crypto

package
v3.9.0-alpha.4 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 28, 2018 License: Apache-2.0 Imports: 25 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	DefaultCertificateLifetimeInDays   = 365 * 2 // 2 years
	DefaultCACertificateLifetimeInDays = 365 * 5 // 5 years

)

Variables

This section is empty.

Functions

func CertsFromPEM 

func CertsFromPEM(pemCerts []byte) ([]*x509.Certificate, error)

func CipherSuite 

func CipherSuite(cipherName string) (uint16, error)

func CipherSuiteToNameOrDie 

func CipherSuiteToNameOrDie(intVal uint16) string

CipherSuiteToNameOrDie given a cipher suite as an int, return its readable name

func CipherSuitesOrDie 

func CipherSuitesOrDie(cipherNames []string) []uint16

func CipherSuitesToNamesOrDie 

func CipherSuitesToNamesOrDie(intVals []uint16) []string

CipherSuitesToNamesOrDie given a list of cipher suites as ints, return their readable names

func DefaultCiphers 

func DefaultCiphers() []uint16

func DefaultTLSVersion 

func DefaultTLSVersion() uint16

func IPAddressesDNSNames 

func IPAddressesDNSNames(hosts []string) ([]net.IP, []string)

func NewKeyPair 

func NewKeyPair() (crypto.PublicKey, crypto.PrivateKey, error)

func SecureTLSConfig 

func SecureTLSConfig(config *tls.Config) *tls.Config

SecureTLSConfig enforces the default minimum security settings for the cluster.

func TLSVersion 

func TLSVersion(versionName string) (uint16, error)

func TLSVersionOrDie 

func TLSVersionOrDie(versionName string) uint16

func TLSVersionToNameOrDie 

func TLSVersionToNameOrDie(intVal uint16) string

TLSVersionToNameOrDie given a tls version as an int, return its readable name

func ValidCipherSuites 

func ValidCipherSuites() []string

func ValidTLSVersions 

func ValidTLSVersions() []string

Types

type CA 

type CA struct {
	Config *TLSCertificateConfig

	SerialGenerator SerialGenerator
}

func EnsureCA 

func EnsureCA(certFile, keyFile, serialFile, name string, expireDays int) (*CA, bool, error)

EnsureCA returns a CA, whether it was created (as opposed to pre-existing), and any error if serialFile is empty, a RandomSerialGenerator will be used

func GetCA 

func GetCA(certFile, keyFile, serialFile string) (*CA, error)

if serialFile is empty, a RandomSerialGenerator will be used

func MakeCA 

func MakeCA(certFile, keyFile, serialFile, name string, expireDays int) (*CA, error)

if serialFile is empty, a RandomSerialGenerator will be used

func (*CA) EnsureClientCertificate 

func (ca *CA) EnsureClientCertificate(certFile, keyFile string, u user.Info, expireDays int) (*TLSCertificateConfig, bool, error)

func (*CA) EnsureServerCert 

func (ca *CA) EnsureServerCert(certFile, keyFile string, hostnames sets.String, expireDays int) (*TLSCertificateConfig, bool, error)

func (*CA) MakeAndWriteServerCert 

func (ca *CA) MakeAndWriteServerCert(certFile, keyFile string, hostnames sets.String, expireDays int) (*TLSCertificateConfig, error)

func (*CA) MakeClientCertificate 

func (ca *CA) MakeClientCertificate(certFile, keyFile string, u user.Info, expireDays int) (*TLSCertificateConfig, error)

func (*CA) MakeServerCert 

func (ca *CA) MakeServerCert(hostnames sets.String, expireDays int, fns ...CertificateExtensionFunc) (*TLSCertificateConfig, error)

type CertificateExtensionFunc 

type CertificateExtensionFunc func(*x509.Certificate) error

CertificateExtensionFunc is passed a certificate that it may extend, or return an error if the extension attempt failed.

type RandomSerialGenerator 

type RandomSerialGenerator struct {
}

RandomSerialGenerator returns a serial based on time.Now and the subject

func (*RandomSerialGenerator) Next 

func (s *RandomSerialGenerator) Next(template *x509.Certificate) (int64, error)

type SerialFileGenerator 

type SerialFileGenerator struct {
	SerialFile string

	Serial int64
	// contains filtered or unexported fields
}

SerialFileGenerator returns a unique, monotonically increasing serial number and ensures the CA on disk records that value.

func NewSerialFileGenerator 

func NewSerialFileGenerator(serialFile string, createIfNeeded bool) (*SerialFileGenerator, error)

func (*SerialFileGenerator) Next 

func (s *SerialFileGenerator) Next(template *x509.Certificate) (int64, error)

Next returns a unique, monotonically increasing serial number and ensures the CA on disk records that value.

type SerialGenerator 

type SerialGenerator interface {
	Next(template *x509.Certificate) (int64, error)
}

SerialGenerator is an interface for getting a serial number for the cert. It MUST be thread-safe.

type TLSCARoots 

type TLSCARoots struct {
	Roots []*x509.Certificate
}

func GetTLSCARoots 

func GetTLSCARoots(caFile string) (*TLSCARoots, error)

type TLSCertificateConfig 

type TLSCertificateConfig struct {
	Certs []*x509.Certificate
	Key   crypto.PrivateKey
}

func GetServerCert 

func GetServerCert(certFile, keyFile string, hostnames sets.String) (*TLSCertificateConfig, error)

func GetTLSCertificateConfig 

func GetTLSCertificateConfig(certFile, keyFile string) (*TLSCertificateConfig, error)

func (*TLSCertificateConfig) GetPEMBytes 

func (c *TLSCertificateConfig) GetPEMBytes() ([]byte, []byte, error)

Source Files

View all Source files

Directories

Path Synopsis
Package extensions defines cryptographic extensions for OpenShift.
 Package extensions defines cryptographic extensions for OpenShift.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.