Documentation
¶
Index ¶
- func CheckTrustState(cert x509.Certificate, trustedCerts []x509.Certificate) bool
- func FindOrGenClientCert(cert, key string, options ...Option) error
- func Fingerprint(cert *x509.Certificate) string
- func FingerprintStr(c string) (string, error)
- func GetTLSConfigMem(tlsClientCert, tlsClientKey, tlsClientCA, tlsRemoteCertPEM string, ...) (*tls.Config, error)
- func InitTLSConfig() *tls.Config
- func ReadCert(path string, options ...Option) (*x509.Certificate, error)
- func ServerTLSConfig(cert *Info, logger log.Logger) *tls.Config
- func TLSCheckCert(r *http.Request, info *Info) (bool, error)
- func TLSClientConfig(info *Info) (*tls.Config, error)
- func WriteCert(dir, prefix string, cert, key []byte, options ...Option) error
- type CertGenerator
- type CertKey
- type Info
- type Kind
- type OS
- type Option
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func CheckTrustState ¶
func CheckTrustState(cert x509.Certificate, trustedCerts []x509.Certificate) bool
CheckTrustState checks whether the given client certificate is trusted (i.e. it has a valid time span and it belongs to the given list of trusted certificates).
func FindOrGenClientCert ¶
FindOrGenClientCert will create or generate a certificate
func Fingerprint ¶
func Fingerprint(cert *x509.Certificate) string
Fingerprint returns the fingerprint of the certificate
func FingerprintStr ¶
FingerprintStr returns the fingerprint of the certificate as a string
func GetTLSConfigMem ¶
func GetTLSConfigMem( tlsClientCert, tlsClientKey, tlsClientCA, tlsRemoteCertPEM string, insecureSkipVerify bool, ) (*tls.Config, error)
GetTLSConfigMem returns tls.Config using memory without reading the filesystem
func InitTLSConfig ¶
InitTLSConfig returns a tls.Config populated with default encryption parameters. This is used as baseline config for both client and server certificates used by thermionic.
func ReadCert ¶
func ReadCert(path string, options ...Option) (*x509.Certificate, error)
ReadCert will read a certificate file and correctly parse it
func ServerTLSConfig ¶
ServerTLSConfig returns a new server-side tls.Config generated from the give certificate info.
func TLSCheckCert ¶
TLSCheckCert returns true if the given request is presenting the given cluster certificate.
func TLSClientConfig ¶
TLSClientConfig returns a TLS configuration suitable for establishing inter-node network connections using the cluster certificate.
Types ¶
type CertGenerator ¶
type CertGenerator struct {
// contains filtered or unexported fields
}
CertGenerator generator attempts to generate certificates and keys
func NewCertGenerator ¶
func NewCertGenerator(organization []string, options ...Option) *CertGenerator
NewCertGenerator creates a new CertGenerator with sane defaults
func (*CertGenerator) Generate ¶
func (g *CertGenerator) Generate(cert, key string, certType bool) error
Generate will create and populate a certificate file and a key file
func (*CertGenerator) GenerateMemCert ¶
func (g *CertGenerator) GenerateMemCert(client bool) (CertKey, error)
GenerateMemCert creates client or server certificate and key pair, returning them as byte arrays in memory.
type CertKey ¶
type CertKey struct {
Cert, Key []byte
}
CertKey represents a tuple of Certificates and Keys as a pair.
type Info ¶
type Info struct {
// contains filtered or unexported fields
}
Info captures TLS certificate information about a certain public/private keypair and an optional CA certificate.
Given support for PKI setups, these two bits of information are normally used and passed around together, so this structure helps with that.
func KeyPairAndCA ¶
KeyPairAndCA returns a CertInfo object with a reference to the key pair and (optionally) CA certificate located in the given directory and having the given name prefix
The naming conversion for the various files is:
<prefix>.crt -> public key <prefix>.key -> private key <prefix>.ca -> CA certificate
If no public/private key files are found, a new key pair will be generated and saved on disk.
If a CA certificate is found, it will be returned as well as second return value (otherwise it will be nil).
func LoadCert ¶
LoadCert reads the server certificate from the given var dir.
If a cluster certificate is found it will be loaded instead.
func NewInfo ¶
func NewInfo(keypair tls.Certificate, ca *x509.Certificate) *Info
NewInfo creates a new cert.Info with sane defaults.
func (*Info) Fingerprint ¶
Fingerprint returns the fingerprint of the public key.
func (*Info) KeyPair ¶
func (c *Info) KeyPair() tls.Certificate
KeyPair returns the public/private key pair.
func (*Info) PrivateKey ¶
PrivateKey is a convenience to encode the underlying private key.
type Kind ¶
type Kind int
Kind defines the kind of certificate to generate from scratch in KeyPairAndCA when it's not there.
The two possible kinds are client and server, and they differ in the ext-key-usage bitmaps. See GenerateMemCert for more details.
type OS ¶
type OS interface {
// Hostname returns the host name reported by the kernel.
Hostname() (string, error)
// HostNames will generate a list of names for which the certificate will be
// valid.
// This will include the hostname and ip address
HostNames() ([]string, error)
// User returns the current user.
User() (*user.User, error)
}
OS is a high-level facade for accessing all operating-system level functionality that therm uses.
type Option ¶
type Option func(*options)
Option to be passed to Connect to customize the resulting instance.
func WithFileSystem ¶
func WithFileSystem(fileSystem fsys.FileSystem) Option
WithFileSystem sets the fileSystem on the option
func WithLogger ¶
WithLogger sets the logger on the option
Source Files