Documentation ¶
Overview ¶
Package simple provides a simple self-contained TLS Store
Index ¶
- Variables
- func FindInMap(name string, m map[string]*list.List, once bool) []*tls.Certificate
- func FindSupportedInMap(chi *tls.ClientHelloInfo, name string, m map[string]*list.List) *tls.Certificate
- func PairMatch(cert *x509.Certificate, pk x509utils.PrivateKey) bool
- func PrivateKeyEqual(a, b x509utils.PrivateKey) bool
- type Config
- type ErrInvalidCert
- type Getter
- type Store
- func (s *Store) AddCACert(cert *x509.Certificate) error
- func (s *Store) AddCert(name string, cert *x509.Certificate) error
- func (s *Store) AddKey(pk x509utils.PrivateKey) error
- func (s *Store) Delete(_ context.Context, name string) error
- func (s *Store) DeleteCert(_ context.Context, cert *x509.Certificate) error
- func (s *Store) ForEach(ctx context.Context, f x509utils.StoreIterFunc) error
- func (s *Store) Get(_ context.Context, name string) (*x509.Certificate, error)
- func (s *Store) GetCAPool() *x509.CertPool
- func (s *Store) GetCertificate(chi *tls.ClientHelloInfo) (*tls.Certificate, error)
- func (s *Store) GetCertificateWithCallback(chi *tls.ClientHelloInfo, getter Getter) (*tls.Certificate, error)
- func (s *Store) HasKey(pk crypto.PrivateKey) bool
- func (s *Store) HasPublicKey(pub crypto.PublicKey) bool
- func (s *Store) Keys() []x509utils.PrivateKey
- func (s *Store) Put(_ context.Context, name string, cert *x509.Certificate) error
- func (s *Store) SetLogger(logger slog.Logger)
Constants ¶
This section is empty.
Variables ¶
var ( // ErrNotImplemented is returned when something hasn't been implemented yet ErrNotImplemented = errors.New("not implemented") )
Functions ¶
func FindSupportedInMap ¶
func FindSupportedInMap(chi *tls.ClientHelloInfo, name string, m map[string]*list.List) *tls.Certificate
FindSupportedInMap attempts to find a matching supported tls.Certificate on a MapList
func PairMatch ¶ added in v0.5.4
func PairMatch(cert *x509.Certificate, pk x509utils.PrivateKey) bool
PairMatch tells if the public key of a PrivateKey is the same as included in a *x509.Certificate
func PrivateKeyEqual ¶ added in v0.5.4
func PrivateKeyEqual(a, b x509utils.PrivateKey) bool
PrivateKeyEqual tells if two private keys are the same
Types ¶
type Config ¶
type Config struct { Base x509utils.CertPooler Logger slog.Logger }
Config is a custom factory for the Store allowing the usage of a Logger and a roots base different that what the system provides
type ErrInvalidCert ¶ added in v0.5.6
ErrInvalidCert indicates the certificate can't be used
func (ErrInvalidCert) Error ¶ added in v0.5.6
func (err ErrInvalidCert) Error() string
func (ErrInvalidCert) Unwrap ¶ added in v0.5.6
func (err ErrInvalidCert) Unwrap() error
type Getter ¶
type Getter func(ctx context.Context, key x509utils.PrivateKey, name string) (*tls.Certificate, error)
A Getter is a helper to get a certificate for a name
type Store ¶
type Store struct {
// contains filtered or unexported fields
}
Store is a darvaza TLS Store that doesn't talk to anyone external service nor monitors for new files
func NewFromBuffer ¶
func NewFromBuffer(pb *certpool.PoolBuffer, base x509utils.CertPooler) (*Store, error)
NewFromBuffer creates a Store from a given PoolBuffer
func (*Store) AddCACert ¶ added in v0.5.6
func (s *Store) AddCACert(cert *x509.Certificate) error
AddCACert adds a CA Certificate to the Store
func (*Store) AddCert ¶ added in v0.5.6
func (s *Store) AddCert(name string, cert *x509.Certificate) error
AddCert adds a Certificate to be paired with a key and bundled
func (*Store) AddKey ¶ added in v0.5.6
func (s *Store) AddKey(pk x509utils.PrivateKey) error
AddKey adds a private key to the store after attempting to validate it.
func (*Store) DeleteCert ¶
DeleteCert removes a certificate from the store
func (*Store) GetCertificate ¶
func (s *Store) GetCertificate(chi *tls.ClientHelloInfo) (*tls.Certificate, error)
GetCertificate returns the TLS Certificate that should be used for a given TLS request
func (*Store) GetCertificateWithCallback ¶
func (s *Store) GetCertificateWithCallback(chi *tls.ClientHelloInfo, getter Getter) (*tls.Certificate, error)
GetCertificateWithCallback returns the TLS Certificate that should be used for a given TLS request. If one isn't available it call use a callback to acquire one
func (*Store) HasKey ¶ added in v0.5.6
func (s *Store) HasKey(pk crypto.PrivateKey) bool
HasKey checks if the store contains the specified PrivateKey.
func (*Store) HasPublicKey ¶ added in v0.5.6
HasPublicKey checks if the store contains a PrivateKey matching the given PublicKey.
func (*Store) Keys ¶ added in v0.5.6
func (s *Store) Keys() []x509utils.PrivateKey
Keys returns a copy of the slice containing the stored private keys.