kubernetes: k8s.io/kubernetes/cmd/kubeadm/app/util/pkiutil Index | Files

package pkiutil

import "k8s.io/kubernetes/cmd/kubeadm/app/util/pkiutil"


Package Files



const (
    // PrivateKeyBlockType is a possible value for pem.Block.Type.
    PrivateKeyBlockType = "PRIVATE KEY"
    // PublicKeyBlockType is a possible value for pem.Block.Type.
    PublicKeyBlockType = "PUBLIC KEY"
    // CertificateBlockType is a possible value for pem.Block.Type.
    CertificateBlockType = "CERTIFICATE"
    // RSAPrivateKeyBlockType is a possible value for pem.Block.Type.
    RSAPrivateKeyBlockType = "RSA PRIVATE KEY"

func CSROrKeyExist Uses

func CSROrKeyExist(csrDir, name string) bool

CSROrKeyExist returns true if one of the CSR or key exists

func CertOrKeyExist Uses

func CertOrKeyExist(pkiPath, name string) bool

CertOrKeyExist returns a boolean whether the cert or the key exists

func CertificateRequestFromFile Uses

func CertificateRequestFromFile(file string) (*x509.CertificateRequest, error)

CertificateRequestFromFile returns the CertificateRequest from a given PEM-encoded file. Returns an error if the file could not be read or if the CSR could not be parsed.

func EncodeCSRPEM Uses

func EncodeCSRPEM(csr *x509.CertificateRequest) []byte

EncodeCSRPEM returns PEM-encoded CSR data

func EncodeCertPEM Uses

func EncodeCertPEM(cert *x509.Certificate) []byte

EncodeCertPEM returns PEM-endcoded certificate data

func EncodePublicKeyPEM Uses

func EncodePublicKeyPEM(key crypto.PublicKey) ([]byte, error)

EncodePublicKeyPEM returns PEM-encoded public data

func GetAPIServerAltNames Uses

func GetAPIServerAltNames(cfg *kubeadmapi.InitConfiguration) (*certutil.AltNames, error)

GetAPIServerAltNames builds an AltNames object for to be used when generating apiserver certificate

func GetEtcdAltNames Uses

func GetEtcdAltNames(cfg *kubeadmapi.InitConfiguration) (*certutil.AltNames, error)

GetEtcdAltNames builds an AltNames object for generating the etcd server certificate. `advertise address` and localhost are included in the SAN since this is the interfaces the etcd static pod listens on. The user can override the listen address with `Etcd.ExtraArgs` and add SANs with `Etcd.ServerCertSANs`.

func GetEtcdPeerAltNames Uses

func GetEtcdPeerAltNames(cfg *kubeadmapi.InitConfiguration) (*certutil.AltNames, error)

GetEtcdPeerAltNames builds an AltNames object for generating the etcd peer certificate. Hostname and `API.AdvertiseAddress` are included if the user chooses to promote the single node etcd cluster into a multi-node one (stacked etcd). The user can override the listen address with `Etcd.ExtraArgs` and add SANs with `Etcd.PeerCertSANs`.

func HasServerAuth Uses

func HasServerAuth(cert *x509.Certificate) bool

HasServerAuth returns true if the given certificate is a ServerAuth

func NewCSR Uses

func NewCSR(cfg certutil.Config, key crypto.Signer) (*x509.CertificateRequest, error)

NewCSR creates a new CSR

func NewCSRAndKey Uses

func NewCSRAndKey(config *certutil.Config) (*x509.CertificateRequest, crypto.Signer, error)

NewCSRAndKey generates a new key and CSR and that could be signed to create the given certificate

func NewCertAndKey Uses

func NewCertAndKey(caCert *x509.Certificate, caKey crypto.Signer, config *certutil.Config) (*x509.Certificate, crypto.Signer, error)

NewCertAndKey creates new certificate and key by passing the certificate authority certificate and key

func NewCertificateAuthority Uses

func NewCertificateAuthority(config *certutil.Config) (*x509.Certificate, crypto.Signer, error)

NewCertificateAuthority creates new certificate and private key for the certificate authority

func NewPrivateKey Uses

func NewPrivateKey() (crypto.Signer, error)

NewPrivateKey creates an RSA private key

func NewSignedCert Uses

func NewSignedCert(cfg *certutil.Config, key crypto.Signer, caCert *x509.Certificate, caKey crypto.Signer) (*x509.Certificate, error)

NewSignedCert creates a signed certificate using the given CA certificate and key

func PathsForCertAndKey Uses

func PathsForCertAndKey(pkiPath, name string) (string, string)

PathsForCertAndKey returns the paths for the certificate and key given the path and basename.

func TryLoadCSRAndKeyFromDisk Uses

func TryLoadCSRAndKeyFromDisk(pkiPath, name string) (*x509.CertificateRequest, crypto.Signer, error)

TryLoadCSRAndKeyFromDisk tries to load the CSR and key from the disk

func TryLoadCertAndKeyFromDisk Uses

func TryLoadCertAndKeyFromDisk(pkiPath, name string) (*x509.Certificate, crypto.Signer, error)

TryLoadCertAndKeyFromDisk tries to load a cert and a key from the disk and validates that they are valid

func TryLoadCertFromDisk Uses

func TryLoadCertFromDisk(pkiPath, name string) (*x509.Certificate, error)

TryLoadCertFromDisk tries to load the cert from the disk and validates that it is valid

func TryLoadKeyFromDisk Uses

func TryLoadKeyFromDisk(pkiPath, name string) (crypto.Signer, error)

TryLoadKeyFromDisk tries to load the key from the disk and validates that it is valid

func TryLoadPrivatePublicKeyFromDisk Uses

func TryLoadPrivatePublicKeyFromDisk(pkiPath, name string) (*rsa.PrivateKey, *rsa.PublicKey, error)

TryLoadPrivatePublicKeyFromDisk tries to load the key from the disk and validates that it is valid

func WriteCSR Uses

func WriteCSR(csrDir, name string, csr *x509.CertificateRequest) error

WriteCSR writes the pem-encoded CSR data to csrPath. The CSR file will be created with file mode 0600. If the CSR file already exists, it will be overwritten. The parent directory of the csrPath will be created as needed with file mode 0700.

func WriteCert Uses

func WriteCert(pkiPath, name string, cert *x509.Certificate) error

WriteCert stores the given certificate at the given location

func WriteCertAndKey Uses

func WriteCertAndKey(pkiPath string, name string, cert *x509.Certificate, key crypto.Signer) error

WriteCertAndKey stores certificate and key at the specified location

func WriteKey Uses

func WriteKey(pkiPath, name string, key crypto.Signer) error

WriteKey stores the given key at the given location

func WritePublicKey Uses

func WritePublicKey(pkiPath, name string, key crypto.PublicKey) error

WritePublicKey stores the given public key at the given location

Package pkiutil imports 23 packages (graph) and is imported by 30 packages. Updated 2019-10-14. Refresh now. Tools for package owners.