Documentation
¶
Overview ¶
Package cert is responsible for generating certs dynamically and loading the certs from external sources.
Package cert is responsible for generating certs dynamically and loading the certs from external sources.
Package cert is responsible for generating certs dynamically and loading the certs from external sources.
Index ¶
- Constants
- Variables
- func GetPemCertFromx509Cert(cert x509.Certificate) []byte
- func GetX509KeyPairFromCertBytes(certBytes *CertBytes) (*tls.Certificate, error)
- type CertBytes
- type CertConfig
- type CertKeyPair
- type CertLoader
- type CertPath
- type ExternalCertLoader
- type K8sCertLoader
- type SelfSignedCertLoader
- type TlsConfig
- type TlsCredentialManager
Constants ¶
View Source
const ( // ORG kubearmor KubeArmor_ORG string = "kubearmor" KubeArmor_CN string = "kubearmor" )
View Source
const ( SelfCertProvider string = "self" ExternalCertProvider string = "external" )
Variables ¶
View Source
var DefaultKubeArmorCAConfig = CertConfig{ CN: KubeArmor_CN, Organization: KubeArmor_ORG, IsCa: true, KeyUsage: x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature | x509.KeyUsageCertSign | x509.KeyUsageCRLSign, }
View Source
var DefaultKubeArmorClientConfig = CertConfig{ CN: KubeArmor_CN, Organization: KubeArmor_ORG, KeyUsage: x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature, ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth}, }
View Source
var DefaultKubeArmorServerConfig = CertConfig{ CN: KubeArmor_CN, Organization: KubeArmor_ORG, KeyUsage: x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature, ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth}, }
Functions ¶
func GetPemCertFromx509Cert ¶
func GetPemCertFromx509Cert(cert x509.Certificate) []byte
func GetX509KeyPairFromCertBytes ¶
func GetX509KeyPairFromCertBytes(certBytes *CertBytes) (*tls.Certificate, error)
Types ¶
type CertBytes ¶
CertBytes type
func GenerateCA ¶
func GenerateCA(cfg *CertConfig) (*CertBytes, error)
func GenerateSelfSignedCert ¶
func GenerateSelfSignedCert(ca *CertKeyPair, cfg *CertConfig) (*CertBytes, error)
GenerateSelfSignedCert func generates cert and key signed by provided CA
func ReadCertFromFile ¶
ReadCertFromFile func reads certificate key pair from the given path
func ReadCertFromK8sSecret ¶
func ReadCertFromK8sSecret(client *kubernetes.Clientset, namespace, secret string) (*CertBytes, error)
ReadCertFromK8sSecret func reads cert from the k8s tls secret it assumes the cert and key file exists with tls.crt and tls.key names respectively that is true in case of kubernetes.io/tls secret type, https://kubernetes.io/docs/concepts/configuration/secret/#tls-secrets
type CertConfig ¶
type CertKeyPair ¶
type CertKeyPair struct {
Crt *x509.Certificate
Key *rsa.PrivateKey
}
CertKeyPair type
func GenerateCert ¶
func GenerateCert(cfg *CertConfig) (*CertKeyPair, error)
func GetCertKeyPairFromCertBytes ¶
func GetCertKeyPairFromCertBytes(certBytes *CertBytes) (*CertKeyPair, error)
type CertLoader ¶
type CertLoader interface {
GetCertificateAndCaPool() (*tls.Certificate, *x509.CertPool, error)
}
type CertPath ¶
type CertPath struct {
Base string
CertFile string
KeyFile string // Not Required if CertOnly:true
CertOnly bool // if true read certificate only
}
func GetCACertPath ¶
GetCACertPath func returns CA certificate (full) path
func GetClientCertPath ¶
GetClientCertPath func returns client certificate (full) path
func GetServerCertPath ¶
GetServerCertPath func returns server certificate (full) path
type ExternalCertLoader ¶
load certificates provided by external source using file
func (*ExternalCertLoader) GetCertificateAndCaPool ¶
func (loader *ExternalCertLoader) GetCertificateAndCaPool() (*tls.Certificate, *x509.CertPool, error)
type K8sCertLoader ¶
type K8sCertLoader struct {
CertConfig CertConfig
K8sClient *kubernetes.Clientset
Namespace string
Secret string
}
func (*K8sCertLoader) GetCertificateAndCaPool ¶
func (loader *K8sCertLoader) GetCertificateAndCaPool() (*tls.Certificate, *x509.CertPool, error)
type SelfSignedCertLoader ¶
type SelfSignedCertLoader struct {
CaCertPath CertPath
CertConfig CertConfig
}
generate self sign certificate dynamically
func (*SelfSignedCertLoader) GetCertificateAndCaPool ¶
func (loader *SelfSignedCertLoader) GetCertificateAndCaPool() (*tls.Certificate, *x509.CertPool, error)
type TlsConfig ¶
type TlsConfig struct {
// Server/Client Certificate Configurations
CertCfg CertConfig
// If CA is Provided Using a K8s Secret
// Namespace, Secret and K8sClient are Required
ReadCACertFromSecret bool
Secret string
Namespace string
K8sClient *kubernetes.Clientset
CACertPath CertPath
CertPath CertPath
// Source of Client/Server Certificate,
// "self" : Certificates Will be Generated Dynamically
// "external": Certificates Are Provided Using File
CertProvider string
}
type TlsCredentialManager ¶
type TlsCredentialManager struct {
CertLoader CertLoader
}
func NewTlsCredentialManager ¶
func NewTlsCredentialManager(cfg *TlsConfig) *TlsCredentialManager
func (*TlsCredentialManager) CreateTlsClientCredentials ¶
func (manager *TlsCredentialManager) CreateTlsClientCredentials() (credentials.TransportCredentials, error)
func (*TlsCredentialManager) CreateTlsServerCredentials ¶
func (manager *TlsCredentialManager) CreateTlsServerCredentials() (credentials.TransportCredentials, error)
Source Files
Click to show internal directories.
Click to hide internal directories.