certificates

package
v2.24.5 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Mar 21, 2024 License: Apache-2.0 Imports: 21 Imported by: 0

Documentation

Index

Constants

View Source
const Duration365d = time.Hour * 24 * 365

Duration365d is a time.Duration that represents a year.

Variables

This section is empty.

Functions

func CABundleConfigMapReconciler added in v2.22.0

func CABundleConfigMapReconciler(name string, caBundle fmt.Stringer) reconciling.NamedConfigMapReconcilerFactory

CABundleConfigMapReconciler returns a ConfigMapReconcilerFactory that creates a ca-bundle ConfigMap for use in seeds and userclusters.

TODO: Do not use fmt.Stringer, but a better type for the CA bundle

parameter. "*CABundle" is not viable because most of the codebase
deals with "resources.CABundle", which in turn exists to
prevent an import loop between this and the "resources" package.

func FrontProxyCAReconciler added in v2.22.0

func FrontProxyCAReconciler() reconciling.NamedSecretReconcilerFactory

FrontProxyCAReconciler returns a function to create a secret with front proxy ca.

func GetCAReconciler added in v2.22.0

func GetCAReconciler(commonName string) reconciling.SecretReconciler

GetCAReconciler returns a function to create a secret containing a CA with the specified name.

func GetClientCertificateReconciler added in v2.22.0

func GetClientCertificateReconciler(name, commonName string, organizations []string, dataCertKey, dataKeyKey string, getCA caGetter) reconciling.NamedSecretReconcilerFactory

GetClientCertificateReconciler is a generic function to return a secret generator to create a client certificate signed by the cluster CA.

func GetECDSACACertAndKey

func GetECDSACACertAndKey() (cert []byte, key []byte, err error)

GetECDSACACertAndKey returns a pem-encoded ECDSA certificate and key.

func GetECDSAClientCertificateReconciler added in v2.22.0

func GetECDSAClientCertificateReconciler(name, commonName string, organizations []string, dataCertKey, dataKeyKey string, getCA ecdsaCAGetter) reconciling.SecretReconciler

GetECDSAClientCertificateReconciler is a generic function to return a secret generator to create a client certificate signed by the cert returned by the passed getCA func. The resulting secret has no ownerRef.

func GetSignedECDSACertAndKey

func GetSignedECDSACertAndKey(notAfter time.Duration, cfg certutil.Config, caCert *x509.Certificate, caKey *ecdsa.PrivateKey) (cert []byte, key []byte, err error)

GetSignedECDSACertAndKey creates and returns a signed ECDSA x509 certificate and key.

func GlobalCABundle added in v2.17.0

func RootCAReconciler added in v2.22.0

func RootCAReconciler(data caReconcilerData) reconciling.NamedSecretReconcilerFactory

RootCAReconciler returns a function to create a secret with the root ca.

func ValidateCABundle added in v2.17.0

func ValidateCABundle(bundle string) error

func ValidateCABundleConfigMap added in v2.17.0

func ValidateCABundleConfigMap(cm *corev1.ConfigMap) error

Types

type CABundle added in v2.17.0

type CABundle struct {
	// contains filtered or unexported fields
}

CABundle represents an x509.CertPool that was loaded from a file and which needs to be access both as a cert pool (i.e. parsed) _and_ as a file/PEM string.

func NewCABundleFromBytes added in v2.17.0

func NewCABundleFromBytes(bytes []byte) (*CABundle, error)

func NewCABundleFromFile added in v2.17.0

func NewCABundleFromFile(filename string) (*CABundle, error)

func NewFakeCABundle added in v2.17.0

func NewFakeCABundle() *CABundle

NewFakeCABundle returns a CA bundle that contains a single certificate that cannot validate anything.

func (*CABundle) CertPool added in v2.17.0

func (b *CABundle) CertPool() *x509.CertPool

func (*CABundle) String added in v2.17.0

func (b *CABundle) String() string

Directories

Path Synopsis
Package triple generates key-certificate pairs for the triple (CA, Server, Client).
Package triple generates key-certificate pairs for the triple (CA, Server, Client).

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL