factory

package
v1.27.5 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Sep 11, 2023 License: Apache-2.0 Imports: 24 Imported by: 6

Documentation

Index

Constants

View Source 
const (
	CertificateBlockType = "CERTIFICATE"
)
View Source 
const (
	Static = "listener.cattle.io/static"
)

Variables

This section is empty.

Functions

func GenCA 

func GenCA() (*x509.Certificate, crypto.Signer, error)

func IsStatic added in v0.2.1 

func IsStatic(secret *v1.Secret) bool

IsStatic returns true if the Secret has an attribute indicating that it contains a static (aka user-provided) certificate, which should not be modified.

func LoadCA added in v0.2.1 

func LoadCA(caPem, caKey []byte) (*x509.Certificate, crypto.Signer, error)

func LoadCAChain added in v0.3.6 

func LoadCAChain(caPem, caKey []byte) ([]*x509.Certificate, crypto.Signer, error)

func LoadCerts deprecated 

func LoadCerts(certFile, keyFile string) (*x509.Certificate, crypto.Signer, error)

Deprecated: Use LoadCertsChain instead as it supports intermediate CAs

func LoadCertsChain added in v0.3.6 

func LoadCertsChain(certFile, keyFile string) ([]*x509.Certificate, crypto.Signer, error)

func LoadOrGenCA deprecated 

func LoadOrGenCA() (*x509.Certificate, crypto.Signer, error)

Deprecated: Use LoadOrGenCAChain instead as it supports intermediate CAs

func LoadOrGenCAChain added in v0.3.6 

func LoadOrGenCAChain() ([]*x509.Certificate, crypto.Signer, error)

func Marshal 

func Marshal(x509Cert *x509.Certificate, privateKey crypto.Signer) (certBytes, keyBytes []byte, err error)

Marshal returns the given cert and key as byte slices.

func MarshalChain added in v0.3.3 

func MarshalChain(privateKey crypto.Signer, certs ...*x509.Certificate) (keyBytes, certChainBytes []byte, err error)

MarshalChain returns given key and certificates as byte slices.

func NeedsUpdate 

func NeedsUpdate(maxSANs int, secret *v1.Secret, cn ...string) bool

NeedsUpdate returns true if any of the CNs are not currently present on the secret's Certificate, as recorded in the cnPrefix annotations. It will return false if all requested CNs are already present, or if maxSANs is non-zero and has been exceeded.

func NewPrivateKey 

func NewPrivateKey() (crypto.Signer, error)

NewPrivateKey returnes a new ECDSA key

func NewSelfSignedCACert 

func NewSelfSignedCACert(key crypto.Signer, cn string, org ...string) (*x509.Certificate, error)

func NewSignedCert 

func NewSignedCert(signer crypto.Signer, caCert *x509.Certificate, caKey crypto.Signer, cn string, orgs []string,
	domains []string, ips []net.IP) (*x509.Certificate, error)

func NewSignedClientCert added in v0.2.1 

func NewSignedClientCert(signer crypto.Signer, caCert *x509.Certificate, caKey crypto.Signer, cn string) (*x509.Certificate, error)

func ParseCertPEM 

func ParseCertPEM(pemCerts []byte) (*x509.Certificate, error)

Types

type TLS 

type TLS struct {
	CACert              []*x509.Certificate
	CAKey               crypto.Signer
	CN                  string
	Organization        []string
	FilterCN            func(...string) []string
	ExpirationDaysCheck int
}

func (*TLS) AddCN 

func (t *TLS) AddCN(secret *v1.Secret, cn ...string) (*v1.Secret, bool, error)

AddCN attempts to add a list of CN strings to a given Secret, returning the potentially-modified Secret along with a bool indicating whether or not it has been updated. The Secret will not be changed if it has an attribute indicating that it is static (aka user-provided), or if no new CNs were added.

func (*TLS) Filter added in v0.2.1 

func (t *TLS) Filter(cn ...string) []string

Filter ensures that the CNs are all valid accorting to both internal logic, and any filter callbacks. The returned list will contain only approved CN entries.

func (*TLS) IsExpired added in v0.3.4 

func (t *TLS) IsExpired(secret *v1.Secret) bool

func (*TLS) Merge 

func (t *TLS) Merge(target, additional *v1.Secret) (*v1.Secret, bool, error)

Merge combines the SAN lists from the target and additional Secrets, and returns a potentially modified Secret, along with a bool indicating if the returned Secret is not the same as the target Secret. Secrets with expired certificates will never be returned.

If the merge would not add any CNs to the additional Secret, the additional Secret is returned, to allow for certificate rotation/regeneration.

If the merge would not add any CNs to the target Secret, the target Secret is returned; no merging is necessary.

If neither certificate is acceptable as-is, a new certificate containing the union of the two lists is generated, using the private key from the first Secret. The returned Secret will contain the updated cert.

func (*TLS) Regenerate added in v0.2.7 

func (t *TLS) Regenerate(secret *v1.Secret) (*v1.Secret, error)

func (*TLS) Renew added in v0.2.1 

func (t *TLS) Renew(secret *v1.Secret) (*v1.Secret, error)

Renew returns a copy of the given certificate that has been re-signed to extend the NotAfter date. It is an error to attempt to renew a static (user-provided) certificate.

func (*TLS) Verify added in v0.3.3 

func (t *TLS) Verify(secret *v1.Secret) error

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.