The highest tagged major version is v4.

crypto

package

v3.7.2 Latest Latest Go to latest Published: Mar 15, 2018 License: Apache-2.0 Imports: 25 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/openshift/origin

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
func CertsFromPEM(pemCerts []byte) ([]*x509.Certificate, error)
func CipherSuite(cipherName string) (uint16, error)
func CipherSuitesOrDie(cipherNames []string) []uint16
func DefaultCiphers() []uint16
func DefaultTLSVersion() uint16
func IPAddressesDNSNames(hosts []string) ([]net.IP, []string)
func NewKeyPair() (crypto.PublicKey, crypto.PrivateKey, error)
func SecureTLSConfig(config *tls.Config) *tls.Config
func TLSVersion(versionName string) (uint16, error)
func TLSVersionOrDie(versionName string) uint16
func ValidCipherSuites() []string
func ValidTLSVersions() []string
type CA
- func EnsureCA(certFile, keyFile, serialFile, name string, expireDays int) (*CA, bool, error)
- func GetCA(certFile, keyFile, serialFile string) (*CA, error)
- func MakeCA(certFile, keyFile, serialFile, name string, expireDays int) (*CA, error)
- func (ca *CA) EnsureClientCertificate(certFile, keyFile string, u user.Info, expireDays int) (*TLSCertificateConfig, bool, error)
- func (ca *CA) EnsureServerCert(certFile, keyFile string, hostnames sets.String, expireDays int) (*TLSCertificateConfig, bool, error)
- func (ca *CA) MakeAndWriteServerCert(certFile, keyFile string, hostnames sets.String, expireDays int) (*TLSCertificateConfig, error)
- func (ca *CA) MakeClientCertificate(certFile, keyFile string, u user.Info, expireDays int) (*TLSCertificateConfig, error)
- func (ca *CA) MakeServerCert(hostnames sets.String, expireDays int, fns ...CertificateExtensionFunc) (*TLSCertificateConfig, error)
type CertificateExtensionFunc
type RandomSerialGenerator
- func (s *RandomSerialGenerator) Next(template *x509.Certificate) (int64, error)
type SerialFileGenerator
- func NewSerialFileGenerator(serialFile string, createIfNeeded bool) (*SerialFileGenerator, error)
- func (s *SerialFileGenerator) Next(template *x509.Certificate) (int64, error)
type SerialGenerator
type TLSCARoots
- func GetTLSCARoots(caFile string) (*TLSCARoots, error)
type TLSCertificateConfig
- func GetServerCert(certFile, keyFile string, hostnames sets.String) (*TLSCertificateConfig, error)
- func GetTLSCertificateConfig(certFile, keyFile string) (*TLSCertificateConfig, error)
- func (c *TLSCertificateConfig) GetPEMBytes() ([]byte, []byte, error)

Constants ¶

View Source

const (
	DefaultCertificateLifetimeInDays   = 365 * 2 // 2 years
	DefaultCACertificateLifetimeInDays = 365 * 5 // 5 years

)

Variables ¶

This section is empty.

Functions ¶

func CertsFromPEM ¶

func CertsFromPEM(pemCerts []byte) ([]*x509.Certificate, error)

func CipherSuite ¶

func CipherSuite(cipherName string) (uint16, error)

func CipherSuitesOrDie ¶

func CipherSuitesOrDie(cipherNames []string) []uint16

func DefaultCiphers ¶

func DefaultCiphers() []uint16

func DefaultTLSVersion ¶

func DefaultTLSVersion() uint16

func IPAddressesDNSNames ¶

func IPAddressesDNSNames(hosts []string) ([]net.IP, []string)

func NewKeyPair ¶

func NewKeyPair() (crypto.PublicKey, crypto.PrivateKey, error)

func SecureTLSConfig ¶

func SecureTLSConfig(config *tls.Config) *tls.Config

SecureTLSConfig enforces the default minimum security settings for the cluster.

