crypto

package
v3.7.1+incompatible Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 15, 2018 License: Apache-2.0 Imports: 25 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	DefaultCertificateLifetimeInDays   = 365 * 2 // 2 years
	DefaultCACertificateLifetimeInDays = 365 * 5 // 5 years

)

Variables

This section is empty.

Functions

func CertsFromPEM 

func CertsFromPEM(pemCerts []byte) ([]*x509.Certificate, error)

func CipherSuite added in v1.5.0 

func CipherSuite(cipherName string) (uint16, error)

func CipherSuitesOrDie added in v1.5.0 

func CipherSuitesOrDie(cipherNames []string) []uint16

func DefaultCiphers added in v1.5.0 

func DefaultCiphers() []uint16

func DefaultTLSVersion added in v1.5.0 

func DefaultTLSVersion() uint16

func IPAddressesDNSNames 

func IPAddressesDNSNames(hosts []string) ([]net.IP, []string)

func NewKeyPair 

func NewKeyPair() (crypto.PublicKey, crypto.PrivateKey, error)

func SecureTLSConfig added in v1.0.7 

func SecureTLSConfig(config *tls.Config) *tls.Config

SecureTLSConfig enforces the default minimum security settings for the cluster.

func TLSVersion added in v1.5.0 

func TLSVersion(versionName string) (uint16, error)

func TLSVersionOrDie added in v1.5.0 

func TLSVersionOrDie(versionName string) uint16

func ValidCipherSuites added in v1.5.0 

func ValidCipherSuites() []string

func ValidTLSVersions added in v1.5.0 

func ValidTLSVersions() []string

Types

type CA 

type CA struct {
	Config *TLSCertificateConfig

	SerialGenerator SerialGenerator
}

func EnsureCA 

func EnsureCA(certFile, keyFile, serialFile, name string, expireDays int) (*CA, bool, error)

EnsureCA returns a CA, whether it was created (as opposed to pre-existing), and any error if serialFile is empty, a RandomSerialGenerator will be used

func GetCA 

func GetCA(certFile, keyFile, serialFile string) (*CA, error)

if serialFile is empty, a RandomSerialGenerator will be used

func MakeCA 

func MakeCA(certFile, keyFile, serialFile, name string, expireDays int) (*CA, error)

if serialFile is empty, a RandomSerialGenerator will be used

func (*CA) EnsureClientCertificate 

func (ca *CA) EnsureClientCertificate(certFile, keyFile string, u user.Info, expireDays int) (*TLSCertificateConfig, bool, error)

func (*CA) EnsureServerCert 

func (ca *CA) EnsureServerCert(certFile, keyFile string, hostnames sets.String, expireDays int) (*TLSCertificateConfig, bool, error)

func (*CA) MakeAndWriteServerCert added in v1.3.0 

func (ca *CA) MakeAndWriteServerCert(certFile, keyFile string, hostnames sets.String, expireDays int) (*TLSCertificateConfig, error)

func (*CA) MakeClientCertificate 

func (ca *CA) MakeClientCertificate(certFile, keyFile string, u user.Info, expireDays int) (*TLSCertificateConfig, error)

func (*CA) MakeServerCert 

func (ca *CA) MakeServerCert(hostnames sets.String, expireDays int, fns ...CertificateExtensionFunc) (*TLSCertificateConfig, error)

type CertificateExtensionFunc added in v1.5.0 

type CertificateExtensionFunc func(*x509.Certificate) error

CertificateExtensionFunc is passed a certificate that it may extend, or return an error if the extension attempt failed.

type RandomSerialGenerator added in v1.1.4 

type RandomSerialGenerator struct {
}

RandomSerialGenerator returns a serial based on time.Now and the subject

func (*RandomSerialGenerator) Next added in v1.1.4 

func (s *RandomSerialGenerator) Next(template *x509.Certificate) (int64, error)

type SerialFileGenerator added in v1.1.4 

type SerialFileGenerator struct {
	SerialFile string

	Serial int64
	// contains filtered or unexported fields
}

SerialFileGenerator returns a unique, monotonically increasing serial number and ensures the CA on disk records that value.

func NewSerialFileGenerator added in v1.1.4 

func NewSerialFileGenerator(serialFile string, createIfNeeded bool) (*SerialFileGenerator, error)

func (*SerialFileGenerator) Next added in v1.1.4 

func (s *SerialFileGenerator) Next(template *x509.Certificate) (int64, error)

Next returns a unique, monotonically increasing serial number and ensures the CA on disk records that value.

type SerialGenerator added in v1.1.4 

type SerialGenerator interface {
	Next(template *x509.Certificate) (int64, error)
}

SerialGenerator is an interface for getting a serial number for the cert. It MUST be thread-safe.

type TLSCARoots 

type TLSCARoots struct {
	Roots []*x509.Certificate
}

func GetTLSCARoots 

func GetTLSCARoots(caFile string) (*TLSCARoots, error)

type TLSCertificateConfig 

type TLSCertificateConfig struct {
	Certs []*x509.Certificate
	Key   crypto.PrivateKey
}

func GetServerCert 

func GetServerCert(certFile, keyFile string, hostnames sets.String) (*TLSCertificateConfig, error)

func GetTLSCertificateConfig 

func GetTLSCertificateConfig(certFile, keyFile string) (*TLSCertificateConfig, error)

func (*TLSCertificateConfig) GetPEMBytes added in v1.3.0 

func (c *TLSCertificateConfig) GetPEMBytes() ([]byte, []byte, error)

Source Files

  • crypto.go

Directories

Path Synopsis
Package extensions defines cryptographic extensions for OpenShift.
 Package extensions defines cryptographic extensions for OpenShift.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.