Documentation ¶
Overview ¶
Package certprovider contains a certprovider for finding client and server certificates easily.
Index ¶
- Variables
- type CertificateProvider
- type DynamicProvider
- type FileProvider
- type Option
- func AddSearchPath(path string) Option
- func CAFilename(filename string) Option
- func CertFilename(filename string) Option
- func CertProvider() Option
- func ClientProvider() Option
- func DynamicCertKeySize(certKeySize int) Option
- func DynamicCertLifetime(certLifetime time.Duration) Option
- func InsecureSkipVerifyOnDial(verify bool) Option
- func InsecureSkipVerifyOnServer(verify bool) Option
- func KeyFilename(filename string) Option
- func MinTLSVersion(tlsVer uint16) Option
- func ProviderFromString(in string, defaultProvider Option) Option
- func ServerProvider() Option
- func UseSystemCAPool(enable bool) Option
Constants ¶
This section is empty.
Variables ¶
var ErrNoValidCertificates = errors.New("no valid certificates present")
ErrNoValidCertificates returned when no valid certificates are found in ca.pem.
Functions ¶
This section is empty.
Types ¶
type CertificateProvider ¶
type CertificateProvider interface { IdentityCert() tls.Certificate CAPool() *x509.CertPool ServerOption() grpc.ServerOption DialOption(serverName string) grpc.DialOption }
CertificateProvider is an interface to a provider for certificates used with gRPC server and clients.
type DynamicProvider ¶ added in v0.3.0
type DynamicProvider struct {
// contains filtered or unexported fields
}
DynamicProvider uses files for the source of certificates and keys.
func MustDynamicCertProvider ¶ added in v0.3.2
func MustDynamicCertProvider( opts ...Option, ) *DynamicProvider
MustDynamicCertProvider returns a DynamicCertProvider or panic.
func NewDynamicProvider ¶ added in v0.3.0
func NewDynamicProvider( opts ...Option, ) (*DynamicProvider, error)
NewDynamicProvider returns a new DynamicProvider using dynamically generated certificates.
func (*DynamicProvider) CAPool ¶ added in v0.3.0
func (c *DynamicProvider) CAPool() *x509.CertPool
CAPool returns the CA Pool for the connection.
func (*DynamicProvider) DialOption ¶ added in v0.3.0
func (c *DynamicProvider) DialOption(serverName string) grpc.DialOption
DialOption returns the grpc.DialOption used with a gRPC client.
func (*DynamicProvider) IdentityCert ¶ added in v0.3.0
func (c *DynamicProvider) IdentityCert() tls.Certificate
IdentityCert returns the Identity Certificate used for the connection.
func (*DynamicProvider) ServerOption ¶ added in v0.3.0
func (c *DynamicProvider) ServerOption() grpc.ServerOption
ServerOption returns the grpc.ServerOption for use with a new gRPC server.
type FileProvider ¶
type FileProvider struct {
// contains filtered or unexported fields
}
FileProvider uses files for the source of certificates and keys.
func MustFileCertProvider ¶ added in v0.3.2
func MustFileCertProvider( certDir string, opts ...Option, ) *FileProvider
MustFileCertProvider returns a FileProvider or panic.
func NewFileProvider ¶
func NewFileProvider( certDir string, opts ...Option, ) (*FileProvider, error)
NewFileProvider returns a new FileProvider using certs from the specified directory optionally also can be used for gRPC clients by setting server to false.
func (*FileProvider) CAPool ¶
func (c *FileProvider) CAPool() *x509.CertPool
CAPool returns the CA Pool for the connection.
func (*FileProvider) DialOption ¶
func (c *FileProvider) DialOption(serverName string) grpc.DialOption
DialOption returns the grpc.DialOption used with a gRPC client.
func (*FileProvider) IdentityCert ¶
func (c *FileProvider) IdentityCert() tls.Certificate
IdentityCert returns the Identity Certificate used for the connection.
func (*FileProvider) ServerOption ¶
func (c *FileProvider) ServerOption() grpc.ServerOption
ServerOption returns the grpc.ServerOption for use with a new gRPC server.
type Option ¶
type Option interface {
// contains filtered or unexported methods
}
A Option sets options such as file paths, if a CA should be loaded, etc.
func AddSearchPath ¶
AddSearchPath adds a search path for the files.
func CAFilename ¶
CAFilename sets the certificate authority filename to a specific filename.
func CertFilename ¶
CertFilename sets the certificate filename to a specific filename.
func CertProvider ¶
func CertProvider() Option
CertProvider sets the file names to the defaults for a mTLS Server.
func ClientProvider ¶
func ClientProvider() Option
ClientProvider sets the file names to the defaults for a mTLS Client.
func DynamicCertKeySize ¶ added in v0.3.0
DynamicCertKeySize sets the key size of a dynamic certificate.
func DynamicCertLifetime ¶ added in v0.3.0
DynamicCertLifetime sets the lifetime of a dynamic certificate.
func InsecureSkipVerifyOnDial ¶ added in v0.3.1
InsecureSkipVerifyOnDial sets the InsecureSkipVerify on the DialOptions.
func InsecureSkipVerifyOnServer ¶ added in v0.3.1
InsecureSkipVerifyOnServer sets the InsecureSkipVerify on the ServerOptions.
func KeyFilename ¶
KeyFilename sets the key filename to a specific filename.
func MinTLSVersion ¶
MinTLSVersion sets a minimum TLS version.
func ProviderFromString ¶
ProviderFromString returns a CertificateProviderType from a supplied string.
func ServerProvider ¶
func ServerProvider() Option
ServerProvider sets the file names to the defaults for a mTLS Server.
func UseSystemCAPool ¶
UseSystemCAPool sets whether the provider should include the system CA pool.