func TLSVersion ¶

func TLSVersion(versionName string) (uint16, error)

func TLSVersionOrDie ¶

func TLSVersionOrDie(versionName string) uint16

func ValidCipherSuites ¶

func ValidCipherSuites() []string

func ValidTLSVersions ¶

func ValidTLSVersions() []string

Types ¶

type CA ¶

type CA struct {
	Config *TLSCertificateConfig

	SerialGenerator SerialGenerator
}

func EnsureCA ¶

func EnsureCA(certFile, keyFile, serialFile, name string, expireDays int) (*CA, bool, error)

EnsureCA returns a CA, whether it was created (as opposed to pre-existing), and any error if serialFile is empty, a RandomSerialGenerator will be used

func GetCA ¶

func GetCA(certFile, keyFile, serialFile string) (*CA, error)

if serialFile is empty, a RandomSerialGenerator will be used

func MakeCA ¶

func MakeCA(certFile, keyFile, serialFile, name string, expireDays int) (*CA, error)

if serialFile is empty, a RandomSerialGenerator will be used

func (*CA) EnsureClientCertificate ¶

func (ca *CA) EnsureClientCertificate(certFile, keyFile string, u user.Info, expireDays int) (*TLSCertificateConfig, bool, error)

func (*CA) EnsureServerCert ¶

func (ca *CA) EnsureServerCert(certFile, keyFile string, hostnames sets.String, expireDays int) (*TLSCertificateConfig, bool, error)

func (*CA) MakeAndWriteServerCert ¶

func (ca *CA) MakeAndWriteServerCert(certFile, keyFile string, hostnames sets.String, expireDays int) (*TLSCertificateConfig, error)

func (*CA) MakeClientCertificate ¶

func (ca *CA) MakeClientCertificate(certFile, keyFile string, u user.Info, expireDays int) (*TLSCertificateConfig, error)

func (*CA) MakeServerCert ¶

func (ca *CA) MakeServerCert(hostnames sets.String, expireDays int, fns ...CertificateExtensionFunc) (*TLSCertificateConfig, error)

type CertificateExtensionFunc ¶

type CertificateExtensionFunc func(*x509.Certificate) error

CertificateExtensionFunc is passed a certificate that it may extend, or return an error if the extension attempt failed.

type RandomSerialGenerator ¶

type RandomSerialGenerator struct {
}

RandomSerialGenerator returns a serial based on time.Now and the subject

func (*RandomSerialGenerator) Next ¶

func (s *RandomSerialGenerator) Next(template *x509.Certificate) (int64, error)

type SerialFileGenerator ¶

type SerialFileGenerator struct {
	SerialFile string

	Serial int64
	// contains filtered or unexported fields
}

SerialFileGenerator returns a unique, monotonically increasing serial number and ensures the CA on disk records that value.

func NewSerialFileGenerator ¶

func NewSerialFileGenerator(serialFile string, createIfNeeded bool) (*SerialFileGenerator, error)

func (*SerialFileGenerator) Next ¶

func (s *SerialFileGenerator) Next(template *x509.Certificate) (int64, error)

Next returns a unique, monotonically increasing serial number and ensures the CA on disk records that value.

type SerialGenerator ¶

type SerialGenerator interface {
	Next(template *x509.Certificate) (int64, error)
}

SerialGenerator is an interface for getting a serial number for the cert. It MUST be thread-safe.

type TLSCARoots ¶

type TLSCARoots struct {
	Roots []*x509.Certificate
}

func GetTLSCARoots ¶

func GetTLSCARoots(caFile string) (*TLSCARoots, error)

type TLSCertificateConfig ¶

type TLSCertificateConfig struct {
	Certs []*x509.Certificate
	Key   crypto.PrivateKey
}

func GetServerCert ¶

func GetServerCert(certFile, keyFile string, hostnames sets.String) (*TLSCertificateConfig, error)

func GetTLSCertificateConfig ¶

func GetTLSCertificateConfig(certFile, keyFile string) (*TLSCertificateConfig, error)

func (*TLSCertificateConfig) GetPEMBytes ¶

func (c *TLSCertificateConfig) GetPEMBytes() ([]byte, []byte, error)

Source Files ¶

View all Source files

crypto.go

Directories ¶

Path	Synopsis
extensions Package extensions defines cryptographic extensions for OpenShift.	Package extensions defines cryptographic extensions for OpenShift.

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL