Documentation
¶
Overview ¶
Package http holds the HTTP servers to send/receive Agent messages
Index ¶
- Constants
- func CheckInsecureFingerprint(certificate tls.Certificate) (bool, error)
- func GenerateTLSCert(serial *big.Int, subject *pkix.Name, dnsNames []string, ...) (*tls.Certificate, error)
- func GetDefaultOptions(protocol int) map[string]string
- func GetTLSCertificates(certificate string, key string) (*tls.Certificate, error)
- func State(state int) string
- func ValidateJWT(agentJWT string, leeway time.Duration, key []byte) (agentID uuid.UUID, err error)
- type Handler
- type Repository
- type Server
- func (s *Server) Addr() string
- func (s *Server) ConfiguredOptions() map[string]string
- func (s *Server) Handler() *Handler
- func (s *Server) ID() uuid.UUID
- func (s *Server) Interface() string
- func (s *Server) Listen() (err error)
- func (s *Server) Port() int
- func (s *Server) Protocol() int
- func (s *Server) ProtocolString() string
- func (s *Server) SetOption(option string, value string) error
- func (s *Server) Start()
- func (s *Server) Status() string
- func (s *Server) Stop() (err error)
- func (s *Server) String() string
- type Template
Constants ¶
const ( // Stopped is the server's state when it has not ever been started Stopped int = 0 // Running means the server is actively accepting connections and serving content Running int = 1 // Error is used when there was an error operating the server Error int = 2 // Closed is used when the server was running but has been stopped; it can't be reused again Closed int = 3 )
Server states
Variables ¶
This section is empty.
Functions ¶
func CheckInsecureFingerprint ¶
func CheckInsecureFingerprint(certificate tls.Certificate) (bool, error)
CheckInsecureFingerprint calculates the SHA256 hash of the passed in certificate and determines if it matches the publicly distributed key pair from the Merlin repository. Anyone could decrypt the TLS traffic
func GenerateTLSCert ¶
func GenerateTLSCert(serial *big.Int, subject *pkix.Name, dnsNames []string, notBefore, notAfter *time.Time, privKey crypto.PrivateKey, makeRsa bool) (*tls.Certificate, error)
GenerateTLSCert will generate a new certificate. Nil values in the parameters are replaced with random or blank values. If makeRsa is set to true, the key generated is an RSA key (EC by default). If a nil date is passed in for notBefore and notAfter, a random date is picked in the last year. If a nil date is passed in for notAfter, the date is set to be 2 years after the date provided (or generated) in the notBefore parameter. Please ensure privkey is a proper private key. The go implementation of this value is challenging, so no type assertion can be made in the function definition.
func GetDefaultOptions ¶
GetDefaultOptions returns a map of configurable server options typically used when creating a listener
func GetTLSCertificates ¶
func GetTLSCertificates(certificate string, key string) (*tls.Certificate, error)
GetTLSCertificates parses PEM encoded input x.509 certificate and key file paths as a string and returns a tls object
Types ¶
type Handler ¶
type Handler struct {
// contains filtered or unexported fields
}
Handler contains contextual information and methods to process HTTP traffic for Agents
type Repository ¶
type Repository interface {
Add(server Server) error
Remove(id uuid.UUID)
Server(id uuid.UUID) (Server, error)
Servers() []Server
SetOption(id uuid.UUID, option, value string) error
Update(server Server) error
}
Repository is an interface to store and manage HTTP servers
type Server ¶
type Server struct {
// contains filtered or unexported fields
}
Server is a structure for an HTTP server that implements the Server interface
func (*Server) ConfiguredOptions ¶
ConfiguredOptions returns the server's current configuration for options that can be set by the user
func (*Server) Handler ¶
Handler returns the Server's current context information such as encryption keys
func (*Server) Listen ¶
Listen creates a TCP network listener on the server's network interface and port
func (*Server) Protocol ¶
Protocol returns the server's protocol as an integer for a constant in the servers package
func (*Server) ProtocolString ¶
ProtocolString function returns the server's protocol
func (*Server) Start ¶
func (s *Server) Start()
Start function starts the HTTP server and listens for incoming connections This function does not return unless there is an error and should be called as Go routine
type Template ¶
type Template struct {
Interface string
Port string
Protocol string
X509Key string // The x.509 private key used for TLS encryption
X509Cert string // The x.509 public key used for TLS encryption
URLS string // A comma separated list of URL that handle incoming web traffic
PSK string // The pre-shared key password used prior to Password Authenticated Key Exchange (PAKE)
JWTKey string // 32-byte Base64 encoded key used to sign/encrypt JWTs
JWTLeeway string // The amount of flexibility allowed in the JWT expiration time. Less than 0 disables checking JWT expiration
}
Template is a structure used to collect the information needed to create an instance with the New() function
Source Files
Directories