security

package
Version: v0.0.0-...-3979ca8 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: May 5, 2015 License: Apache-2.0 Imports: 15 Imported by: 0

Documentation

Index

Constants

View Source
const (
	// EmbeddedCertsDir is the certs directory inside embedded assets.
	EmbeddedCertsDir = "test_certs"
)

Variables

This section is empty.

Functions

func GenerateCA

func GenerateCA() ([]byte, crypto.PrivateKey, error)

GenerateCA generates a CA certificate and returns the cert bytes as well as the private key used to generate the certificate.

func GenerateNodeCert

func GenerateNodeCert(caCert *x509.Certificate, caKey crypto.PrivateKey, hosts []string) (
	[]byte, crypto.PrivateKey, error)

GenerateNodeCert generates a node certificate and returns the cert bytes as well as the private key used to generate the certificate. The CA cert and private key should be passed in.

func LoadClientTLSConfig

func LoadClientTLSConfig(caPEM []byte) (*tls.Config, error)

LoadClientTLSConfig creates a client TLSConfig from the supplied byte strings containing the certificate of the cluster CA.

func LoadClientTLSConfigFromDir

func LoadClientTLSConfigFromDir(certDir string) (*tls.Config, error)

LoadClientTLSConfigFromDir creates a client TLSConfig by loading the root CA certs from the specified directory. The directory must contain ca.crt.

func LoadInsecureClientTLSConfig

func LoadInsecureClientTLSConfig() *tls.Config

LoadInsecureClientTLSConfig creates a TLSConfig that disables TLS.

func LoadInsecureTLSConfig

func LoadInsecureTLSConfig() *tls.Config

LoadInsecureTLSConfig creates a TLSConfig that disables TLS.

func LoadTLSConfig

func LoadTLSConfig(certPEM, keyPEM, caPEM []byte) (*tls.Config, error)

LoadTLSConfig creates a TLSConfig from the supplied byte strings containing - the certificate of the cluster CA, - the certificate of this node (should be signed by the CA), - the private key of this node.

func LoadTLSConfigFromDir

func LoadTLSConfigFromDir(certDir string) (*tls.Config, error)

LoadTLSConfigFromDir creates a TLSConfig by loading our keys and certs from the specified directory. The directory must contain the following files: - ca.crt -- the certificate of the cluster CA - node.crt -- the certificate of this node; should be signed by the CA - node.key -- the private key of this node If the path is prefixed with "embedded=", load the embedded certs.

func ResetReadFileFn

func ResetReadFileFn()

ResetReadFileFn is the counterpart to SetReadFileFn, restoring the original behaviour for loading certificate related data from disk.

func RunCreateCACert

func RunCreateCACert(certsDir string) error

RunCreateCACert is the entry-point from the command-line interface to generate CA cert and key.

func RunCreateNodeCert

func RunCreateNodeCert(certsDir string, hosts []string) error

RunCreateNodeCert is the entry-point from the command-line interface to generate node cert and key.

func SetReadFileFn

func SetReadFileFn(f func(string) ([]byte, error))

SetReadFileFn allows to switch out ioutil.ReadFile by a mock for testing purposes.

Types

This section is empty.

Directories

Path Synopsis
Package securitytest embeds the TLS test certificates.
Package securitytest embeds the TLS test certificates.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
t or T : Toggle theme light dark auto
y or Y : Canonical URL