Documentation
¶
Overview ¶
Package tlsca provides internal TLS certificate authority used for mutual TLS authentication with the auth server and internal teleport components and external clients
Index ¶
- func ClusterName(subject pkix.Name) (string, error)
- func GenerateRSAPrivateKeyPEM() ([]byte, error)
- func GenerateSelfSignedCA(entity pkix.Name, dnsNames []string, ttl time.Duration) ([]byte, []byte, error)
- func GenerateSelfSignedCAWithPrivateKey(priv *rsa.PrivateKey, entity pkix.Name, dnsNames []string, ttl time.Duration) ([]byte, []byte, error)
- func ParseCertificatePEM(bytes []byte) (*x509.Certificate, error)
- func ParseCertificateRequestPEM(bytes []byte) (*x509.CertificateRequest, error)
- func ParsePrivateKeyDER(der []byte) (crypto.Signer, error)
- func ParsePrivateKeyPEM(bytes []byte) (crypto.Signer, error)
- type CertAuthority
- type CertificateRequest
- type Identity
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func ClusterName ¶
ClusterName returns cluster name from organization
func GenerateRSAPrivateKeyPEM ¶
GenerateRSAPrivateKeyPEM generates new RSA private key and returns PEM encoded bytes
func GenerateSelfSignedCA ¶
func GenerateSelfSignedCA(entity pkix.Name, dnsNames []string, ttl time.Duration) ([]byte, []byte, error)
GenerateSelfSignedCA generates self-signed certificate authority used for internal inter-node communications
func GenerateSelfSignedCAWithPrivateKey ¶
func GenerateSelfSignedCAWithPrivateKey(priv *rsa.PrivateKey, entity pkix.Name, dnsNames []string, ttl time.Duration) ([]byte, []byte, error)
GenerateSelfSignedCA generates self-signed certificate authority used for internal inter-node communications
func ParseCertificatePEM ¶
func ParseCertificatePEM(bytes []byte) (*x509.Certificate, error)
ParseCertificatePEM parses PEM-encoded certificate
func ParseCertificateRequestPEM ¶
func ParseCertificateRequestPEM(bytes []byte) (*x509.CertificateRequest, error)
ParseCertificateRequestPEM parses PEM-encoded certificate signing request
func ParsePrivateKeyDER ¶
ParsePrivateKeyDER parses unencrypted DER-encoded private key
Types ¶
type CertAuthority ¶
type CertAuthority struct {
// Cert is a CA certificate
Cert *x509.Certificate
// Signer is a private key based signer
Signer crypto.Signer
}
CertAuthority is X.509 certificate authority
func New ¶
func New(certPEM, keyPEM []byte) (*CertAuthority, error)
New returns new CA from PEM encoded certificate and private key. Private Key is optional, if omitted CA won't be able to issue new certificates, only verify them
func (*CertAuthority) GenerateCertificate ¶
func (ca *CertAuthority) GenerateCertificate(req CertificateRequest) ([]byte, error)
GenerateCertificate generates certificate from request
type CertificateRequest ¶
type CertificateRequest struct {
// Clock is a clock used to get current or test time
Clock clockwork.Clock
// PublicKey is a public key to sign
PublicKey crypto.PublicKey
// Subject is a subject to include in certificate
Subject pkix.Name
// NotAfter is a time after which the issued certificate
// will be no longer valid
NotAfter time.Time
// DNSNames is a list of DNS names to add to certificate
DNSNames []string
}
CertificateRequest is a X.509 signing certificate request
func (*CertificateRequest) CheckAndSetDefaults ¶
func (c *CertificateRequest) CheckAndSetDefaults() error
CheckAndSetDefaults checks and sets default values
type Identity ¶
type Identity struct {
// Username is a username or name of the node connection
Username string
// Groups is a list of groups (Teleport roles) encoded in the identity
Groups []string
// Usage is a list of usage restrictions encoded in the identity
Usage []string
}
Identity is an identity of the user or service, e.g. Proxy or Node
func FromSubject ¶
FromSubject returns identity from subject name
func (*Identity) CheckAndSetDefaults ¶
CheckAndSetDefaults checks and sets default values
Source Files