Documentation ¶
Index ¶
- func GenerateSelfSignedUseEverywhereX509(commonName string, keyLengthBits int) (*tls.Certificate, error)
- func GenerateSelfSignedX509CA(commonName string, extUsage []x509.ExtKeyUsage, keyLengthBits int) (*tls.Certificate, error)
- func GenerateServerX509UsingCA(commonName string, ca *tls.Certificate) (*tls.Certificate, *rsa.PrivateKey, error)
- func GenerateServerX509UsingCAAndSerialNumber(commonName string, serialNumber int64, ca *tls.Certificate) (*tls.Certificate, *rsa.PrivateKey, error)
- type CertExpirationChecker
- type CertExpirationData
- type CertExpirationMap
- type CertProvider
- type CertProviderFactory
- type CertThumbprint
- type PerHostCertProviderMap
- type TLSConfigProvider
- type TestDynamicCertProvider
- func (t *TestDynamicCertProvider) FetchClientCAs() (*x509.CertPool, error)
- func (t *TestDynamicCertProvider) FetchClientCertificate(_ bool) (*tls.Certificate, error)
- func (t *TestDynamicCertProvider) FetchServerCertificate() (*tls.Certificate, error)
- func (t *TestDynamicCertProvider) FetchServerRootCAsForClient(_ bool) (*x509.CertPool, error)
- func (t *TestDynamicCertProvider) GetCertProvider(hostName string) (CertProvider, bool, error)
- func (t *TestDynamicCertProvider) GetExpiringCerts(_ time.Duration) (expiring CertExpirationMap, expired CertExpirationMap, err error)
- func (t *TestDynamicCertProvider) GetSettings() *config.GroupTLS
- func (t *TestDynamicCertProvider) Initialize(refreshInterval time.Duration)
- func (t *TestDynamicCertProvider) NumberOfHosts() int
- func (t *TestDynamicCertProvider) SetServerName(serverName string)
- func (t *TestDynamicCertProvider) SwitchToWrongServerRootCACerts()
- type TestDynamicTLSConfigProvider
- func (t *TestDynamicTLSConfigProvider) GetExpiringCerts(timeWindow time.Duration) (expiring CertExpirationMap, expired CertExpirationMap, err error)
- func (t *TestDynamicTLSConfigProvider) GetFrontendClientConfig() (*tls.Config, error)
- func (t *TestDynamicTLSConfigProvider) GetFrontendServerConfig() (*tls.Config, error)
- func (t *TestDynamicTLSConfigProvider) GetInternodeClientConfig() (*tls.Config, error)
- func (t *TestDynamicTLSConfigProvider) GetInternodeServerConfig() (*tls.Config, error)
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func GenerateSelfSignedUseEverywhereX509 ¶
func GenerateSelfSignedUseEverywhereX509(commonName string, keyLengthBits int) (*tls.Certificate, error)
GenerateSelfSignedUseEverywhereX509 generates a TLS serverCert that is self-signed
func GenerateSelfSignedX509CA ¶
func GenerateSelfSignedX509CA(commonName string, extUsage []x509.ExtKeyUsage, keyLengthBits int) (*tls.Certificate, error)
GenerateSelfSignedX509CA generates a TLS serverCert that is self-signed
func GenerateServerX509UsingCA ¶
func GenerateServerX509UsingCA(commonName string, ca *tls.Certificate) (*tls.Certificate, *rsa.PrivateKey, error)
GenerateServerX509UsingCA generates a TLS serverCert that is self-signed
func GenerateServerX509UsingCAAndSerialNumber ¶ added in v1.5.7
func GenerateServerX509UsingCAAndSerialNumber(commonName string, serialNumber int64, ca *tls.Certificate) (*tls.Certificate, *rsa.PrivateKey, error)
GenerateServerX509UsingCA generates a TLS serverCert that is self-signed
Types ¶
type CertExpirationChecker ¶ added in v1.5.7
type CertExpirationChecker interface {
GetExpiringCerts(timeWindow time.Duration) (expiring CertExpirationMap, expired CertExpirationMap, err error)
}
type CertExpirationData ¶ added in v1.5.7
type CertExpirationData struct { Thumbprint CertThumbprint IsCA bool DNSNames []string Expiration time.Time }
type CertExpirationMap ¶ added in v1.5.7
type CertExpirationMap map[CertThumbprint]CertExpirationData
type CertProvider ¶
type CertProvider interface { FetchServerCertificate() (*tls.Certificate, error) FetchClientCAs() (*x509.CertPool, error) FetchClientCertificate(isWorker bool) (*tls.Certificate, error) FetchServerRootCAsForClient(isWorker bool) (*x509.CertPool, error) GetExpiringCerts(timeWindow time.Duration) (expiring CertExpirationMap, expired CertExpirationMap, err error) }
CertProvider is a common interface to load raw TLS/X509 primitives.
type CertProviderFactory ¶ added in v1.5.7
type CertThumbprint ¶ added in v1.5.7
type CertThumbprint [16]byte
type PerHostCertProviderMap ¶ added in v1.5.7
type PerHostCertProviderMap interface { GetCertProvider(hostName string) (provider CertProvider, clientAuthRequired bool, err error) GetExpiringCerts(timeWindow time.Duration) (expiring CertExpirationMap, expired CertExpirationMap, err error) NumberOfHosts() int }
PerHostCertProviderMap returns a CertProvider for a given host name.
type TLSConfigProvider ¶
type TLSConfigProvider interface { GetInternodeServerConfig() (*tls.Config, error) GetInternodeClientConfig() (*tls.Config, error) GetFrontendServerConfig() (*tls.Config, error) GetFrontendClientConfig() (*tls.Config, error) GetExpiringCerts(timeWindow time.Duration) (expiring CertExpirationMap, expired CertExpirationMap, err error) }
TLSConfigProvider serves as a common interface to read server and client configuration for TLS.
func NewLocalStoreTlsProvider ¶
func NewLocalStoreTlsProvider(tlsConfig *config.RootTLS, scope metrics.Scope, logger log.Logger, certProviderFactory CertProviderFactory, ) (TLSConfigProvider, error)
func NewTLSConfigProviderFromConfig ¶
func NewTLSConfigProviderFromConfig( encryptionSettings config.RootTLS, scope metrics.Scope, logger log.Logger, certProviderFactory CertProviderFactory, ) (TLSConfigProvider, error)
NewTLSConfigProviderFromConfig creates a new TLS Config provider from RootTLS config. A custom cert provider factory can be optionally injected via certProviderFactory argument. Otherwise, it defaults to using localStoreCertProvider
type TestDynamicCertProvider ¶ added in v1.5.7
type TestDynamicCertProvider struct {
// contains filtered or unexported fields
}
func NewTestDynamicCertProvider ¶ added in v1.5.7
func NewTestDynamicCertProvider( serverCerts []*tls.Certificate, caCerts *x509.CertPool, wrongCACerts *x509.CertPool, config config.GroupTLS) *TestDynamicCertProvider
func (*TestDynamicCertProvider) FetchClientCAs ¶ added in v1.5.7
func (t *TestDynamicCertProvider) FetchClientCAs() (*x509.CertPool, error)
func (*TestDynamicCertProvider) FetchClientCertificate ¶ added in v1.5.7
func (t *TestDynamicCertProvider) FetchClientCertificate(_ bool) (*tls.Certificate, error)
func (*TestDynamicCertProvider) FetchServerCertificate ¶ added in v1.5.7
func (t *TestDynamicCertProvider) FetchServerCertificate() (*tls.Certificate, error)
func (*TestDynamicCertProvider) FetchServerRootCAsForClient ¶ added in v1.5.7
func (t *TestDynamicCertProvider) FetchServerRootCAsForClient(_ bool) (*x509.CertPool, error)
func (*TestDynamicCertProvider) GetCertProvider ¶ added in v1.5.7
func (t *TestDynamicCertProvider) GetCertProvider(hostName string) (CertProvider, bool, error)
func (*TestDynamicCertProvider) GetExpiringCerts ¶ added in v1.5.7
func (t *TestDynamicCertProvider) GetExpiringCerts(_ time.Duration, ) (expiring CertExpirationMap, expired CertExpirationMap, err error)
func (*TestDynamicCertProvider) GetSettings ¶ added in v1.5.7
func (t *TestDynamicCertProvider) GetSettings() *config.GroupTLS
func (*TestDynamicCertProvider) Initialize ¶ added in v1.9.0
func (t *TestDynamicCertProvider) Initialize(refreshInterval time.Duration)
func (*TestDynamicCertProvider) NumberOfHosts ¶ added in v1.10.0
func (t *TestDynamicCertProvider) NumberOfHosts() int
func (*TestDynamicCertProvider) SetServerName ¶ added in v1.5.7
func (t *TestDynamicCertProvider) SetServerName(serverName string)
func (*TestDynamicCertProvider) SwitchToWrongServerRootCACerts ¶ added in v1.5.7
func (t *TestDynamicCertProvider) SwitchToWrongServerRootCACerts()
type TestDynamicTLSConfigProvider ¶ added in v1.5.7
type TestDynamicTLSConfigProvider struct { InternodeCertProvider *TestDynamicCertProvider InternodeClientCertProvider *TestDynamicCertProvider FrontendCertProvider *TestDynamicCertProvider FrontendClientCertProvider *TestDynamicCertProvider WorkerCertProvider *TestDynamicCertProvider FrontendPerHostCertProviderMap PerHostCertProviderMap // contains filtered or unexported fields }
func NewTestDynamicTLSConfigProvider ¶ added in v1.5.7
func NewTestDynamicTLSConfigProvider( tlsConfig *config.RootTLS, internodeCerts []*tls.Certificate, internodeCACerts *x509.CertPool, frontendCerts []*tls.Certificate, frontendCACerts *x509.CertPool, wrongCACerts *x509.CertPool, ) (*TestDynamicTLSConfigProvider, error)
func (*TestDynamicTLSConfigProvider) GetExpiringCerts ¶ added in v1.5.7
func (t *TestDynamicTLSConfigProvider) GetExpiringCerts(timeWindow time.Duration) (expiring CertExpirationMap, expired CertExpirationMap, err error)
func (*TestDynamicTLSConfigProvider) GetFrontendClientConfig ¶ added in v1.5.7
func (t *TestDynamicTLSConfigProvider) GetFrontendClientConfig() (*tls.Config, error)
func (*TestDynamicTLSConfigProvider) GetFrontendServerConfig ¶ added in v1.5.7
func (t *TestDynamicTLSConfigProvider) GetFrontendServerConfig() (*tls.Config, error)
func (*TestDynamicTLSConfigProvider) GetInternodeClientConfig ¶ added in v1.5.7
func (t *TestDynamicTLSConfigProvider) GetInternodeClientConfig() (*tls.Config, error)
func (*TestDynamicTLSConfigProvider) GetInternodeServerConfig ¶ added in v1.5.7
func (t *TestDynamicTLSConfigProvider) GetInternodeServerConfig() (*tls.Config, error)