tls

package

v1.0.13 Latest Latest Go to latest Published: Jan 26, 2026 License: Apache-2.0 Imports: 13 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/docker/model-runner

Links

Open Source Insights

Documentation ¶

Overview ¶

Package tls provides TLS certificate generation and management utilities for the Model Runner API server.

Index ¶

Constants
func EnsureCertificates(certPath, keyPath string) (cert, key string, err error)
func GenerateCertificates(paths *CertPaths) error
func GenerateSelfSignedCA() (*ecdsa.PrivateKey, *x509.Certificate, error)
func GenerateServerCert(caKey *ecdsa.PrivateKey, caCert *x509.Certificate) (*ecdsa.PrivateKey, *x509.Certificate, error)
func GetCACertPath(customPath string) (string, error)
func LoadClientTLSConfig(caCertPath string, skipVerify bool) (*tls.Config, error)
func LoadTLSConfig(certPath, keyPath string) (*tls.Config, error)
type CertPaths
- func DefaultCertPaths() (*CertPaths, error)

Constants ¶

View Source

const (
	// DefaultCertsDir is the default directory for storing certificates.
	DefaultCertsDir = ".docker/model-runner/certs"

	// CACertFile is the filename for the CA certificate.
	CACertFile = "ca.crt"
	// CAKeyFile is the filename for the CA private key.
	CAKeyFile = "ca.key"
	// ServerCertFile is the filename for the server certificate.
	ServerCertFile = "server.crt"
	// ServerKeyFile is the filename for the server private key.
	ServerKeyFile = "server.key"

	// DefaultCertValidityDays is the default validity period for certificates.
	DefaultCertValidityDays = 365
	// DefaultCAValidityDays is the default validity period for CA certificates.
	DefaultCAValidityDays = 3650 // 10 years
)

Variables ¶

This section is empty.

Functions ¶

func EnsureCertificates ¶

func EnsureCertificates(certPath, keyPath string) (cert, key string, err error)

EnsureCertificates checks for existing certificates or generates new ones. If certPath and keyPath are provided, they are used directly. Otherwise, auto-generated certificates are checked/created in the default location. Returns the paths to the certificate and key files.

func GenerateCertificates ¶

func GenerateCertificates(paths *CertPaths) error

GenerateCertificates generates a CA certificate and a server certificate signed by the CA.

func GenerateSelfSignedCA ¶

func GenerateSelfSignedCA() (*ecdsa.PrivateKey, *x509.Certificate, error)

GenerateSelfSignedCA creates a self-signed CA certificate.

func GenerateServerCert ¶

func GenerateServerCert(caKey *ecdsa.PrivateKey, caCert *x509.Certificate) (*ecdsa.PrivateKey, *x509.Certificate, error)

GenerateServerCert creates a server certificate signed by the given CA.

func GetCACertPath ¶

func GetCACertPath(customPath string) (string, error)

GetCACertPath returns the path to the CA certificate file. Returns the custom path if provided, otherwise returns the default path.

func LoadClientTLSConfig ¶

func LoadClientTLSConfig(caCertPath string, skipVerify bool) (*tls.Config, error)

LoadClientTLSConfig loads CA certificates and returns a TLS configuration for clients. If caCertPath is empty, it uses the default CA certificate location. If skipVerify is true, certificate verification is skipped (for development only).

func LoadTLSConfig ¶

func LoadTLSConfig(certPath, keyPath string) (*tls.Config, error)

LoadTLSConfig loads certificates and returns a TLS configuration for the server.

Types ¶

type CertPaths ¶

type CertPaths struct {
	CACert     string
	CAKey      string
	ServerCert string
	ServerKey  string
}

CertPaths holds the paths to certificate and key files.

func DefaultCertPaths ¶

func DefaultCertPaths() (*CertPaths, error)

DefaultCertPaths returns the default certificate paths in the user's home directory.

Source Files ¶

View all Source files

certs.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL