mtls

package
v0.21.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 2, 2021 License: Apache-2.0 Imports: 24 Imported by: 6

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var ErrorNoCertConfigure = errors.New("no certificate config")

ErrorNoCertConfigure represents config has no certificate

Functions

func ClearSecretManager 

func ClearSecretManager()

func GetSdsClient 

func GetSdsClient(cfg *auth.SdsSecretConfig) types.SdsClient

func GetTLSConn 

func GetTLSConn(c net.Conn, b []byte) (net.Conn, error)

GetTLSConn return TLSConn

func NewProvider 

func NewProvider(cfg *v2.TLSConfig) (types.TLSProvider, error)

NewProvider returns a types.Provider. we support sds provider and static provider.

func NewTLSClientContextManager 

func NewTLSClientContextManager(cfg *v2.TLSConfig) (types.TLSClientContextManager, error)

NewTLSClientContextManager returns a types.TLSContextManager used in TLS Client

func NewTLSServerContextManager 

func NewTLSServerContextManager(cfg *v2.Listener) (types.TLSContextManager, error)

NewTLSServerContextManager returns a types.TLSContextManager used in TLS Server A Server Manager can contains multiple certificates in provider

func Register 

func Register(name string, factory ConfigHooksFactory) error

Register registers an extension.

func RegisterSdsCallback 

func RegisterSdsCallback(f func(*v2.TLSConfig))

Types

type ConfigHooks 

type ConfigHooks interface {
	// GetClientAuth sets the tls.Config's ClientAuth fields
	GetClientAuth(cfg *v2.TLSConfig) tls.ClientAuthType
	// GetCertificate returns the tls.Certificate by index.
	// By default the index is the cert/key file path or cert/key pem string
	GetCertificate(certIndex, keyIndex string) (tls.Certificate, error)
	// GetX509Pool returns the x509.CertPool, which is a set of certificates.
	// By default the index is the ca certificate file path or certificate pem string
	GetX509Pool(caIndex string) (*x509.CertPool, error)
	// ServerHandshakeVerify returns a function that used to set "VerifyPeerCertificate" defined in tls.Config.
	// If it is returns nil, the normal certificate verification will be used.
	// Notice that we set tls.Config.InsecureSkipVerify to make sure the "VerifyPeerCertificate" is called,
	// so the ServerHandshakeVerify should verify the trusted ca if necessary.
	// If the TLSConfig.RequireClientCert is false, the ServerHandshakeVerify will be ignored
	ServerHandshakeVerify(cfg *tls.Config) func(rawCerts [][]byte, verifiedChains [][]*x509.Certificate) error
	// ClientHandshakeVerify returns a function that used to set "VerifyPeerCertificate" defined in tls.Config.
	// If it is returns nil, the normal certificate verification will be used.
	// Notice that we set tls.Config.InsecureSkipVerify to make sure the "VerifyPeerCertificate" is called,
	// so the ClientHandshakeVerify should verify the trusted ca if necessary.
	// If TLSConfig.InsecureSkip is true, the ClientHandshakeVerify will be ignored.
	ClientHandshakeVerify(cfg *tls.Config) func(rawCerts [][]byte, verifiedChains [][]*x509.Certificate) error
	// GenerateHashValue creates a hash value based on the tls.Config
	GenerateHashValue(cfg *tls.Config) *types.HashValue
}

ConfigHooks is a set of functions used to make a tls config

func DefaultConfigHooks 

func DefaultConfigHooks() ConfigHooks

DefaultConfigHooks returns the default config hooks implement

type ConfigHooksFactory 

type ConfigHooksFactory interface {
	CreateConfigHooks(config map[string]interface{}) ConfigHooks
}

ConfigHooksFactory creates ConfigHooks by config

type Conn 

type Conn struct {
	net.Conn
	// contains filtered or unexported fields
}

Conn is a generic stream-oriented network connection. It implements the net.Conn interface.

func (*Conn) Peek 

func (c *Conn) Peek() ([]byte, error)

Peek returns 1 byte from connection, without draining any buffered data.

func (*Conn) Read 

func (c *Conn) Read(b []byte) (int, error)

Read reads data from the connection.

type TLSConn 

type TLSConn struct {
	*tls.Conn
}

TLSConn represents a secured connection. It implements the net.Conn interface.

func (*TLSConn) ConnectionState 

func (c *TLSConn) ConnectionState() gotls.ConnectionState

ConnectionState records basic TLS details about the connection.

func (*TLSConn) GetRawConn 

func (c *TLSConn) GetRawConn() net.Conn

GetRawConn returns network connection.

func (*TLSConn) GetTLSInfo 

func (c *TLSConn) GetTLSInfo(buf types.IoBuffer) int

GetTLSInfo returns TLSInfo

func (*TLSConn) Read added in v0.11.0 

func (c *TLSConn) Read(b []byte) (int, error)

func (*TLSConn) SetALPN 

func (c *TLSConn) SetALPN(alpn string)

SetALPN sets ALPN

func (*TLSConn) WriteTo 

func (c *TLSConn) WriteTo(v *net.Buffers) (int64, error)

WriteTo writes data

type TLSStats added in v0.14.0 

type TLSStats struct {
	TLSConnpoolChanged gometrics.Counter
}

func NewStats added in v0.14.0 

func NewStats(name string) *TLSStats

Source Files

View all Source files

Directories

Path Synopsis
Package certtool used for generate certificate for test/examples By default, use CreateTemplate, GeneratePrivateKey, and SignCertificate, the certificates created in same process have same root ca
 Package certtool used for generate certificate for test/examples By default, use CreateTemplate, GeneratePrivateKey, and SignCertificate, the certificates created in same process have same root ca
crypto
tls
Package tls partially implements TLS 1.2, as specified in RFC 5246, and TLS 1.3, as specified in RFC 8446.
 Package tls partially implements TLS 1.2, as specified in RFC 5246, and TLS 1.3, as specified in RFC 8446.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.