certificates

package
v2.19.2 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Feb 24, 2022 License: Apache-2.0 Imports: 22 Imported by: 0

Documentation

Index

Constants

View Source
const Duration365d = time.Hour * 24 * 365

Duration365d is a time.Duration that represents a year

Variables

This section is empty.

Functions

func CABundleConfigMapCreator added in v2.17.0

func CABundleConfigMapCreator(name string, caBundle fmt.Stringer) reconciling.NamedConfigMapCreatorGetter

CABundleConfigMapCreator returns a ConfigMapCreatorGetter that creates a ca-bundle ConfigMap for use in seeds and userclusters.

TODO: Do not use fmt.Stringer, but a better type for the CA bundle

parameter. "*CABundle" is not viable because most of the codebase
deals with "resources.CABundle", which in turn exists to
prevent an import loop between this and the "resources" package.

func FrontProxyCACreator

func FrontProxyCACreator() reconciling.NamedSecretCreatorGetter

FrontProxyCACreator returns a function to create a secret with front proxy ca

func GetCACreator

func GetCACreator(commonName string) reconciling.SecretCreator

GetCACreator returns a function to create a secret containing a CA with the specified name

func GetClientCertificateCreator

func GetClientCertificateCreator(name, commonName string, organizations []string, dataCertKey, dataKeyKey string, getCA caGetter) reconciling.NamedSecretCreatorGetter

GetClientCertificateCreator is a generic function to return a secret generator to create a client certificate signed by the cluster CA

func GetECDSACACertAndKey

func GetECDSACACertAndKey() (cert []byte, key []byte, err error)

GetECDSACACertAndKey returns a pem-encoded ECDSA certificate and key

func GetECDSAClientCertificateCreator

func GetECDSAClientCertificateCreator(name, commonName string, organizations []string, dataCertKey, dataKeyKey string, getCA ecdsaCAGetter) reconciling.SecretCreator

GetECDSAClientCertificateCreator is a generic function to return a secret generator to create a client certificate signed by the cert returned by the passed getCA func. The resulting secret has no ownerRef

func GetSignedECDSACertAndKey

func GetSignedECDSACertAndKey(notAfter time.Duration, cfg certutil.Config, caCert *x509.Certificate, caKey *ecdsa.PrivateKey) (cert []byte, key []byte, err error)

GetSignedECDSACertAndKey creates and returns a signed ECDSA x509 certificate and key

func GlobalCABundle added in v2.17.0

func RootCACreator

func RootCACreator(data caCreatorData) reconciling.NamedSecretCreatorGetter

RootCACreator returns a function to create a secret with the root ca

func ValidateCABundle added in v2.17.0

func ValidateCABundle(bundle string) error

func ValidateCABundleConfigMap added in v2.17.0

func ValidateCABundleConfigMap(cm *corev1.ConfigMap) error

Types

type CABundle added in v2.17.0

type CABundle struct {
	// contains filtered or unexported fields
}

CABundle represents an x509.CertPool that was loaded from a file and which needs to be access both as a cert pool (i.e. parsed) _and_ as a file/PEM string.

func NewCABundleFromBytes added in v2.17.0

func NewCABundleFromBytes(bytes []byte) (*CABundle, error)

func NewCABundleFromFile added in v2.17.0

func NewCABundleFromFile(filename string) (*CABundle, error)

func NewFakeCABundle added in v2.17.0

func NewFakeCABundle() *CABundle

NewFakeCABundle returns a CA bundle that contains a single certificate that cannot validate anything.

func (*CABundle) CertPool added in v2.17.0

func (b *CABundle) CertPool() *x509.CertPool

func (*CABundle) String added in v2.17.0

func (b *CABundle) String() string

Directories

Path Synopsis
Package triple generates key-certificate pairs for the triple (CA, Server, Client).
Package triple generates key-certificate pairs for the triple (CA, Server, Client).

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL