Documentation
¶
Index ¶
- Constants
- func GenCA() (*x509.Certificate, crypto.Signer, error)
- func IsStatic(secret *v1.Secret) bool
- func LoadCA(caPem, caKey []byte) (*x509.Certificate, crypto.Signer, error)
- func LoadCerts(certFile, keyFile string) (*x509.Certificate, crypto.Signer, error)
- func LoadOrGenCA() (*x509.Certificate, crypto.Signer, error)
- func Marshal(x509Cert *x509.Certificate, privateKey crypto.Signer) ([]byte, []byte, error)
- func NeedsUpdate(maxSANs int, secret *v1.Secret, cn ...string) bool
- func NewPrivateKey() (crypto.Signer, error)
- func NewSelfSignedCACert(key crypto.Signer, cn string, org ...string) (*x509.Certificate, error)
- func NewSignedCert(signer crypto.Signer, caCert *x509.Certificate, caKey crypto.Signer, cn string, ...) (*x509.Certificate, error)
- func NewSignedClientCert(signer crypto.Signer, caCert *x509.Certificate, caKey crypto.Signer, cn string) (*x509.Certificate, error)
- func ParseCertPEM(pemCerts []byte) (*x509.Certificate, error)
- type TLS
- func (t *TLS) AddCN(secret *v1.Secret, cn ...string) (*v1.Secret, bool, error)
- func (t *TLS) Filter(cn ...string) []string
- func (t *TLS) Merge(target, additional *v1.Secret) (*v1.Secret, bool, error)
- func (t *TLS) Regenerate(secret *v1.Secret) (*v1.Secret, error)
- func (t *TLS) Renew(secret *v1.Secret) (*v1.Secret, error)
Constants ¶
const (
CertificateBlockType = "CERTIFICATE"
)
const (
Static = "listener.cattle.io/static"
)
Variables ¶
This section is empty.
Functions ¶
func IsStatic ¶
IsStatic returns true if the Secret has an attribute indicating that it contains a static (aka user-provided) certificate, which should not be modified.
func LoadOrGenCA ¶
func LoadOrGenCA() (*x509.Certificate, crypto.Signer, error)
func NeedsUpdate ¶
NeedsUpdate returns true if any of the CNs are not currently present on the secret's Certificate, as recorded in the cnPrefix annotations. It will return false if all requested CNs are already present, or if maxSANs is non-zero and has been exceeded.
func NewPrivateKey ¶
NewPrivateKey returnes a new ECDSA key
func NewSelfSignedCACert ¶
func NewSignedCert ¶
func NewSignedClientCert ¶
func NewSignedClientCert(signer crypto.Signer, caCert *x509.Certificate, caKey crypto.Signer, cn string) (*x509.Certificate, error)
func ParseCertPEM ¶
func ParseCertPEM(pemCerts []byte) (*x509.Certificate, error)
Types ¶
type TLS ¶
type TLS struct {
CACert *x509.Certificate
CAKey crypto.Signer
CN string
Organization []string
FilterCN func(...string) []string
}
func (*TLS) AddCN ¶
AddCN attempts to add a list of CN strings to a given Secret, returning the potentially-modified Secret along with a bool indicating whether or not it has been updated. The Secret will not be changed if it has an attribute indicating that it is static (aka user-provided), or if no new CNs were added.
func (*TLS) Filter ¶
Filter ensures that the CNs are all valid accorting to both internal logic, and any filter callbacks. The returned list will contain only approved CN entries.
func (*TLS) Merge ¶
Merge combines the SAN lists from the target and additional Secrets, and returns a potentially modified Secret, along with a bool indicating if the returned Secret has been updated or not. If the two SAN lists alread matched and no merging was necessary, but the Secrets' certificate fingerprints differed, the second secret is returned and the updated bool is set to true despite neither certificate having actually been modified. This is required to support handling certificate renewal within the kubernetes storage provider.
Source Files