Documentation
¶
Index ¶
- Constants
- func GenCA() (*x509.Certificate, crypto.Signer, error)
- func IsStatic(secret *v1.Secret) bool
- func LoadCA(caPem, caKey []byte) (*x509.Certificate, crypto.Signer, error)
- func LoadCerts(certFile, keyFile string) (*x509.Certificate, crypto.Signer, error)
- func LoadOrGenCA() (*x509.Certificate, crypto.Signer, error)
- func Marshal(x509Cert *x509.Certificate, privateKey crypto.Signer) ([]byte, []byte, error)
- func NeedsUpdate(maxSANs int, secret *v1.Secret, cn ...string) bool
- func NewPrivateKey() (crypto.Signer, error)
- func NewSelfSignedCACert(key crypto.Signer, cn string, org ...string) (*x509.Certificate, error)
- func NewSignedCert(signer crypto.Signer, caCert *x509.Certificate, caKey crypto.Signer, cn string, ...) (*x509.Certificate, error)
- func NewSignedClientCert(signer crypto.Signer, caCert *x509.Certificate, caKey crypto.Signer, cn string) (*x509.Certificate, error)
- func ParseCertPEM(pemCerts []byte) (*x509.Certificate, error)
- type TLS
- func (t *TLS) AddCN(secret *v1.Secret, cn ...string) (*v1.Secret, bool, error)
- func (t *TLS) Filter(cn ...string) []string
- func (t *TLS) Merge(target, additional *v1.Secret) (*v1.Secret, bool, error)
- func (t *TLS) Regenerate(secret *v1.Secret) (*v1.Secret, error)
- func (t *TLS) Renew(secret *v1.Secret) (*v1.Secret, error)
Constants ¶
const (
CertificateBlockType = "CERTIFICATE"
)
const (
Static = "listener.cattle.io/static"
)
Variables ¶
This section is empty.
Functions ¶
func IsStatic ¶ added in v0.2.1
IsStatic returns true if the Secret has an attribute indicating that it contains a static (aka user-provided) certificate, which should not be modified.
func LoadOrGenCA ¶
func LoadOrGenCA() (*x509.Certificate, crypto.Signer, error)
func NeedsUpdate ¶
NeedsUpdate returns true if any of the CNs are not currently present on the secret's Certificate, as recorded in the cnPrefix annotations. It will return false if all requested CNs are already present, or if maxSANs is non-zero and has been exceeded.
func NewPrivateKey ¶
NewPrivateKey returnes a new ECDSA key
func NewSelfSignedCACert ¶
func NewSignedCert ¶
func NewSignedClientCert ¶ added in v0.2.1
func NewSignedClientCert(signer crypto.Signer, caCert *x509.Certificate, caKey crypto.Signer, cn string) (*x509.Certificate, error)
func ParseCertPEM ¶
func ParseCertPEM(pemCerts []byte) (*x509.Certificate, error)
Types ¶
type TLS ¶
type TLS struct {
CACert *x509.Certificate
CAKey crypto.Signer
CN string
Organization []string
FilterCN func(...string) []string
}
func (*TLS) AddCN ¶
AddCN attempts to add a list of CN strings to a given Secret, returning the potentially-modified Secret along with a bool indicating whether or not it has been updated. The Secret will not be changed if it has an attribute indicating that it is static (aka user-provided), or if no new CNs were added.
func (*TLS) Filter ¶ added in v0.2.1
Filter ensures that the CNs are all valid accorting to both internal logic, and any filter callbacks. The returned list will contain only approved CN entries.
func (*TLS) Merge ¶
Merge combines the SAN lists from the target and additional Secrets, and returns a potentially modified Secret, along with a bool indicating if the returned Secret is not the same as the target Secret.
If the merge would not add any CNs to the additional Secret, the additional Secret is returned, to allow for certificate rotation/regeneration.
If the merge would not add any CNs to the target Secret, the target Secret is returned; no merging is necessary.
If neither certificate is acceptable as-is, a new certificate containing the union of the two lists is generated, using the private key from the first Secret. The returned Secret will contain the updated cert.
Source Files