security

package
v0.0.0-...-14c013e Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jan 15, 2025 License: Apache-2.0 Imports: 11 Imported by: 1

Documentation

Index

Constants

This section is empty.

Variables

View Source
var (
	MatchOneTemplate = "{*}"
	MatchAnyTemplate = "{**}"
)
View Source
var ValidCipherSuites = sets.New(
	"ECDHE-ECDSA-AES128-GCM-SHA256",
	"ECDHE-RSA-AES128-GCM-SHA256",
	"ECDHE-ECDSA-AES256-GCM-SHA384",
	"ECDHE-RSA-AES256-GCM-SHA384",
	"ECDHE-ECDSA-CHACHA20-POLY1305",
	"ECDHE-RSA-CHACHA20-POLY1305",
	"ECDHE-ECDSA-AES128-SHA",
	"ECDHE-RSA-AES128-SHA",
	"ECDHE-ECDSA-AES256-SHA",
	"ECDHE-RSA-AES256-SHA",
	"AES128-GCM-SHA256",
	"AES256-GCM-SHA384",
	"AES128-SHA",
	"AES256-SHA",
	"DES-CBC3-SHA",
)

ValidCipherSuites contains a list of all ciphers supported in Gateway.server.tls.cipherSuites Extracted from: `bssl ciphers -openssl-name ALL | rg -v PSK`

View Source
var ValidECDHCurves = sets.New(
	"P-224",
	"P-256",
	"P-521",
	"P-384",
	"X25519",
	"X25519Kyber768Draft00",
)

ValidECDHCurves contains a list of all ecdh curves supported in MeshConfig.TlsDefaults.ecdhCurves Source: https://github.com/google/boringssl/blob/45cf810dbdbd767f09f8cb0b0fcccd342c39041f/src/ssl/ssl_key_share.cc#L285-L293

Functions

func CheckEmptyValues

func CheckEmptyValues(key string, values []string) error

func CheckServiceAccount

func CheckServiceAccount(key string, values []string) error

func CheckValidPathTemplate

func CheckValidPathTemplate(key string, paths []string) error

func ContainsPathTemplate

func ContainsPathTemplate(value string) bool

ContainsPathTemplate returns true if the path contains a valid path template.

func FilterCipherSuites

func FilterCipherSuites(suites []string) []string

FilterCipherSuites filters out invalid cipher suites which would lead Envoy to NACKing.

func IsValidCipherSuite

func IsValidCipherSuite(cs string) bool

func IsValidECDHCurve

func IsValidECDHCurve(cs string) bool

func IsValidLiteral

func IsValidLiteral(glob string) bool

IsValidLiteral returns true if the glob is a valid string literal.

func ValidateAttribute

func ValidateAttribute(key string, values []string) error

func ValidateIPs

func ValidateIPs(ips []string) error

func ValidatePorts

func ValidatePorts(ports []string) error

Types

type JwksInfo

type JwksInfo struct {
	Hostname host.Name
	Scheme   string
	Port     int
	UseSSL   bool
}

JwksInfo provides values resulting from parsing a jwks URI.

func ParseJwksURI

func ParseJwksURI(jwksURI string) (JwksInfo, error)

ParseJwksURI parses the input URI and returns the corresponding hostname, port, and whether SSL is used. URI must start with "http://" or "https://", which corresponding to "http" or "https" scheme. Port number is extracted from URI if available (i.e from postfix :<port>, eg. ":80"), or assigned to a default value based on URI scheme (80 for http and 443 for https). Port name is set to URI scheme value.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL