security

package

v0.10.0 Latest Latest Go to latest Published: Jun 13, 2025 License: MIT Imports: 10 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/armadakv/armada

Links

Open Source Insights

Documentation ¶

Index ¶

func NewCert(certfile, keyfile string, ...) (*tls.Certificate, error)
func NewCertPool(CAFiles []string) (*x509.CertPool, error)
type LoggingListener
- func NewLoggingListener(l net.Listener, log *zap.SugaredLogger) *LoggingListener
- func (l *LoggingListener) Accept() (net.Conn, error)
type TLSInfo
type TrackingListener
- func NewTrackingListener(l net.Listener) *TrackingListener
- func (tl *TrackingListener) Accept() (net.Conn, error)
- func (tl *TrackingListener) Stats() map[net.Addr]uint64

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func NewCert ¶

func NewCert(certfile, keyfile string, parseFunc func([]byte, []byte) (tls.Certificate, error)) (*tls.Certificate, error)

NewCert generates TLS cert by using the given cert,key and parse function.

func NewCertPool ¶

func NewCertPool(CAFiles []string) (*x509.CertPool, error)

NewCertPool creates x509 certPool with provided CA files.

Types ¶

type LoggingListener ¶

type LoggingListener struct {
	net.Listener
	// contains filtered or unexported fields
}

func NewLoggingListener ¶

func NewLoggingListener(l net.Listener, log *zap.SugaredLogger) *LoggingListener

func (*LoggingListener) Accept ¶

func (l *LoggingListener) Accept() (net.Conn, error)

type TLSInfo ¶

type TLSInfo struct {
	// CertFile is the _server_ cert, it will also be used as a _client_ certificate if ClientCertFile is empty
	CertFile string
	// KeyFile is the key for the CertFile
	KeyFile string

	TrustedCAFile      string
	ClientCertAuth     bool
	InsecureSkipVerify bool

	// ServerName ensures the cert matches the given host in case of discovery / virtual hosting.
	ServerName string

	// HandshakeFailure is optionally called when a connection fails to handshake. The
	// connection will be closed immediately afterward.
	HandshakeFailure func(*tls.Conn, error)

	// AllowedCN is a CN which must be provided by a client.
	AllowedCN string

	// AllowedHostname is an IP address or hostname that must match the TLS
	// certificate provided by a client.
	AllowedHostname string

	// Logger logs TLS errors.
	// If nil, all logs are discarded.
	Logger *zap.SugaredLogger

	// EmptyCN indicates that the cert must have empty CN.
	// If true, ClientConfig() will return an error for a cert with non-empty CN.
	EmptyCN bool
	// contains filtered or unexported fields
}

func (TLSInfo) ClientConfig ¶

func (t TLSInfo) ClientConfig() (*tls.Config, error)

ClientConfig generates a tls.Config object for use by an HTTP client.

func (TLSInfo) Empty ¶

func (t TLSInfo) Empty() bool

func (TLSInfo) ServerConfig ¶

func (t TLSInfo) ServerConfig() (*tls.Config, error)

ServerConfig generates a tls.Config object for use by an HTTP server.

func (TLSInfo) String ¶

func (t TLSInfo) String() string

type TrackingListener ¶

type TrackingListener struct {
	net.Listener
	// contains filtered or unexported fields
}

func NewTrackingListener ¶

func NewTrackingListener(l net.Listener) *TrackingListener

func (*TrackingListener) Accept ¶

func (tl *TrackingListener) Accept() (net.Conn, error)

func (*TrackingListener) Stats ¶

func (tl *TrackingListener) Stats() map[net.Addr]uint64

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL