Versions in this module Expand all Collapse all v0 v0.2.0 Jul 13, 2022 v0.1.0 May 11, 2022 Changes in this version + const CASecretName + const CertRegisterCN + const ECPrivateKeyBlockType + const HostTLSCertName + const RSAPrivateKeyBlockType + const YggdrasilCompleteAuth + const YggdrasilRegisterAuth + func VerifyRequest(r *http.Request, verifyType int, verifyOpts x509.VerifyOptions, ...) (bool, error) + type CAProvider interface + CreateRegistrationCertificate func(name string) (map[string][]byte, error) + GetCACertificate func() (*CertificateGroup, error) + GetName func() string + GetServerCertificate func(dnsNames []string, localhostEnabled bool) (*CertificateGroup, error) + SignCSR func(CSRPem string, commonName string, namespace string, expiration time.Time) ([]byte, error) + type CASecretProvider struct + func NewCASecretProvider(client client.Client, namespace string) *CASecretProvider + func (config *CASecretProvider) CreateRegistrationCertificate(name string) (map[string][]byte, error) + func (config *CASecretProvider) GetCACertificate() (*CertificateGroup, error) + func (config *CASecretProvider) GetName() string + func (config *CASecretProvider) GetServerCertificate(dnsNames []string, localhostEnabled bool) (*CertificateGroup, error) + func (config *CASecretProvider) SignCSR(CSRPem string, commonName string, namespace string, expiration time.Time) ([]byte, error) + type CertificateGroup struct + CertPEM *bytes.Buffer + PrivKeyPEM *bytes.Buffer + func NewCACertificateGroupFromSecret(secretData map[string][]byte) (*CertificateGroup, error) + func (c *CertificateGroup) CreatePem() error + func (c *CertificateGroup) GetCert() *x509.Certificate + func (c *CertificateGroup) GetCertificate() (tls.Certificate, error) + func (c *CertificateGroup) GetKey() crypto.PrivateKey + func (c *CertificateGroup) GetNewKey() (crypto.Signer, error) + func (c *CertificateGroup) ImportFromPem() error + func (c *CertificateGroup) MarshalKeyToPem(privKey crypto.PrivateKey) (*bytes.Buffer, error) + type ClientCertificateVerifyError struct + func (e *ClientCertificateVerifyError) Error() string + type InvalidCertificateKindError struct + func (e *InvalidCertificateKindError) Error() string + type NoClientCertSendError struct + func (e *NoClientCertSendError) Error() string + type RegisterClientVerifyError struct + func (e *RegisterClientVerifyError) Error() string + type RequestAuthKey string + type RequestAuthVal struct + CommonName string + Namespace string + type TLSConfig struct + Domains []string + LocalhostEnabled bool + func NewMTLSConfig(client client.Client, namespace string, domains []string, ...) *TLSConfig + func (conf *TLSConfig) CreateRegistrationClientCerts() error + func (conf *TLSConfig) InitCertificates() (*tls.Config, []*x509.Certificate, error) + func (conf *TLSConfig) SetCAProvider(caProviders []CAProvider) + func (conf *TLSConfig) SetClientExpiration(days int) error + func (conf *TLSConfig) SignCSR(CSRPem string, commonName string, namespace string) ([]byte, error)