Documentation
¶
Index ¶
- func CipherSuiteName(id uint16) string
- func CreateCertPool(certFiles ...string) (*x509.CertPool, error)
- func DefaultmTLSClientConfig() *mTLSClientConfig
- func DefaultmTLSConfig() *mTLSConfig
- func ExtractCertificateInfo(certPEM []byte) (map[string]interface{}, error)
- func GenerateSelfSignedCertificate(cn string, validityDays int) error
- func GetDefaultTLSConfig() *tls.Config
- func GetFIPSTLSConfig() *tls.Config
- func NewmTLSClient(cfg *mTLSClientConfig) (*mTLSClient, error)
- func NewmTLSContext(cfg *mTLSConfig) (*mTLSContext, error)
- func ValidateConfig(cfg *tls.Config) error
- func VerifyCertificate(certPEM []byte, caPool *x509.CertPool) error
- type CAConfig
- type CertificateAuthority
- func (ca *CertificateAuthority) CacheSize() int
- func (ca *CertificateAuthority) ClearCache()
- func (ca *CertificateAuthority) GetCACertInfo() (map[string]interface{}, error)
- func (ca *CertificateAuthority) GetCACertificate() []byte
- func (ca *CertificateAuthority) GetCACertificatePEM() []byte
- func (ca *CertificateAuthority) GetCAKeyPEM() []byte
- func (ca *CertificateAuthority) GetCertificate(domain string) (*tls.Certificate, error)
- func (ca *CertificateAuthority) GetConfigForClient() *tls.Config
- type Config
- type FIPSConfig
- type Manager
- func (m *Manager) GetCertificateInfo() (map[string]interface{}, error)
- func (m *Manager) GetCertificatePaths() (certFile, keyFile string)
- func (m *Manager) GetConfig() *TLSConfig
- func (m *Manager) GetTLSConfig() *tls.Config
- func (m *Manager) Initialize() error
- func (m *Manager) IsAutoGenerated() bool
- type Options
- type Server
- type TLSConfig
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func CipherSuiteName ¶
CipherSuiteName returns the name of a cipher suite
func CreateCertPool ¶
CreateCertPool creates a certificate pool from PEM files
func DefaultmTLSClientConfig ¶
func DefaultmTLSClientConfig() *mTLSClientConfig
DefaultmTLSClientConfig returns a default client configuration
func DefaultmTLSConfig ¶
func DefaultmTLSConfig() *mTLSConfig
DefaultmTLSConfig returns a default mTLS configuration
func ExtractCertificateInfo ¶
ExtractCertificateInfo extracts information from a certificate
func GenerateSelfSignedCertificate ¶
GenerateSelfSignedCertificate generates a self-signed certificate
func GetDefaultTLSConfig ¶
GetDefaultTLSConfig returns a secure default TLS configuration
func GetFIPSTLSConfig ¶
GetFIPSTLSConfig returns a FIPS-compliant TLS configuration
func NewmTLSClient ¶
func NewmTLSClient(cfg *mTLSClientConfig) (*mTLSClient, error)
NewmTLSClient creates a new mTLS client for connecting to services
func NewmTLSContext ¶
func NewmTLSContext(cfg *mTLSConfig) (*mTLSContext, error)
NewmTLSContext creates a new mTLS server context for validating client certificates
func ValidateConfig ¶
ValidateConfig validates TLS configuration for FIPS compliance
Types ¶
type CertificateAuthority ¶
type CertificateAuthority struct {
// contains filtered or unexported fields
}
CertificateAuthority manages CA certificate for MITM intercept
func NewCertificateAuthority ¶
func NewCertificateAuthority(cfg *CAConfig) (*CertificateAuthority, error)
NewCertificateAuthority creates a new CA for MITM certificate generation
func (*CertificateAuthority) CacheSize ¶
func (ca *CertificateAuthority) CacheSize() int
CacheSize returns the number of cached certificates
func (*CertificateAuthority) ClearCache ¶
func (ca *CertificateAuthority) ClearCache()
ClearCache clears the certificate cache
func (*CertificateAuthority) GetCACertInfo ¶
func (ca *CertificateAuthority) GetCACertInfo() (map[string]interface{}, error)
GetCACertInfo returns information about the CA certificate
func (*CertificateAuthority) GetCACertificate ¶
func (ca *CertificateAuthority) GetCACertificate() []byte
GetCACertificate returns the CA certificate in DER format
func (*CertificateAuthority) GetCACertificatePEM ¶
func (ca *CertificateAuthority) GetCACertificatePEM() []byte
GetCACertificatePEM returns the CA certificate in PEM format
func (*CertificateAuthority) GetCAKeyPEM ¶
func (ca *CertificateAuthority) GetCAKeyPEM() []byte
GetCAKeyPEM returns the CA key in PEM format (for export)
func (*CertificateAuthority) GetCertificate ¶
func (ca *CertificateAuthority) GetCertificate(domain string) (*tls.Certificate, error)
GetCertificate generates or retrieves a certificate for a domain
func (*CertificateAuthority) GetConfigForClient ¶
func (ca *CertificateAuthority) GetConfigForClient() *tls.Config
GetConfigForClient returns a TLS config that generates certificates on-the-fly
type Config ¶
type Config struct {
CertDir string
CertFile string
KeyFile string
AutoGenerate bool
MinVersion uint16
}
Config contains TLS manager configuration
type FIPSConfig ¶
type FIPSConfig struct {
// Minimum TLS version (default: TLS 1.2)
MinVersion uint16
// Maximum TLS version
MaxVersion uint16
// List of cipher suites to use (nil = use FIPS defaults)
CipherSuites []uint16
// Prefer server cipher suites
PreferServerCipherSuites bool
// Enable FIPS mode
FIPSMode bool
}
FIPSConfig represents FIPS-compliant TLS configuration
func DefaultFIPSTLSConfig ¶
func DefaultFIPSTLSConfig() *FIPSConfig
DefaultFIPSTLSConfig returns a FIPS-compliant TLS configuration
func (*FIPSConfig) ToStandardTLSConfig ¶
func (c *FIPSConfig) ToStandardTLSConfig() *tls.Config
ToStandardTLSConfig converts to standard tls.Config
type Manager ¶
type Manager struct {
// contains filtered or unexported fields
}
Manager handles TLS certificates and configuration
func NewManager ¶
NewManager creates a new TLS certificate manager
func (*Manager) GetCertificateInfo ¶
GetCertificateInfo returns information about the loaded certificate
func (*Manager) GetCertificatePaths ¶
GetCertificatePaths returns the paths to certificate files
func (*Manager) GetTLSConfig ¶
GetTLSConfig returns the TLS configuration
func (*Manager) Initialize ¶
Initialize ensures certificates are available
func (*Manager) IsAutoGenerated ¶
IsAutoGenerated returns true if using auto-generated certificates
Source Files