tls

package
v0.7.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Dec 15, 2018 License: Apache-2.0 Imports: 22 Imported by: 0

Documentation

Overview

Package tls defines and generates the tls assets based on its dependencies.

Index

Constants

View Source
const (

	// ValidityTenYears sets the validity of a cert to 10 years.
	ValidityTenYears = time.Hour * 24 * 365 * 10

	// ValidityThirtyMinutes sets the validity of a cert to 30 minutes.
	// This is for the kubelet bootstrap.
	ValidityThirtyMinutes = time.Minute * 30
)

Variables

This section is empty.

Functions

func CSRToPem

func CSRToPem(cert *x509.CertificateRequest) []byte

CSRToPem converts an x509.CertificateRequest to a pem string

func CertToPem

func CertToPem(cert *x509.Certificate) []byte

CertToPem converts an x509.Certificate object to a pem string

func GenerateCert

func GenerateCert(caKey *rsa.PrivateKey,
	caCert *x509.Certificate,
	cfg *CertCfg) (*rsa.PrivateKey, *x509.Certificate, error)

GenerateCert creates a key, csr & a signed cert This is useful for apiserver and openshift-apiser cert which will be authenticated by the kubeconfig using root-ca.

func GenerateRootCA

func GenerateRootCA(key *rsa.PrivateKey, cfg *CertCfg) (*x509.Certificate, error)

GenerateRootCA creates and returns the root CA

func GenerateRootCertKey

func GenerateRootCertKey(cfg *CertCfg) (*rsa.PrivateKey, *x509.Certificate, error)

GenerateRootCertKey generates a root key/cert pair.

func GenerateSignedCert

func GenerateSignedCert(cfg *CertCfg,
	csr *x509.CertificateRequest,
	key *rsa.PrivateKey,
	caKey *rsa.PrivateKey,
	caCert *x509.Certificate) (*x509.Certificate, error)

GenerateSignedCert generates a signed certificate.

func PemToCertificate

func PemToCertificate(data []byte) (*x509.Certificate, error)

PemToCertificate converts a data block to x509.Certificate.

func PemToPrivateKey

func PemToPrivateKey(data []byte) (*rsa.PrivateKey, error)

PemToPrivateKey converts a data block to rsa.PrivateKey.

func PrivateKey

func PrivateKey() (*rsa.PrivateKey, error)

PrivateKey generates an RSA Private key and returns the value

func PrivateKeyToPem

func PrivateKeyToPem(key *rsa.PrivateKey) []byte

PrivateKeyToPem converts an rsa.PrivateKey object to pem string

func PublicKeyToPem

func PublicKeyToPem(key *rsa.PublicKey) ([]byte, error)

PublicKeyToPem converts an rsa.PublicKey object to pem string

func SelfSignedCACert

func SelfSignedCACert(cfg *CertCfg, key *rsa.PrivateKey) (*x509.Certificate, error)

SelfSignedCACert Creates a self signed CA certificate

func SignedCertificate

func SignedCertificate(
	cfg *CertCfg,
	csr *x509.CertificateRequest,
	key *rsa.PrivateKey,
	caCert *x509.Certificate,
	caKey *rsa.PrivateKey,
) (*x509.Certificate, error)

SignedCertificate creates a new X.509 certificate based on a template.

Types

type APIServerCertKey added in v0.3.0

type APIServerCertKey struct {
	CertKey
}

APIServerCertKey is the asset that generates the API server key/cert pair.

func (*APIServerCertKey) Dependencies added in v0.3.0

func (a *APIServerCertKey) Dependencies() []asset.Asset

Dependencies returns the dependency of the the cert/key pair, which includes the parent CA, and install config if it depends on the install config for DNS names, etc.

func (*APIServerCertKey) Generate added in v0.3.0

func (a *APIServerCertKey) Generate(dependencies asset.Parents) error

Generate generates the cert/key pair based on its dependencies.

func (*APIServerCertKey) Name added in v0.3.0

func (a *APIServerCertKey) Name() string

Name returns the human-friendly name of the asset.

