Documentation ¶
Index ¶
- Variables
- func CheckEmptyValues(key string, values []string) error
- func CheckServiceAccount(key string, values []string) error
- func CheckValidPathTemplate(key string, paths []string) error
- func ContainsPathTemplate(value string) bool
- func FilterCipherSuites(suites []string) []string
- func IsValidCipherSuite(cs string) bool
- func IsValidECDHCurve(cs string) bool
- func IsValidLiteral(glob string) bool
- func ValidateAttribute(key string, values []string) error
- func ValidateIPs(ips []string) error
- func ValidatePorts(ports []string) error
- type JwksInfo
Constants ¶
This section is empty.
Variables ¶
var ( MatchOneTemplate = "{*}" MatchAnyTemplate = "{**}" )
var ValidCipherSuites = sets.New(
"ECDHE-ECDSA-AES128-GCM-SHA256",
"ECDHE-RSA-AES128-GCM-SHA256",
"ECDHE-ECDSA-AES256-GCM-SHA384",
"ECDHE-RSA-AES256-GCM-SHA384",
"ECDHE-ECDSA-CHACHA20-POLY1305",
"ECDHE-RSA-CHACHA20-POLY1305",
"ECDHE-ECDSA-AES128-SHA",
"ECDHE-RSA-AES128-SHA",
"ECDHE-ECDSA-AES256-SHA",
"ECDHE-RSA-AES256-SHA",
"AES128-GCM-SHA256",
"AES256-GCM-SHA384",
"AES128-SHA",
"AES256-SHA",
"DES-CBC3-SHA",
)
ValidCipherSuites contains a list of all ciphers supported in Gateway.server.tls.cipherSuites Extracted from: `bssl ciphers -openssl-name ALL | rg -v PSK`
var ValidECDHCurves = sets.New(
"P-224",
"P-256",
"P-521",
"P-384",
"X25519",
"X25519Kyber768Draft00",
)
ValidECDHCurves contains a list of all ecdh curves supported in MeshConfig.TlsDefaults.ecdhCurves Source: https://github.com/google/boringssl/blob/45cf810dbdbd767f09f8cb0b0fcccd342c39041f/src/ssl/ssl_key_share.cc#L285-L293
Functions ¶
func CheckEmptyValues ¶
func CheckServiceAccount ¶
func CheckValidPathTemplate ¶
func ContainsPathTemplate ¶
ContainsPathTemplate returns true if the path contains a valid path template.
func FilterCipherSuites ¶
FilterCipherSuites filters out invalid cipher suites which would lead Envoy to NACKing.
func IsValidCipherSuite ¶
func IsValidECDHCurve ¶
func IsValidLiteral ¶
IsValidLiteral returns true if the glob is a valid string literal.
func ValidateAttribute ¶
func ValidateIPs ¶
func ValidatePorts ¶
Types ¶
type JwksInfo ¶
JwksInfo provides values resulting from parsing a jwks URI.
func ParseJwksURI ¶
ParseJwksURI parses the input URI and returns the corresponding hostname, port, and whether SSL is used. URI must start with "http://" or "https://", which corresponding to "http" or "https" scheme. Port number is extracted from URI if available (i.e from postfix :<port>, eg. ":80"), or assigned to a default value based on URI scheme (80 for http and 443 for https). Port name is set to URI scheme value.