encryption

package
v1.23.0-rc15 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Mar 15, 2024 License: MIT Imports: 17 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type CertExpirationChecker added in v1.5.7

type CertExpirationChecker interface {
	GetExpiringCerts(timeWindow time.Duration) (expiring CertExpirationMap, expired CertExpirationMap, err error)
}

type CertExpirationData added in v1.5.7

type CertExpirationData struct {
	Thumbprint CertThumbprint
	IsCA       bool
	DNSNames   []string
	Expiration time.Time
}

type CertExpirationMap added in v1.5.7

type CertExpirationMap map[CertThumbprint]CertExpirationData

type CertProvider

type CertProvider interface {
	FetchServerCertificate() (*tls.Certificate, error)
	FetchClientCAs() (*x509.CertPool, error)
	FetchClientCertificate(isWorker bool) (*tls.Certificate, error)
	FetchServerRootCAsForClient(isWorker bool) (*x509.CertPool, error)
	GetExpiringCerts(timeWindow time.Duration) (expiring CertExpirationMap, expired CertExpirationMap, err error)
}

CertProvider is a common interface to load raw TLS/X509 primitives.

func NewLocalStoreCertProvider added in v1.9.0

func NewLocalStoreCertProvider(
	tlsSettings *config.GroupTLS,
	workerTlsSettings *config.WorkerTLS,
	legacyWorkerSettings *config.ClientTLS,
	refreshInterval time.Duration,
	logger log.Logger) CertProvider

type CertProviderFactory added in v1.5.7

type CertProviderFactory func(
	tlsSettings *config.GroupTLS,
	workerTlsSettings *config.WorkerTLS,
	legacyWorkerSettings *config.ClientTLS,
	refreshInterval time.Duration,
	logger log.Logger) CertProvider

type CertThumbprint added in v1.5.7

type CertThumbprint [16]byte

type FixedTLSConfigProvider added in v1.22.0

type FixedTLSConfigProvider struct {
	InternodeServerConfig      *tls.Config
	InternodeClientConfig      *tls.Config
	FrontendServerConfig       *tls.Config
	FrontendClientConfig       *tls.Config
	RemoteClusterClientConfigs map[string]*tls.Config
	CertExpirationChecker      CertExpirationChecker
}

func (*FixedTLSConfigProvider) GetExpiringCerts added in v1.22.0

func (f *FixedTLSConfigProvider) GetExpiringCerts(
	timeWindow time.Duration,
) (expiring CertExpirationMap, expired CertExpirationMap, err error)

GetExpiringCerts implements [TLSConfigProvider.GetExpiringCerts].

func (*FixedTLSConfigProvider) GetFrontendClientConfig added in v1.22.0

func (f *FixedTLSConfigProvider) GetFrontendClientConfig() (*tls.Config, error)

GetFrontendClientConfig implements [TLSConfigProvider.GetFrontendClientConfig].

func (*FixedTLSConfigProvider) GetFrontendServerConfig added in v1.22.0

func (f *FixedTLSConfigProvider) GetFrontendServerConfig() (*tls.Config, error)

GetFrontendServerConfig implements [TLSConfigProvider.GetFrontendServerConfig].

func (*FixedTLSConfigProvider) GetInternodeClientConfig added in v1.22.0

func (f *FixedTLSConfigProvider) GetInternodeClientConfig() (*tls.Config, error)

GetInternodeClientConfig implements [TLSConfigProvider.GetInternodeClientConfig].

func (*FixedTLSConfigProvider) GetInternodeServerConfig added in v1.22.0

func (f *FixedTLSConfigProvider) GetInternodeServerConfig() (*tls.Config, error)

GetInternodeServerConfig implements [TLSConfigProvider.GetInternodeServerConfig].

func (*FixedTLSConfigProvider) GetRemoteClusterClientConfig added in v1.22.0

func (f *FixedTLSConfigProvider) GetRemoteClusterClientConfig(hostname string) (*tls.Config, error)

GetRemoteClusterClientConfig implements [TLSConfigProvider.GetRemoteClusterClientConfig].

type PerHostCertProviderMap added in v1.5.7

type PerHostCertProviderMap interface {
	GetCertProvider(hostName string) (provider CertProvider, clientAuthRequired bool, err error)
	GetExpiringCerts(timeWindow time.Duration) (expiring CertExpirationMap, expired CertExpirationMap, err error)
	NumberOfHosts() int
}

PerHostCertProviderMap returns a CertProvider for a given host name.

type TLSConfigProvider

type TLSConfigProvider interface {
	GetInternodeServerConfig() (*tls.Config, error)
	GetInternodeClientConfig() (*tls.Config, error)
	GetFrontendServerConfig() (*tls.Config, error)
	GetFrontendClientConfig() (*tls.Config, error)
	GetRemoteClusterClientConfig(hostname string) (*tls.Config, error)
	GetExpiringCerts(timeWindow time.Duration) (expiring CertExpirationMap, expired CertExpirationMap, err error)
}

TLSConfigProvider serves as a common interface to read server and client configuration for TLS.

func NewLocalStoreTlsProvider

func NewLocalStoreTlsProvider(tlsConfig *config.RootTLS, metricsHandler metrics.Handler, logger log.Logger, certProviderFactory CertProviderFactory,
) (TLSConfigProvider, error)

func NewTLSConfigProviderFromConfig

func NewTLSConfigProviderFromConfig(
	encryptionSettings config.RootTLS,
	metricsHandler metrics.Handler,
	logger log.Logger,
	certProviderFactory CertProviderFactory,
) (TLSConfigProvider, error)

NewTLSConfigProviderFromConfig creates a new TLS Config provider from RootTLS config. A custom cert provider factory can be optionally injected via certProviderFactory argument. Otherwise, it defaults to using localStoreCertProvider

type TestDynamicCertProvider added in v1.5.7

type TestDynamicCertProvider struct {
	// contains filtered or unexported fields
}

func NewTestDynamicCertProvider added in v1.5.7

func NewTestDynamicCertProvider(
	serverCerts []*tls.Certificate,
	caCerts *x509.CertPool,
	wrongCACerts *x509.CertPool,
	config config.GroupTLS) *TestDynamicCertProvider

func (*TestDynamicCertProvider) FetchClientCAs added in v1.5.7

func (t *TestDynamicCertProvider) FetchClientCAs() (*x509.CertPool, error)

func (*TestDynamicCertProvider) FetchClientCertificate added in v1.5.7

func (t *TestDynamicCertProvider) FetchClientCertificate(_ bool) (*tls.Certificate, error)

func (*TestDynamicCertProvider) FetchServerCertificate added in v1.5.7

func (t *TestDynamicCertProvider) FetchServerCertificate() (*tls.Certificate, error)

func (*TestDynamicCertProvider) FetchServerRootCAsForClient added in v1.5.7

func (t *TestDynamicCertProvider) FetchServerRootCAsForClient(_ bool) (*x509.CertPool, error)

func (*TestDynamicCertProvider) GetCertProvider added in v1.5.7

func (t *TestDynamicCertProvider) GetCertProvider(hostName string) (CertProvider, bool, error)

func (*TestDynamicCertProvider) GetExpiringCerts added in v1.5.7

func (t *TestDynamicCertProvider) GetExpiringCerts(_ time.Duration,
) (expiring CertExpirationMap, expired CertExpirationMap, err error)

func (*TestDynamicCertProvider) GetSettings added in v1.5.7

func (t *TestDynamicCertProvider) GetSettings() *config.GroupTLS

func (*TestDynamicCertProvider) Initialize added in v1.9.0

func (t *TestDynamicCertProvider) Initialize(refreshInterval time.Duration)

func (*TestDynamicCertProvider) NumberOfHosts added in v1.10.0

func (t *TestDynamicCertProvider) NumberOfHosts() int

func (*TestDynamicCertProvider) SetServerName added in v1.5.7

func (t *TestDynamicCertProvider) SetServerName(serverName string)

func (*TestDynamicCertProvider) SwitchToWrongServerRootCACerts added in v1.5.7

func (t *TestDynamicCertProvider) SwitchToWrongServerRootCACerts()

type TestDynamicTLSConfigProvider added in v1.5.7

type TestDynamicTLSConfigProvider struct {
	InternodeCertProvider       *TestDynamicCertProvider
	InternodeClientCertProvider *TestDynamicCertProvider
	FrontendCertProvider        *TestDynamicCertProvider
	FrontendClientCertProvider  *TestDynamicCertProvider
	WorkerCertProvider          *TestDynamicCertProvider

	FrontendPerHostCertProviderMap PerHostCertProviderMap
	// contains filtered or unexported fields
}

func NewTestDynamicTLSConfigProvider added in v1.5.7

func NewTestDynamicTLSConfigProvider(
	tlsConfig *config.RootTLS,
	internodeCerts []*tls.Certificate,
	internodeCACerts *x509.CertPool,
	frontendCerts []*tls.Certificate,
	frontendCACerts *x509.CertPool,
	wrongCACerts *x509.CertPool,
) (*TestDynamicTLSConfigProvider, error)

func (*TestDynamicTLSConfigProvider) GetExpiringCerts added in v1.5.7

func (t *TestDynamicTLSConfigProvider) GetExpiringCerts(timeWindow time.Duration) (expiring CertExpirationMap, expired CertExpirationMap, err error)

func (*TestDynamicTLSConfigProvider) GetFrontendClientConfig added in v1.5.7

func (t *TestDynamicTLSConfigProvider) GetFrontendClientConfig() (*tls.Config, error)

func (*TestDynamicTLSConfigProvider) GetFrontendServerConfig added in v1.5.7

func (t *TestDynamicTLSConfigProvider) GetFrontendServerConfig() (*tls.Config, error)

func (*TestDynamicTLSConfigProvider) GetInternodeClientConfig added in v1.5.7

func (t *TestDynamicTLSConfigProvider) GetInternodeClientConfig() (*tls.Config, error)

func (*TestDynamicTLSConfigProvider) GetInternodeServerConfig added in v1.5.7

func (t *TestDynamicTLSConfigProvider) GetInternodeServerConfig() (*tls.Config, error)

func (*TestDynamicTLSConfigProvider) GetRemoteClusterClientConfig added in v1.15.1

func (t *TestDynamicTLSConfigProvider) GetRemoteClusterClientConfig(hostName string) (*tls.Config, error)

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL