security

package

v0.0.0-...-66bada1 Latest Latest Go to latest Published: Jun 14, 2015 License: Apache-2.0 Imports: 19 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/likegogogo/cockroach

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
func GenerateCA(keySize int) ([]byte, crypto.PrivateKey, error)
func GenerateClientCert(caCert *x509.Certificate, caKey crypto.PrivateKey, keySize int, name string) ([]byte, crypto.PrivateKey, error)
func GenerateNodeCert(caCert *x509.Certificate, caKey crypto.PrivateKey, keySize int, hosts []string) ([]byte, crypto.PrivateKey, error)
func LoadClientTLSConfig(certPEM, keyPEM, caPEM []byte) (*tls.Config, error)
func LoadClientTLSConfigFromDir(certDir string) (*tls.Config, error)
func LoadInsecureClientTLSConfig() *tls.Config
func LoadInsecureTLSConfig() *tls.Config
func LoadTLSConfig(certPEM, keyPEM, caPEM []byte) (*tls.Config, error)
func LoadTLSConfigFromDir(certDir string) (*tls.Config, error)
func LogRequestCertificates(r *http.Request)
func ResetReadFileFn()
func RunCreateCACert(certsDir string, keySize int) error
func RunCreateClientCert(certsDir string, keySize int, username string) error
func RunCreateNodeCert(certsDir string, keySize int, hosts []string) error
func SetReadFileFn(f func(string) ([]byte, error))

Constants ¶

View Source

const (
	// EmbeddedCertsDir is the certs directory inside embedded assets.
	EmbeddedCertsDir = "test_certs"
)

Variables ¶

This section is empty.

Functions ¶

func GenerateCA ¶

func GenerateCA(keySize int) ([]byte, crypto.PrivateKey, error)

GenerateCA generates a CA certificate and returns the cert bytes as well as the private key used to generate the certificate.

func GenerateClientCert ¶

func GenerateClientCert(caCert *x509.Certificate, caKey crypto.PrivateKey, keySize int, name string) (
	[]byte, crypto.PrivateKey, error)

GenerateClientCert generates a client certificate and returns the cert bytes as well as the private key used to generate the certificate. The CA cert and private key should be passed in. 'user' is the unique username stored in the Subject.CommonName field.

func GenerateNodeCert ¶

func GenerateNodeCert(caCert *x509.Certificate, caKey crypto.PrivateKey, keySize int, hosts []string) (
	[]byte, crypto.PrivateKey, error)

GenerateNodeCert generates a node certificate and returns the cert bytes as well as the private key used to generate the certificate. The CA cert and private key should be passed in.

func LoadClientTLSConfig ¶

func LoadClientTLSConfig(certPEM, keyPEM, caPEM []byte) (*tls.Config, error)

LoadClientTLSConfig creates a client TLSConfig from the supplied byte strings containing: - the certificate of this client (should be signed by the CA), - the private key of this client. - the certificate of the cluster CA,

func LoadClientTLSConfigFromDir ¶

func LoadClientTLSConfigFromDir(certDir string) (*tls.Config, error)

LoadClientTLSConfigFromDir creates a client TLSConfig by loading the root CA certs from the specified directory. The directory must contain the following files: - ca.crt -- the certificate of the cluster CA - node.crt -- the certificate of this node; should be signed by the CA - node.key -- the private key of this node If the path is prefixed with "embedded=", load the embedded certs.

func LoadInsecureClientTLSConfig ¶

func LoadInsecureClientTLSConfig() *tls.Config

LoadInsecureClientTLSConfig creates a TLSConfig that disables TLS.

func LoadInsecureTLSConfig ¶

func LoadInsecureTLSConfig() *tls.Config

LoadInsecureTLSConfig creates a TLSConfig that disables TLS.

func LoadTLSConfig ¶

func LoadTLSConfig(certPEM, keyPEM, caPEM []byte) (*tls.Config, error)

LoadTLSConfig creates a TLSConfig from the supplied byte strings containing - the certificate of this node (should be signed by the CA), - the private key of this node. - the certificate of the cluster CA,

func LoadTLSConfigFromDir ¶

func LoadTLSConfigFromDir(certDir string) (*tls.Config, error)

LoadTLSConfigFromDir creates a TLSConfig by loading our keys and certs from the specified directory. The directory must contain the following files: - ca.crt -- the certificate of the cluster CA - node.crt -- the certificate of this node; should be signed by the CA - node.key -- the private key of this node If the path is prefixed with "embedded=", load the embedded certs.

func LogRequestCertificates ¶

func LogRequestCertificates(r *http.Request)

LogRequestCertificates examines a http request and logs a summary of the TLS config.

func ResetReadFileFn ¶

func ResetReadFileFn()

ResetReadFileFn is the counterpart to SetReadFileFn, restoring the original behaviour for loading certificate related data from disk.

func RunCreateCACert ¶

func RunCreateCACert(certsDir string, keySize int) error

RunCreateCACert is the entry-point from the command-line interface to generate CA cert and key.

func RunCreateClientCert ¶

func RunCreateClientCert(certsDir string, keySize int, username string) error

RunCreateClientCert is the entry-point from the command-line interface to generate a client cert and key.

func RunCreateNodeCert ¶

func RunCreateNodeCert(certsDir string, keySize int, hosts []string) error

RunCreateNodeCert is the entry-point from the command-line interface to generate node cert and key.

func SetReadFileFn ¶

func SetReadFileFn(f func(string) ([]byte, error))

SetReadFileFn allows to switch out ioutil.ReadFile by a mock for testing purposes.

Types ¶

This section is empty.

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
securitytest Package securitytest embeds the TLS test certificates.	Package securitytest embeds the TLS test certificates.

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL