crypto

package
v3.6.0-rc.0+incompatible Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jul 13, 2017 License: Apache-2.0 Imports: 25 Imported by: 0

Documentation

Index

Constants

View Source
const (
	DefaultCertificateLifetimeInDays   = 365 * 2 // 2 years
	DefaultCACertificateLifetimeInDays = 365 * 5 // 5 years

)

Variables

This section is empty.

Functions

func CertsFromPEM added in v0.4.2

func CertsFromPEM(pemCerts []byte) ([]*x509.Certificate, error)

func CipherSuite

func CipherSuite(cipherName string) (uint16, error)

func CipherSuitesOrDie

func CipherSuitesOrDie(cipherNames []string) []uint16

func DefaultCiphers

func DefaultCiphers() []uint16

func DefaultTLSVersion

func DefaultTLSVersion() uint16

func IPAddressesDNSNames added in v0.2.2

func IPAddressesDNSNames(hosts []string) ([]net.IP, []string)

func NewKeyPair

func NewKeyPair() (crypto.PublicKey, crypto.PrivateKey, error)

func SecureTLSConfig added in v1.0.7

func SecureTLSConfig(config *tls.Config) *tls.Config

SecureTLSConfig enforces the default minimum security settings for the cluster.

func TLSVersion

func TLSVersion(versionName string) (uint16, error)

func TLSVersionOrDie

func TLSVersionOrDie(versionName string) uint16

func ValidCipherSuites

func ValidCipherSuites() []string

func ValidTLSVersions

func ValidTLSVersions() []string

Types

type CA

type CA struct {
	Config *TLSCertificateConfig

	SerialGenerator SerialGenerator
}

func EnsureCA added in v0.4.2

func EnsureCA(certFile, keyFile, serialFile, name string, expireDays int) (*CA, bool, error)

EnsureCA returns a CA, whether it was created (as opposed to pre-existing), and any error if serialFile is empty, a RandomSerialGenerator will be used

func GetCA added in v0.4.2

func GetCA(certFile, keyFile, serialFile string) (*CA, error)

if serialFile is empty, a RandomSerialGenerator will be used

func MakeCA added in v0.4.2

func MakeCA(certFile, keyFile, serialFile, name string, expireDays int) (*CA, error)

if serialFile is empty, a RandomSerialGenerator will be used

func (*CA) EnsureClientCertificate added in v0.4.2

func (ca *CA) EnsureClientCertificate(certFile, keyFile string, u user.Info, expireDays int) (*TLSCertificateConfig, bool, error)

func (*CA) EnsureServerCert added in v0.4.2

func (ca *CA) EnsureServerCert(certFile, keyFile string, hostnames sets.String, expireDays int) (*TLSCertificateConfig, bool, error)

func (*CA) MakeAndWriteServerCert added in v1.3.0

func (ca *CA) MakeAndWriteServerCert(certFile, keyFile string, hostnames sets.String, expireDays int) (*TLSCertificateConfig, error)

func (*CA) MakeClientCertificate added in v0.4.2

func (ca *CA) MakeClientCertificate(certFile, keyFile string, u user.Info, expireDays int) (*TLSCertificateConfig, error)

func (*CA) MakeServerCert

func (ca *CA) MakeServerCert(hostnames sets.String, expireDays int, fns ...CertificateExtensionFunc) (*TLSCertificateConfig, error)

type CertificateExtensionFunc

type CertificateExtensionFunc func(*x509.Certificate) error

CertificateExtensionFunc is passed a certificate that it may extend, or return an error if the extension attempt failed.

type RandomSerialGenerator added in v1.1.4

type RandomSerialGenerator struct {
}

RandomSerialGenerator returns a serial based on time.Now and the subject

func (*RandomSerialGenerator) Next added in v1.1.4

func (s *RandomSerialGenerator) Next(template *x509.Certificate) (int64, error)

type SerialFileGenerator added in v1.1.4

type SerialFileGenerator struct {
	SerialFile string

	Serial int64
	// contains filtered or unexported fields
}

SerialFileGenerator returns a unique, monotonically increasing serial number and ensures the CA on disk records that value.

func NewSerialFileGenerator added in v1.1.4

func NewSerialFileGenerator(serialFile string, createIfNeeded bool) (*SerialFileGenerator, error)

func (*SerialFileGenerator) Next added in v1.1.4

func (s *SerialFileGenerator) Next(template *x509.Certificate) (int64, error)

Next returns a unique, monotonically increasing serial number and ensures the CA on disk records that value.

type SerialGenerator added in v1.1.4

type SerialGenerator interface {
	Next(template *x509.Certificate) (int64, error)
}

SerialGenerator is an interface for getting a serial number for the cert. It MUST be thread-safe.

type TLSCARoots added in v0.4.2

type TLSCARoots struct {
	Roots []*x509.Certificate
}

func GetTLSCARoots added in v0.4.2

func GetTLSCARoots(caFile string) (*TLSCARoots, error)

type TLSCertificateConfig

type TLSCertificateConfig struct {
	Certs []*x509.Certificate
	Key   crypto.PrivateKey
}

func GetServerCert added in v0.4.2

func GetServerCert(certFile, keyFile string, hostnames sets.String) (*TLSCertificateConfig, error)

func GetTLSCertificateConfig added in v0.4.2

func GetTLSCertificateConfig(certFile, keyFile string) (*TLSCertificateConfig, error)

func (*TLSCertificateConfig) GetPEMBytes added in v1.3.0

func (c *TLSCertificateConfig) GetPEMBytes() ([]byte, []byte, error)

Directories

Path Synopsis
Package extensions defines cryptographic extensions for OpenShift.
Package extensions defines cryptographic extensions for OpenShift.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL