sslconfigs

package

v1.3.5 Latest Latest Go to latest Published: Apr 21, 2024 License: BSD-3-Clause Imports: 16 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/TeaOSLab/EdgeCommon

Links

Open Source Insights

Documentation ¶

Index ¶

Variables
func AllSSLClientAuthTypes() []maps.Map
func FindSSLClientAuthTypeName(authType SSLClientAuthType) string
func GoSSLClientAuthType(authType SSLClientAuthType) tls.ClientAuthType
type HSTSConfig
type SSLCertConfig
type SSLCertRef
type SSLClientAuthType
type SSLPolicy
type SSLPolicyRef
type TLSCipherSuite
type TLSVersion

Constants ¶

This section is empty.

Variables ¶

View Source

var AllTLSCipherSuites = []TLSCipherSuite{
	"TLS_RSA_WITH_RC4_128_SHA",
	"TLS_RSA_WITH_3DES_EDE_CBC_SHA",
	"TLS_RSA_WITH_AES_128_CBC_SHA",
	"TLS_RSA_WITH_AES_256_CBC_SHA",
	"TLS_RSA_WITH_AES_128_CBC_SHA256",
	"TLS_RSA_WITH_AES_128_GCM_SHA256",
	"TLS_RSA_WITH_AES_256_GCM_SHA384",
	"TLS_ECDHE_ECDSA_WITH_RC4_128_SHA",
	"TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA",
	"TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA",
	"TLS_ECDHE_RSA_WITH_RC4_128_SHA",
	"TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA",
	"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA",
	"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA",
	"TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256",
	"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256",
	"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
	"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
	"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
	"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
	"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305",
	"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305",
	"TLS_AES_128_GCM_SHA256",
	"TLS_AES_256_GCM_SHA384",
	"TLS_CHACHA20_POLY1305_SHA256",
}

View Source

var AllTlsVersions = []TLSVersion{"TLS 1.0", "TLS 1.1", "TLS 1.2", "TLS 1.3"}

View Source

var TLSIntermediateCipherSuites = []string{
	"TLS_AES_128_GCM_SHA256",
	"TLS_CHACHA20_POLY1305_SHA256",
	"TLS_AES_256_GCM_SHA384",

	"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305",
	"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305",
	"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
	"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
	"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
	"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
	"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256",
	"TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256",

	"TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA",
	"TLS_RSA_WITH_3DES_EDE_CBC_SHA",
}

View Source

var TLSModernCipherSuites = []string{
	"TLS_AES_128_GCM_SHA256",
	"TLS_CHACHA20_POLY1305_SHA256",
	"TLS_AES_256_GCM_SHA384",

	"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305",
	"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305",
	"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
	"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
	"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
	"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
}

Functions ¶

func AllSSLClientAuthTypes ¶

func AllSSLClientAuthTypes() []maps.Map

所有的客户端认证类型

func FindSSLClientAuthTypeName ¶

func FindSSLClientAuthTypeName(authType SSLClientAuthType) string

查找单个认证方式的名称

func GoSSLClientAuthType ¶

func GoSSLClientAuthType(authType SSLClientAuthType) tls.ClientAuthType

认证类型和tls包内类型的映射

Types ¶

type HSTSConfig ¶

type HSTSConfig struct {
	IsOn              bool     `yaml:"isOn" json:"isOn"`
	MaxAge            int      `yaml:"maxAge" json:"maxAge"` // 单位秒
	IncludeSubDomains bool     `yaml:"includeSubDomains" json:"includeSubDomains"`
	Preload           bool     `yaml:"preload" json:"preload"`
	Domains           []string `yaml:"domains" json:"domains"`
	// contains filtered or unexported fields
}

HSTS设置参考： https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security

func (*HSTSConfig) HeaderKey ¶

func (this *HSTSConfig) HeaderKey() string

Header Key

func (*HSTSConfig) HeaderValue ¶

func (this *HSTSConfig) HeaderValue() string

取得当前的Header值

func (*HSTSConfig) Init ¶

func (this *HSTSConfig) Init() error

校验

func (*HSTSConfig) Match ¶

func (this *HSTSConfig) Match(domain string) bool

判断是否匹配域名

type SSLCertConfig ¶

type SSLCertConfig struct {
	Id          int64  `yaml:"id" json:"id"`
	IsOn        bool   `yaml:"isOn" json:"isOn"`
	Name        string `yaml:"name" json:"name"`
	Description string `yaml:"description" json:"description"` // 说明
	CertData    []byte `yaml:"certData" json:"certData"`       // 证书数据
	KeyData     []byte `yaml:"keyData" json:"keyData"`         // 密钥数据
	ServerName  string `yaml:"serverName" json:"serverName"`   // 证书使用的主机名，在请求TLS服务器时需要
	IsCA        bool   `yaml:"isCA" json:"isCA"`               // 是否为CA证书
	IsACME      bool   `yaml:"isACME" json:"isACME"`           // 是否通过ACME协议免费申请

	// 以下是从证书中分析所得
	TimeBeginAt int64    `yaml:"timeBeginAt" json:"timeBeginAt"`
	TimeEndAt   int64    `yaml:"timeEndAt" json:"timeEndAt"`
	DNSNames    []string `yaml:"dnsNames" json:"dnsNames"`
	CommonNames []string `yaml:"commonNames" json:"commonNames"`

	// OCSP
	OCSP          []byte `yaml:"ocsp" json:"ocsp"`
	OCSPExpiresAt int64  `yaml:"ocspExpiresAt" json:"ocspExpiresAt"`
	OCSPError     string `yaml:"ocspError" json:"ocspError"`
	// contains filtered or unexported fields
}

SSLCertConfig SSL证书

func (*SSLCertConfig) CACerts ¶ added in v0.6.4

func (this *SSLCertConfig) CACerts() []*x509.Certificate

func (*SSLCertConfig) CertObject ¶

func (this *SSLCertConfig) CertObject() *tls.Certificate

CertObject 获取证书对象

func (*SSLCertConfig) Init ¶

func (this *SSLCertConfig) Init(ctx context.Context) error

Init 校验

func (*SSLCertConfig) MatchDomain ¶

func (this *SSLCertConfig) MatchDomain(domain string) bool

MatchDomain 校验是否匹配某个域名

func (*SSLCertConfig) TimeBegin ¶

func (this *SSLCertConfig) TimeBegin() time.Time

TimeBegin 开始时间

func (*SSLCertConfig) TimeEnd ¶

func (this *SSLCertConfig) TimeEnd() time.Time

TimeEnd 结束时间

type SSLCertRef ¶

type SSLCertRef struct {
	IsOn   bool  `yaml:"isOn" json:"isOn"`
	CertId int64 `yaml:"certId" json:"certId"`
}

type SSLClientAuthType ¶

type SSLClientAuthType = int

认证类型

const (
	SSLClientAuthTypeNoClientCert               SSLClientAuthType = 0
	SSLClientAuthTypeRequestClientCert          SSLClientAuthType = 1
	SSLClientAuthTypeRequireAnyClientCert       SSLClientAuthType = 2
	SSLClientAuthTypeVerifyClientCertIfGiven    SSLClientAuthType = 3
	SSLClientAuthTypeRequireAndVerifyClientCert SSLClientAuthType = 4
)

type SSLPolicy ¶

type SSLPolicy struct {
	Id   int64 `yaml:"id" json:"id"`     // ID
	IsOn bool  `yaml:"isOn" json:"isOn"` // 是否开启

	CertRefs       []*SSLCertRef     `yaml:"certRefs" json:"certRefs"`
	Certs          []*SSLCertConfig  `yaml:"certs" json:"certs"`
	ClientAuthType SSLClientAuthType `yaml:"clientAuthType" json:"clientAuthType"` // 客户端认证类型
	ClientCARefs   []*SSLCertRef     `yaml:"clientCARefs" json:"clientCARefs"`     // 客户端认证CA证书引用
	ClientCACerts  []*SSLCertConfig  `yaml:"clientCACerts" json:"clientCACerts"`   // 客户端认证CA

	MinVersion       TLSVersion       `yaml:"minVersion" json:"minVersion"`             // 支持的最小版本
	CipherSuitesIsOn bool             `yaml:"cipherSuitesIsOn" json:"cipherSuitesIsOn"` // 是否自定义加密算法套件
	CipherSuites     []TLSCipherSuite `yaml:"cipherSuites" json:"cipherSuites"`         // 加密算法套件

	HSTS         *HSTSConfig `yaml:"hsts" json:"hsts"`                 // HSTS配置
	HTTP2Enabled bool        `yaml:"http2Enabled" json:"http2Enabled"` // 是否启用HTTP/2
	HTTP3Enabled bool        `yaml:"http3Enabled" json:"http3Enabled"` // 是否启用HTTP/3

	OCSPIsOn bool `yaml:"ocspIsOn" json:"ocspIsOn"` // 是否启用OCSP
	// contains filtered or unexported fields
}

SSLPolicy SSL配置

func (*SSLPolicy) CAPool ¶

func (this *SSLPolicy) CAPool() *x509.CertPool

CAPool CA证书Pool，用于TLS对客户端进行认证

func (*SSLPolicy) CheckOCSP ¶

func (this *SSLPolicy) CheckOCSP()

CheckOCSP 检查OCSP过期时间

func (*SSLPolicy) ContainsCert ¶

func (this *SSLPolicy) ContainsCert(certId int64) bool

ContainsCert 检查是否包括某个证书

func (*SSLPolicy) FirstCert ¶

func (this *SSLPolicy) FirstCert() *tls.Certificate

FirstCert 取得第一个证书

func (*SSLPolicy) Init ¶

func (this *SSLPolicy) Init(ctx context.Context) error

Init 校验配置

func (*SSLPolicy) MatchDomain ¶

func (this *SSLPolicy) MatchDomain(domain string) (cert *tls.Certificate, ok bool)

MatchDomain 校验是否匹配某个域名

func (*SSLPolicy) OcspExpiresAt ¶

func (this *SSLPolicy) OcspExpiresAt() int64

OcspExpiresAt OCSP最近过期时间

func (*SSLPolicy) TLSCipherSuites ¶

func (this *SSLPolicy) TLSCipherSuites() []uint16

TLSCipherSuites 套件

func (*SSLPolicy) TLSConfig ¶

func (this *SSLPolicy) TLSConfig() *tls.Config

func (*SSLPolicy) TLSMinVersion ¶

func (this *SSLPolicy) TLSMinVersion() uint16

TLSMinVersion 取得最小版本

func (*SSLPolicy) UpdateCertOCSP ¶

func (this *SSLPolicy) UpdateCertOCSP(certId int64, ocsp []byte, expiresAt int64)

UpdateCertOCSP 修改某个证书的OCSP

type SSLPolicyRef ¶

type SSLPolicyRef struct {
	IsOn        bool  `yaml:"isOn" json:"isOn"`
	SSLPolicyId int64 `yaml:"sslPolicyId" json:"sslPolicyId"`
}

type TLSCipherSuite ¶

type TLSCipherSuite = string

TLSCipherSuite Cipher Suites

type TLSVersion ¶

type TLSVersion = string

TLSVersion TLS Version

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL