Documentation
¶
Overview ¶
Package certs start a background goroutine to update a CertificatesCache of ACM and IAM certificates and an algorithm to find the best matching certificate.
Index ¶
- Variables
- type CertificateSummary
- func FindBestMatchingCertificate(certs []*CertificateSummary, hostname string) (*CertificateSummary, error)
- func FindBestMatchingCertificates(certs []*CertificateSummary, hostnames []string) []*CertificateSummary
- func NewCertificate(id string, certificate *x509.Certificate, chain []*x509.Certificate) *CertificateSummary
- func (c *CertificateSummary) DomainNames() []string
- func (c *CertificateSummary) ID() string
- func (c *CertificateSummary) NotAfter() time.Time
- func (c *CertificateSummary) NotBefore() time.Time
- func (c *CertificateSummary) Verify(hostname string) error
- func (c *CertificateSummary) WithRoots(r *x509.CertPool) *CertificateSummary
- type CertificatesProvider
Constants ¶
This section is empty.
Variables ¶
var ErrNoMatchingCertificateFound = errors.New("no matching certificate found")
ErrNoMatchingCertificateFound is used if there is no matching ACM certificate found
Functions ¶
This section is empty.
Types ¶
type CertificateSummary ¶
type CertificateSummary struct {
// contains filtered or unexported fields
}
CertificateSummary is the business object for Certificates
func FindBestMatchingCertificate ¶
func FindBestMatchingCertificate(certs []*CertificateSummary, hostname string) (*CertificateSummary, error)
FindBestMatchingCertificate uses a suffix search, best match operation, in order to find the best matching certificate for a given hostname.
func FindBestMatchingCertificates ¶ added in v0.6.8
func FindBestMatchingCertificates(certs []*CertificateSummary, hostnames []string) []*CertificateSummary
FindBestMatchingCertificates uses a suffix search, best match operation, in order to find the best matching certificates for a given hostnames.
func NewCertificate ¶
func NewCertificate(id string, certificate *x509.Certificate, chain []*x509.Certificate) *CertificateSummary
NewCertificate returns a new CertificateSummary with the matching fields set from the arguments
func (*CertificateSummary) DomainNames ¶ added in v0.8.0
func (c *CertificateSummary) DomainNames() []string
DomainNames returns all the host names (sites, IP addresses, common names, etc.) protected by the certificate
func (*CertificateSummary) ID ¶
func (c *CertificateSummary) ID() string
ID returns the certificate ID for the underlying provider
func (*CertificateSummary) NotAfter ¶
func (c *CertificateSummary) NotAfter() time.Time
NotAfter returns the field with the same name from the certificate
func (*CertificateSummary) NotBefore ¶
func (c *CertificateSummary) NotBefore() time.Time
NotBefore returns the field with the same name from the certificate
func (*CertificateSummary) Verify ¶ added in v0.8.0
func (c *CertificateSummary) Verify(hostname string) error
Verify attempts to verify the certificate against the roots using the chain information if needed, for TLS usage.
func (*CertificateSummary) WithRoots ¶ added in v0.14.15
func (c *CertificateSummary) WithRoots(r *x509.CertPool) *CertificateSummary
WithRoots enables you to override the root certificate pool. This should be only used for test purposes.
type CertificatesProvider ¶
type CertificatesProvider interface {
GetCertificates() ([]*CertificateSummary, error)
}
CertificatesProvider interface for Certificate Provider like local, AWS IAM or AWS ACM
func NewCachingProvider ¶
func NewCachingProvider(certUpdateInterval time.Duration, blacklistedArnMap map[string]bool, providers ...CertificatesProvider) (CertificatesProvider, error)
NewCachingProvider collects certificates from multiple providers and keeps them cached in memory. After an initial loading of certificates it will continue to refresh the cache every certUpdateInterval in the background. If the background refresh fails the last known cached values are considered current.
Source Files
Directories