type APIServerProxyCertKey added in v0.3.0

type APIServerProxyCertKey struct {
	CertKey
}

APIServerProxyCertKey is the asset that generates the API server proxy key/cert pair.

func (*APIServerProxyCertKey) Dependencies added in v0.3.0

func (a *APIServerProxyCertKey) Dependencies() []asset.Asset

Dependencies returns the dependency of the the cert/key pair, which includes the parent CA, and install config if it depends on the install config for DNS names, etc.

func (*APIServerProxyCertKey) Generate added in v0.3.0

func (a *APIServerProxyCertKey) Generate(dependencies asset.Parents) error

Generate generates the cert/key pair based on its dependencies.

func (*APIServerProxyCertKey) Name added in v0.3.0

func (a *APIServerProxyCertKey) Name() string

Name returns the human-friendly name of the asset.

type AdminCertKey added in v0.3.0

type AdminCertKey struct {
	CertKey
}

AdminCertKey is the asset that generates the admin key/cert pair.

func (*AdminCertKey) Dependencies added in v0.3.0

func (a *AdminCertKey) Dependencies() []asset.Asset

Dependencies returns the dependency of the the cert/key pair, which includes the parent CA, and install config if it depends on the install config for DNS names, etc.

func (*AdminCertKey) Generate added in v0.3.0

func (a *AdminCertKey) Generate(dependencies asset.Parents) error

Generate generates the cert/key pair based on its dependencies.

func (*AdminCertKey) Name added in v0.3.0

func (a *AdminCertKey) Name() string

Name returns the human-friendly name of the asset.

type AggregatorCA added in v0.3.0

type AggregatorCA struct {
	CertKey
}

AggregatorCA is the asset that generates the aggregator-ca key/cert pair.

func (*AggregatorCA) Dependencies added in v0.3.0

func (a *AggregatorCA) Dependencies() []asset.Asset

Dependencies returns the dependency of the the cert/key pair, which includes the parent CA, and install config if it depends on the install config for DNS names, etc.

func (*AggregatorCA) Generate added in v0.3.0

func (a *AggregatorCA) Generate(dependencies asset.Parents) error

Generate generates the cert/key pair based on its dependencies.

func (*AggregatorCA) Name added in v0.3.0

func (a *AggregatorCA) Name() string

Name returns the human-friendly name of the asset.

type AppendParentChoice added in v0.3.0

type AppendParentChoice bool

AppendParentChoice dictates whether the parent's cert is to be added to the cert.

const (
	// AppendParent indicates that the parent's cert should be added.
	AppendParent AppendParentChoice = true
	// DoNotAppendParent indicates that the parent's cert should not be added.
	DoNotAppendParent AppendParentChoice = false
)

type CertCfg

type CertCfg struct {
	DNSNames     []string
	ExtKeyUsages []x509.ExtKeyUsage
	IPAddresses  []net.IP
	KeyUsages    x509.KeyUsage
	Subject      pkix.Name
	Validity     time.Duration
	IsCA         bool
}

CertCfg contains all needed fields to configure a new certificate

type CertKey

type CertKey struct {
	CertRaw  []byte
	KeyRaw   []byte
	FileList []*asset.File
}

CertKey contains the private key and the cert that's signed by the parent CA.

func (*CertKey) Cert added in v0.3.0

func (c *CertKey) Cert() []byte

Cert returns the certificate.

func (*CertKey) Files added in v0.3.0

func (c *CertKey) Files() []*asset.File

Files returns the files generated by the asset.

func (*CertKey) Generate

func (c *CertKey) Generate(
	cfg *CertCfg,
	parentCA CertKeyInterface,
	filenameBase string,
	appendParent AppendParentChoice,
) error

Generate generates a cert/key pair signed by the specified parent CA.

func (*CertKey) Key added in v0.3.0

func (c *CertKey) Key() []byte

Key returns the private key.

func (*CertKey) Load added in v0.3.0

func (c *CertKey) Load(asset.FileFetcher) (bool, error)

Load is a no-op because TLS assets are not written to disk.

type CertKeyInterface added in v0.3.0

type CertKeyInterface interface {
	// Cert returns the certificate.
	Cert() []byte
	// Key returns the private key.
	Key() []byte
}

CertKeyInterface contains a private key and the associated cert.

type EtcdCA added in v0.3.0

type EtcdCA struct {
	CertKey
}

EtcdCA is the asset that generates the etcd-ca key/cert pair.

func (*EtcdCA) Dependencies added in v0.3.0

func (a *EtcdCA) Dependencies() []asset.Asset

Dependencies returns the dependency of the the cert/key pair, which includes the parent CA, and install config if it depends on the install config for DNS names, etc.

func (*EtcdCA) Generate added in v0.3.0

func (a *EtcdCA) Generate(dependencies asset.Parents) error

Generate generates the cert/key pair based on its dependencies.

func (*EtcdCA) Name added in v0.3.0

func (a *EtcdCA) Name() string

Name returns the human-friendly name of the asset.

type EtcdClientCertKey added in v0.3.0

type EtcdClientCertKey struct {
	CertKey
}

EtcdClientCertKey is the asset that generates the etcd client key/cert pair.

func (*EtcdClientCertKey) Dependencies added in v0.3.0

func (a *EtcdClientCertKey) Dependencies() []asset.Asset

Dependencies returns the dependency of the the cert/key pair, which includes the parent CA, and install config if it depends on the install config for DNS names, etc.

func (*EtcdClientCertKey) Generate added in v0.3.0

func (a *EtcdClientCertKey) Generate(dependencies asset.Parents) error

Generate generates the cert/key pair based on its dependencies.

func (*EtcdClientCertKey) Name added in v0.3.0

func (a *EtcdClientCertKey) Name() string

Name returns the human-friendly name of the asset.

type IngressCertKey added in v0.3.0

type IngressCertKey struct {
	CertKey
}

IngressCertKey is the asset that generates the ingress key/cert pair.

func (*IngressCertKey) Dependencies added in v0.3.0

func (a *IngressCertKey) Dependencies() []asset.Asset

Dependencies returns the dependency of the the cert/key pair, which includes the parent CA, and install config if it depends on the install config for DNS names, etc.

func (*IngressCertKey) Generate added in v0.3.0

func (a *IngressCertKey) Generate(dependencies asset.Parents) error

Generate generates the cert/key pair based on its dependencies.

func (*IngressCertKey) Name added in v0.3.0

func (a *IngressCertKey) Name() string

Name returns the human-friendly name of the asset.

type KeyPair

type KeyPair struct {
	Pvt      []byte
	Pub      []byte
	FileList []*asset.File
}

KeyPair contains a private key and a public key.

func (*KeyPair) Files added in v0.3.0

func (k *KeyPair) Files() []*asset.File

Files returns the files generated by the asset.

func (*KeyPair) Generate

func (k *KeyPair) Generate(filenameBase string) error

Generate generates the rsa private / public key pair.

func (*KeyPair) Private added in v0.3.0

func (k *KeyPair) Private() []byte

Private returns the private key.

func (*KeyPair) Public added in v0.3.0

func (k *KeyPair) Public() []byte

Public returns the public key.

type KeyPairInterface added in v0.3.0

type KeyPairInterface interface {
	// Private returns the private key.
	Private() []byte
	// Public returns the public key.
	Public() []byte
}

KeyPairInterface contains a private key and a public key.

type KubeCA added in v0.3.0

type KubeCA struct {
	CertKey
}

KubeCA is the asset that generates the kube-ca key/cert pair.

func (*KubeCA) Dependencies added in v0.3.0

func (a *KubeCA) Dependencies() []asset.Asset

Dependencies returns the dependency of the the cert/key pair, which includes the parent CA, and install config if it depends on the install config for DNS names, etc.

func (*KubeCA) Generate added in v0.3.0

func (a *KubeCA) Generate(dependencies asset.Parents) error

Generate generates the cert/key pair based on its dependencies.

func (*KubeCA) Name added in v0.3.0

func (a *KubeCA) Name() string

Name returns the human-friendly name of the asset.

type KubeletCertKey added in v0.3.0

type KubeletCertKey struct {
	CertKey
}

KubeletCertKey is the asset that generates the kubelet key/cert pair.

func (*KubeletCertKey) Dependencies added in v0.3.0

func (a *KubeletCertKey) Dependencies() []asset.Asset

Dependencies returns the dependency of the the cert/key pair, which includes the parent CA, and install config if it depends on the install config for DNS names, etc.

func (*KubeletCertKey) Generate added in v0.3.0

func (a *KubeletCertKey) Generate(dependencies asset.Parents) error

Generate generates the cert/key pair based on its dependencies.

func (*KubeletCertKey) Name added in v0.3.0

func (a *KubeletCertKey) Name() string

Name returns the human-friendly name of the asset.

type MCSCertKey added in v0.3.0

type MCSCertKey struct {
	CertKey
}

MCSCertKey is the asset that generates the MCS key/cert pair.

func (*MCSCertKey) Dependencies added in v0.3.0

func (a *MCSCertKey) Dependencies() []asset.Asset

Dependencies returns the dependency of the the cert/key pair, which includes the parent CA, and install config if it depends on the install config for DNS names, etc.

func (*MCSCertKey) Generate added in v0.3.0

func (a *MCSCertKey) Generate(dependencies asset.Parents) error

Generate generates the cert/key pair based on its dependencies.

func (*MCSCertKey) Name added in v0.3.0

func (a *MCSCertKey) Name() string

Name returns the human-friendly name of the asset.

type RootCA

type RootCA struct {
	CertKey
}

RootCA contains the private key and the cert that's self-signed as the root CA.

func (*RootCA) Dependencies

func (c *RootCA) Dependencies() []asset.Asset

Dependencies returns the dependency of the root-ca, which is empty.

func (*RootCA) Generate

func (c *RootCA) Generate(parents asset.Parents) error

Generate generates the root-ca key and cert pair.

func (*RootCA) Name

func (c *RootCA) Name() string

Name returns the human-friendly name of the asset.

type ServiceAccountKeyPair added in v0.3.0

type ServiceAccountKeyPair struct {
	KeyPair
}

ServiceAccountKeyPair is the asset that generates the service-account public/private key pair.

func (*ServiceAccountKeyPair) Dependencies added in v0.3.0

func (a *ServiceAccountKeyPair) Dependencies() []asset.Asset

Dependencies returns the dependency of the the cert/key pair, which includes the parent CA, and install config if it depends on the install config for DNS names, etc.

func (*ServiceAccountKeyPair) Generate added in v0.3.0

func (a *ServiceAccountKeyPair) Generate(dependencies asset.Parents) error

Generate generates the cert/key pair based on its dependencies.

func (*ServiceAccountKeyPair) Load added in v0.3.0

Load is a no-op because the service account keypair is not written to disk.

func (*ServiceAccountKeyPair) Name added in v0.3.0

func (a *ServiceAccountKeyPair) Name() string

Name returns the human-friendly name of the asset.

type ServiceServingCA added in v0.3.0

type ServiceServingCA struct {
	CertKey
}

ServiceServingCA is the asset that generates the service-serving-ca key/cert pair.

func (*ServiceServingCA) Dependencies added in v0.3.0

func (a *ServiceServingCA) Dependencies() []asset.Asset

Dependencies returns the dependency of the the cert/key pair, which includes the parent CA, and install config if it depends on the install config for DNS names, etc.

func (*ServiceServingCA) Generate added in v0.3.0

func (a *ServiceServingCA) Generate(dependencies asset.Parents) error

Generate generates the cert/key pair based on its dependencies.

func (*ServiceServingCA) Name added in v0.3.0

func (a *ServiceServingCA) Name() string

Name returns the human-friendly name of the asset.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL