crypto

package
v1.5.0-alpha.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Dec 29, 2016 License: Apache-2.0 Imports: 25 Imported by: 0

Documentation

Index

Constants

View Source
const (
	DefaultCertificateLifetimeInDays   = 365 * 2 // 2 years
	DefaultCACertificateLifetimeInDays = 365 * 5 // 5 years

)

Variables

This section is empty.

Functions

func CertsFromPEM

func CertsFromPEM(pemCerts []byte) ([]*x509.Certificate, error)

func IPAddressesDNSNames

func IPAddressesDNSNames(hosts []string) ([]net.IP, []string)

func NewKeyPair

func NewKeyPair() (crypto.PublicKey, crypto.PrivateKey, error)

func SecureTLSConfig added in v1.0.7

func SecureTLSConfig(config *tls.Config) *tls.Config

SecureTLSConfig enforces the default minimum security settings for the cluster. TODO: allow override

Types

type CA

type CA struct {
	Config *TLSCertificateConfig

	SerialGenerator SerialGenerator
}

func EnsureCA

func EnsureCA(certFile, keyFile, serialFile, name string, expireDays int) (*CA, bool, error)

EnsureCA returns a CA, whether it was created (as opposed to pre-existing), and any error if serialFile is empty, a RandomSerialGenerator will be used

func GetCA

func GetCA(certFile, keyFile, serialFile string) (*CA, error)

if serialFile is empty, a RandomSerialGenerator will be used

func MakeCA

func MakeCA(certFile, keyFile, serialFile, name string, expireDays int) (*CA, error)

if serialFile is empty, a RandomSerialGenerator will be used

func (*CA) EnsureClientCertificate

func (ca *CA) EnsureClientCertificate(certFile, keyFile string, u user.Info, expireDays int) (*TLSCertificateConfig, bool, error)

func (*CA) EnsureServerCert

func (ca *CA) EnsureServerCert(certFile, keyFile string, hostnames sets.String, expireDays int) (*TLSCertificateConfig, bool, error)

func (*CA) MakeAndWriteServerCert added in v1.3.0

func (ca *CA) MakeAndWriteServerCert(certFile, keyFile string, hostnames sets.String, expireDays int) (*TLSCertificateConfig, error)

func (*CA) MakeClientCertificate

func (ca *CA) MakeClientCertificate(certFile, keyFile string, u user.Info, expireDays int) (*TLSCertificateConfig, error)

func (*CA) MakeServerCert

func (ca *CA) MakeServerCert(hostnames sets.String, expireDays int) (*TLSCertificateConfig, error)

type RandomSerialGenerator added in v1.1.4

type RandomSerialGenerator struct {
}

RandomSerialGenerator returns a serial based on time.Now and the subject

func (*RandomSerialGenerator) Next added in v1.1.4

func (s *RandomSerialGenerator) Next(template *x509.Certificate) (int64, error)

type SerialFileGenerator added in v1.1.4

type SerialFileGenerator struct {
	SerialFile string

	Serial int64
	// contains filtered or unexported fields
}

SerialFileGenerator returns a unique, monotonically increasing serial number and ensures the CA on disk records that value.

func NewSerialFileGenerator added in v1.1.4

func NewSerialFileGenerator(serialFile string, createIfNeeded bool) (*SerialFileGenerator, error)

func (*SerialFileGenerator) Next added in v1.1.4

func (s *SerialFileGenerator) Next(template *x509.Certificate) (int64, error)

Next returns a unique, monotonically increasing serial number and ensures the CA on disk records that value.

type SerialGenerator added in v1.1.4

type SerialGenerator interface {
	Next(template *x509.Certificate) (int64, error)
}

SerialGenerator is an interface for getting a serial number for the cert. It MUST be thread-safe.

type TLSCARoots

type TLSCARoots struct {
	Roots []*x509.Certificate
}

func GetTLSCARoots

func GetTLSCARoots(caFile string) (*TLSCARoots, error)

type TLSCertificateConfig

type TLSCertificateConfig struct {
	Certs []*x509.Certificate
	Key   crypto.PrivateKey
}

func GetServerCert

func GetServerCert(certFile, keyFile string, hostnames sets.String) (*TLSCertificateConfig, error)

func GetTLSCertificateConfig

func GetTLSCertificateConfig(certFile, keyFile string) (*TLSCertificateConfig, error)

func (*TLSCertificateConfig) GetPEMBytes added in v1.3.0

func (c *TLSCertificateConfig) GetPEMBytes() ([]byte, []byte, error)

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL