credentials

package

v1.2.1 Latest Latest Go to latest Published: Dec 25, 2023 License: Apache-2.0 Imports: 15 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/Mellanox/gnxi

Links

Open Source Insights

Documentation ¶

Overview ¶

Package credentials loads certificates and validates user credentials.

Index ¶

Variables
func AttachToContext(ctx context.Context) context.Context
func AuthorizeUser(ctx context.Context) (string, bool)
func CheckCertSANData(rawCerts [][]byte, verifiedChains [][]*x509.Certificate) error
func ClientCredentials() []grpc.DialOption
func GetCAEntity() *entity.Entity
func LoadCertificates() ([]tls.Certificate, *x509.CertPool)
func ParseCertificates() (*tls.Certificate, *x509.Certificate)
func ServerCredentials() []grpc.ServerOption
func SetTargetName(name string)

Constants ¶

This section is empty.

Variables ¶

View Source

var (

	// TargetName is a flag containing the hostname verfified by TLS handshake.
	TargetName = flag.String("target_name", "", "The target name used to verify the hostname returned by TLS handshake")
)

Functions ¶

func AttachToContext ¶

func AttachToContext(ctx context.Context) context.Context

AttachToContext attaches credentials to a context. If there are existing credentials, it overrides their values.

func AuthorizeUser ¶

func AuthorizeUser(ctx context.Context) (string, bool)

AuthorizeUser checks for valid credentials in the context Metadata.

func CheckCertSANData ¶

func CheckCertSANData(rawCerts [][]byte, verifiedChains [][]*x509.Certificate) error

Extract the SAN of the client certification from and compare it to UFM ssl_cert hostnames, in our server_cert_hostnames. return nil if there is no server_cert_hostnames or it pass SAN test. return error else

func ClientCredentials ¶

func ClientCredentials() []grpc.DialOption

ClientCredentials generates gRPC DialOptions for existing credentials.

func GetCAEntity ¶

func GetCAEntity() *entity.Entity

GetCAEntity gets a CA entity from a CA file and private key.

func LoadCertificates ¶

func LoadCertificates() ([]tls.Certificate, *x509.CertPool)

LoadCertificates loads certificates from files and exits if there's an error.

func ParseCertificates ¶

func ParseCertificates() (*tls.Certificate, *x509.Certificate)

ParseCertificates gets certificates from files or generates them from the CA.

func ServerCredentials ¶

func ServerCredentials() []grpc.ServerOption

ServerCredentials generates gRPC ServerOptions for existing credentials.

func SetTargetName ¶

func SetTargetName(name string)

SetTargetName sets the targetName variable.

Types ¶

This section is empty.

Source Files ¶

View all Source files

credentials.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL