certprovider

package module
v0.3.2 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Apr 13, 2024 License: MIT Imports: 16 Imported by: 3

README

go-certprovider

Go GoDoc GitHub issues GitHub forks GitHub stars GitHub license

Golang certificate loader and provider for gRPC.

Documentation

Overview

Package certprovider contains a certprovider for finding client and server certificates easily.

Index

Constants

This section is empty.

Variables

View Source
var ErrNoValidCertificates = errors.New("no valid certificates present")

ErrNoValidCertificates returned when no valid certificates are found in ca.pem.

Functions

This section is empty.

Types

type CertificateProvider

type CertificateProvider interface {
	IdentityCert() tls.Certificate
	CAPool() *x509.CertPool
	ServerOption() grpc.ServerOption
	DialOption(serverName string) grpc.DialOption
}

CertificateProvider is an interface to a provider for certificates used with gRPC server and clients.

type DynamicProvider added in v0.3.0

type DynamicProvider struct {
	// contains filtered or unexported fields
}

DynamicProvider uses files for the source of certificates and keys.

func MustDynamicCertProvider added in v0.3.2

func MustDynamicCertProvider(
	opts ...Option,
) *DynamicProvider

MustDynamicCertProvider returns a DynamicCertProvider or panic.

func NewDynamicProvider added in v0.3.0

func NewDynamicProvider(
	opts ...Option,
) (*DynamicProvider, error)

NewDynamicProvider returns a new DynamicProvider using dynamically generated certificates.

func (*DynamicProvider) CAPool added in v0.3.0

func (c *DynamicProvider) CAPool() *x509.CertPool

CAPool returns the CA Pool for the connection.

func (*DynamicProvider) DialOption added in v0.3.0

func (c *DynamicProvider) DialOption(serverName string) grpc.DialOption

DialOption returns the grpc.DialOption used with a gRPC client.

func (*DynamicProvider) IdentityCert added in v0.3.0

func (c *DynamicProvider) IdentityCert() tls.Certificate

IdentityCert returns the Identity Certificate used for the connection.

func (*DynamicProvider) ServerOption added in v0.3.0

func (c *DynamicProvider) ServerOption() grpc.ServerOption

ServerOption returns the grpc.ServerOption for use with a new gRPC server.

type FileProvider

type FileProvider struct {
	// contains filtered or unexported fields
}

FileProvider uses files for the source of certificates and keys.

func MustFileCertProvider added in v0.3.2

func MustFileCertProvider(
	certDir string,
	opts ...Option,
) *FileProvider

MustFileCertProvider returns a FileProvider or panic.

func NewFileProvider

func NewFileProvider(
	certDir string,
	opts ...Option,
) (*FileProvider, error)

NewFileProvider returns a new FileProvider using certs from the specified directory optionally also can be used for gRPC clients by setting server to false.

func (*FileProvider) CAPool

func (c *FileProvider) CAPool() *x509.CertPool

CAPool returns the CA Pool for the connection.

func (*FileProvider) DialOption

func (c *FileProvider) DialOption(serverName string) grpc.DialOption

DialOption returns the grpc.DialOption used with a gRPC client.

func (*FileProvider) IdentityCert

func (c *FileProvider) IdentityCert() tls.Certificate

IdentityCert returns the Identity Certificate used for the connection.

func (*FileProvider) ServerOption

func (c *FileProvider) ServerOption() grpc.ServerOption

ServerOption returns the grpc.ServerOption for use with a new gRPC server.

type Option

type Option interface {
	// contains filtered or unexported methods
}

A Option sets options such as file paths, if a CA should be loaded, etc.

func AddSearchPath

func AddSearchPath(path string) Option

AddSearchPath adds a search path for the files.

func CAFilename

func CAFilename(filename string) Option

CAFilename sets the certificate authority filename to a specific filename.

func CertFilename

func CertFilename(filename string) Option

CertFilename sets the certificate filename to a specific filename.

func CertProvider

func CertProvider() Option

CertProvider sets the file names to the defaults for a mTLS Server.

func ClientProvider

func ClientProvider() Option

ClientProvider sets the file names to the defaults for a mTLS Client.

func DynamicCertKeySize added in v0.3.0

func DynamicCertKeySize(certKeySize int) Option

DynamicCertKeySize sets the key size of a dynamic certificate.

func DynamicCertLifetime added in v0.3.0

func DynamicCertLifetime(certLifetime time.Duration) Option

DynamicCertLifetime sets the lifetime of a dynamic certificate.

func InsecureSkipVerifyOnDial added in v0.3.1

func InsecureSkipVerifyOnDial(verify bool) Option

InsecureSkipVerifyOnDial sets the InsecureSkipVerify on the DialOptions.

func InsecureSkipVerifyOnServer added in v0.3.1

func InsecureSkipVerifyOnServer(verify bool) Option

InsecureSkipVerifyOnServer sets the InsecureSkipVerify on the ServerOptions.

func KeyFilename

func KeyFilename(filename string) Option

KeyFilename sets the key filename to a specific filename.

func MinTLSVersion

func MinTLSVersion(tlsVer uint16) Option

MinTLSVersion sets a minimum TLS version.

func ProviderFromString

func ProviderFromString(in string, defaultProvider Option) Option

ProviderFromString returns a CertificateProviderType from a supplied string.

func ServerProvider

func ServerProvider() Option

ServerProvider sets the file names to the defaults for a mTLS Server.

func UseSystemCAPool

func UseSystemCAPool(enable bool) Option

UseSystemCAPool sets whether the provider should include the system CA pool.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL