certificates

package
v3.0.0-...-d6c4d9c Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Apr 14, 2023 License: Apache-2.0 Imports: 21 Imported by: 0

Documentation

Index

Constants

View Source
const Duration365d = time.Hour * 24 * 365

Duration365d is a time.Duration that represents a year.

Variables

This section is empty.

Functions

func CABundleConfigMapReconciler

func CABundleConfigMapReconciler(name string, caBundle fmt.Stringer) reconciling.NamedConfigMapReconcilerFactory

CABundleConfigMapReconciler returns a ConfigMapReconcilerFactory that creates a ca-bundle ConfigMap for use in seeds and userclusters.

TODO: Do not use fmt.Stringer, but a better type for the CA bundle

parameter. "*CABundle" is not viable because most of the codebase
deals with "resources.CABundle", which in turn exists to
prevent an import loop between this and the "resources" package.

func FrontProxyCAReconciler

func FrontProxyCAReconciler() reconciling.NamedSecretReconcilerFactory

FrontProxyCAReconciler returns a function to create a secret with front proxy ca.

func GetCAReconciler

func GetCAReconciler(commonName string) reconciling.SecretReconciler

GetCAReconciler returns a function to create a secret containing a CA with the specified name.

func GetClientCertificateReconciler

func GetClientCertificateReconciler(name, commonName string, organizations []string, dataCertKey, dataKeyKey string, getCA caGetter) reconciling.NamedSecretReconcilerFactory

GetClientCertificateReconciler is a generic function to return a secret generator to create a client certificate signed by the cluster CA.

func GetECDSACACertAndKey

func GetECDSACACertAndKey() (cert []byte, key []byte, err error)

GetECDSACACertAndKey returns a pem-encoded ECDSA certificate and key.

func GetECDSAClientCertificateReconciler

func GetECDSAClientCertificateReconciler(name, commonName string, organizations []string, dataCertKey, dataKeyKey string, getCA ecdsaCAGetter) reconciling.SecretReconciler

GetECDSAClientCertificateReconciler is a generic function to return a secret generator to create a client certificate signed by the cert returned by the passed getCA func. The resulting secret has no ownerRef.

func GetSignedECDSACertAndKey

func GetSignedECDSACertAndKey(notAfter time.Duration, cfg certutil.Config, caCert *x509.Certificate, caKey *ecdsa.PrivateKey) (cert []byte, key []byte, err error)

GetSignedECDSACertAndKey creates and returns a signed ECDSA x509 certificate and key.

func RootCAReconciler

func RootCAReconciler(data caReconcilerData) reconciling.NamedSecretReconcilerFactory

RootCAReconciler returns a function to create a secret with the root ca.

func ValidateCABundle

func ValidateCABundle(bundle string) error

func ValidateCABundleConfigMap

func ValidateCABundleConfigMap(cm *corev1.ConfigMap) error

Types

type CABundle

type CABundle struct {
	// contains filtered or unexported fields
}

CABundle represents an x509.CertPool that was loaded from a file and which needs to be access both as a cert pool (i.e. parsed) _and_ as a file/PEM string.

func NewCABundleFromBytes

func NewCABundleFromBytes(bytes []byte) (*CABundle, error)

func NewCABundleFromFile

func NewCABundleFromFile(filename string) (*CABundle, error)

func NewFakeCABundle

func NewFakeCABundle() *CABundle

NewFakeCABundle returns a CA bundle that contains a single certificate that cannot validate anything.

func (*CABundle) CertPool

func (b *CABundle) CertPool() *x509.CertPool

func (*CABundle) String

func (b *CABundle) String() string

Directories

Path Synopsis
Package triple generates key-certificate pairs for the triple (CA, Server, Client).
Package triple generates key-certificate pairs for the triple (CA, Server, Client).

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL