factory

package

v0.3.4 Latest Latest Go to latest Published: Jul 13, 2022 License: Apache-2.0 Imports: 24 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/jieshiyeskey/dynamiclistener

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
func GenCA() (*x509.Certificate, crypto.Signer, error)
func IsStatic(secret *v1.Secret) bool
func LoadCA(caPem, caKey []byte) (*x509.Certificate, crypto.Signer, error)
func LoadCerts(certFile, keyFile string) (*x509.Certificate, crypto.Signer, error)
func LoadOrGenCA() (*x509.Certificate, crypto.Signer, error)
func Marshal(x509Cert *x509.Certificate, privateKey crypto.Signer) (certBytes, keyBytes []byte, err error)
func MarshalChain(privateKey crypto.Signer, certs ...*x509.Certificate) (keyBytes, certChainBytes []byte, err error)
func NeedsUpdate(maxSANs int, secret *v1.Secret, cn ...string) bool
func NewPrivateKey() (crypto.Signer, error)
func NewSelfSignedCACert(key crypto.Signer, cn string, org ...string) (*x509.Certificate, error)
func NewSignedCert(signer crypto.Signer, caCert *x509.Certificate, caKey crypto.Signer, cn string, ...) (*x509.Certificate, error)
func NewSignedClientCert(signer crypto.Signer, caCert *x509.Certificate, caKey crypto.Signer, cn string) (*x509.Certificate, error)
func ParseCertPEM(pemCerts []byte) (*x509.Certificate, error)
type TLS

Constants ¶

View Source

const (
	CertificateBlockType = "CERTIFICATE"
)

View Source

const (
	Static = "listener.cattle.io/static"
)

Variables ¶

This section is empty.

Functions ¶

func GenCA ¶

func GenCA() (*x509.Certificate, crypto.Signer, error)

func IsStatic ¶

func IsStatic(secret *v1.Secret) bool

IsStatic returns true if the Secret has an attribute indicating that it contains a static (aka user-provided) certificate, which should not be modified.

func LoadCA ¶

func LoadCA(caPem, caKey []byte) (*x509.Certificate, crypto.Signer, error)

func LoadCerts ¶

func LoadCerts(certFile, keyFile string) (*x509.Certificate, crypto.Signer, error)

func LoadOrGenCA ¶

func LoadOrGenCA() (*x509.Certificate, crypto.Signer, error)

func Marshal ¶

func Marshal(x509Cert *x509.Certificate, privateKey crypto.Signer) (certBytes, keyBytes []byte, err error)

Marshal returns the given cert and key as byte slices.

func MarshalChain ¶

func MarshalChain(privateKey crypto.Signer, certs ...*x509.Certificate) (keyBytes, certChainBytes []byte, err error)

MarshalChain returns given key and certificates as byte slices.

func NeedsUpdate ¶

func NeedsUpdate(maxSANs int, secret *v1.Secret, cn ...string) bool

NeedsUpdate returns true if any of the CNs are not currently present on the secret's Certificate, as recorded in the cnPrefix annotations. It will return false if all requested CNs are already present, or if maxSANs is non-zero and has been exceeded.

func NewPrivateKey ¶

func NewPrivateKey() (crypto.Signer, error)

NewPrivateKey returnes a new ECDSA key

func NewSelfSignedCACert ¶

func NewSelfSignedCACert(key crypto.Signer, cn string, org ...string) (*x509.Certificate, error)

func NewSignedCert ¶

func NewSignedCert(signer crypto.Signer, caCert *x509.Certificate, caKey crypto.Signer, cn string, orgs []string,
	domains []string, ips []net.IP) (*x509.Certificate, error)

func NewSignedClientCert ¶

func NewSignedClientCert(signer crypto.Signer, caCert *x509.Certificate, caKey crypto.Signer, cn string) (*x509.Certificate, error)

func ParseCertPEM ¶

func ParseCertPEM(pemCerts []byte) (*x509.Certificate, error)

Types ¶

type TLS ¶

type TLS struct {
	CACert       *x509.Certificate
	CAKey        crypto.Signer
	CN           string
	Organization []string
	FilterCN     func(...string) []string
}

func (*TLS) AddCN ¶

func (t *TLS) AddCN(secret *v1.Secret, cn ...string) (*v1.Secret, bool, error)

AddCN attempts to add a list of CN strings to a given Secret, returning the potentially-modified Secret along with a bool indicating whether or not it has been updated. The Secret will not be changed if it has an attribute indicating that it is static (aka user-provided), or if no new CNs were added.

func (*TLS) Filter ¶

func (t *TLS) Filter(cn ...string) []string

Filter ensures that the CNs are all valid accorting to both internal logic, and any filter callbacks. The returned list will contain only approved CN entries.

func (*TLS) Merge ¶

func (t *TLS) Merge(target, additional *v1.Secret) (*v1.Secret, bool, error)

Merge combines the SAN lists from the target and additional Secrets, and returns a potentially modified Secret, along with a bool indicating if the returned Secret is not the same as the target Secret.

If the merge would not add any CNs to the additional Secret, the additional Secret is returned, to allow for certificate rotation/regeneration.

If the merge would not add any CNs to the target Secret, the target Secret is returned; no merging is necessary.

If neither certificate is acceptable as-is, a new certificate containing the union of the two lists is generated, using the private key from the first Secret. The returned Secret will contain the updated cert.

func (*TLS) Regenerate ¶

func (t *TLS) Regenerate(secret *v1.Secret) (*v1.Secret, error)

func (*TLS) Renew ¶

func (t *TLS) Renew(secret *v1.Secret) (*v1.Secret, error)

Renew returns a copy of the given certificate that has been re-signed to extend the NotAfter date. It is an error to attempt to renew a static (user-provided) certificate.

func (*TLS) Verify ¶

func (t *TLS) Verify(secret *v1.Secret) error

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL