Certificate

KeyPair returns the public/private key pair.

func (*CertInfo) PrivateKey

func (c *CertInfo) PrivateKey() []byte

PrivateKey is a convenience to encode the underlying private key.

func (*CertInfo) PublicKey

func (c *CertInfo) PublicKey() []byte

PublicKey is a convenience to encode the underlying public key to ASCII.

func (*CertInfo) PublicKeyX509

func (c *CertInfo) PublicKeyX509() (*x509.Certificate, error)

PublicKeyX509 is a convenience to return the underlying public key as an *x509.Certificate.

type CertKind

type CertKind int

CertKind defines the kind of certificate to generate from scratch in KeyPairAndCA when it's not there.

The two possible kinds are client and server, and they differ in the ext-key-usage bitmaps. See GenerateMemCert for more details.

const (
	CertClient CertKind = iota
	CertServer
)

Possible kinds of certificates.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL