encryption

package
v1.33.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 23, 2026 License: MIT Imports: 17 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type CertExpirationChecker 

type CertExpirationChecker interface {
	GetExpiringCerts(timeWindow time.Duration) (expiring CertExpirationMap, expired CertExpirationMap, err error)
}

type CertExpirationData 

type CertExpirationData struct {
	Thumbprint CertThumbprint
	IsCA       bool
	DNSNames   []string
	Expiration time.Time
}

type CertExpirationMap 

type CertExpirationMap map[CertThumbprint]CertExpirationData

type CertProvider 

type CertProvider interface {
	FetchServerCertificate() (*tls.Certificate, error)
	FetchClientCAs() (*x509.CertPool, error)
	FetchClientCertificate(isWorker bool) (*tls.Certificate, error)
	FetchServerRootCAsForClient(isWorker bool) (*x509.CertPool, error)
	GetExpiringCerts(timeWindow time.Duration) (expiring CertExpirationMap, expired CertExpirationMap, err error)
}

CertProvider is a common interface to load raw TLS/X509 primitives.

func NewLocalStoreCertProvider 

func NewLocalStoreCertProvider(
	tlsSettings *config.GroupTLS,
	workerTlsSettings *config.WorkerTLS,
	legacyWorkerSettings *config.ClientTLS,
	refreshInterval time.Duration,
	logger log.Logger) CertProvider

type CertProviderFactory 

type CertProviderFactory func(
	tlsSettings *config.GroupTLS,
	workerTlsSettings *config.WorkerTLS,
	legacyWorkerSettings *config.ClientTLS,
	refreshInterval time.Duration,
	logger log.Logger) CertProvider

type CertThumbprint 

type CertThumbprint [16]byte

type FixedTLSConfigProvider 

type FixedTLSConfigProvider struct {
	InternodeServerConfig      *tls.Config
	InternodeClientConfig      *tls.Config
	FrontendServerConfig       *tls.Config
	FrontendClientConfig       *tls.Config
	RemoteClusterClientConfigs map[string]*tls.Config
	CertExpirationChecker      CertExpirationChecker
}

func (*FixedTLSConfigProvider) GetExpiringCerts 

func (f *FixedTLSConfigProvider) GetExpiringCerts(
	timeWindow time.Duration,
) (expiring CertExpirationMap, expired CertExpirationMap, err error)

GetExpiringCerts implements [TLSConfigProvider.GetExpiringCerts].

func (*FixedTLSConfigProvider) GetFrontendClientConfig 

func (f *FixedTLSConfigProvider) GetFrontendClientConfig() (*tls.Config, error)

GetFrontendClientConfig implements [TLSConfigProvider.GetFrontendClientConfig].

func (*FixedTLSConfigProvider) GetFrontendServerConfig 

func (f *FixedTLSConfigProvider) GetFrontendServerConfig() (*tls.Config, error)

GetFrontendServerConfig implements [TLSConfigProvider.GetFrontendServerConfig].

func (*FixedTLSConfigProvider) GetInternodeClientConfig 

func (f *FixedTLSConfigProvider) GetInternodeClientConfig() (*tls.Config, error)

GetInternodeClientConfig implements [TLSConfigProvider.GetInternodeClientConfig].

func (*FixedTLSConfigProvider) GetInternodeServerConfig 

func (f *FixedTLSConfigProvider) GetInternodeServerConfig() (*tls.Config, error)

GetInternodeServerConfig implements [TLSConfigProvider.GetInternodeServerConfig].

func (*FixedTLSConfigProvider) GetRemoteClusterClientConfig 

func (f *FixedTLSConfigProvider) GetRemoteClusterClientConfig(hostname string) (*tls.Config, error)

GetRemoteClusterClientConfig implements [TLSConfigProvider.GetRemoteClusterClientConfig].

type PerHostCertProviderMap 

type PerHostCertProviderMap interface {
	GetCertProvider(hostName string) (provider CertProvider, clientAuthRequired bool, err error)
	GetExpiringCerts(timeWindow time.Duration) (expiring CertExpirationMap, expired CertExpirationMap, err error)
	NumberOfHosts() int
}

PerHostCertProviderMap returns a CertProvider for a given host name.

type TLSConfigProvider 

type TLSConfigProvider interface {
	GetInternodeServerConfig() (*tls.Config, error)
	GetInternodeClientConfig() (*tls.Config, error)
	GetFrontendServerConfig() (*tls.Config, error)
	GetFrontendClientConfig() (*tls.Config, error)
	GetRemoteClusterClientConfig(hostname string) (*tls.Config, error)
	GetExpiringCerts(timeWindow time.Duration) (expiring CertExpirationMap, expired CertExpirationMap, err error)
}

TLSConfigProvider serves as a common interface to read server and client configuration for TLS.

func NewLocalStoreTlsProvider 

func NewLocalStoreTlsProvider(tlsConfig *config.RootTLS, metricsHandler metrics.Handler, logger log.Logger, certProviderFactory CertProviderFactory,
) (TLSConfigProvider, error)

func NewTLSConfigProviderFromConfig 

func NewTLSConfigProviderFromConfig(
	encryptionSettings config.RootTLS,
	metricsHandler metrics.Handler,
	logger log.Logger,
	certProviderFactory CertProviderFactory,
) (TLSConfigProvider, error)

NewTLSConfigProviderFromConfig creates a new TLS Config provider from RootTLS config. A custom cert provider factory can be optionally injected via certProviderFactory argument. Otherwise, it defaults to using localStoreCertProvider

type TestDynamicCertProvider 

type TestDynamicCertProvider struct {
	// contains filtered or unexported fields
}

func NewTestDynamicCertProvider 

func NewTestDynamicCertProvider(
	serverCerts []*tls.Certificate,
	caCerts *x509.CertPool,
	wrongCACerts *x509.CertPool,
	config config.GroupTLS) *TestDynamicCertProvider

func (*TestDynamicCertProvider) FetchClientCAs 

func (t *TestDynamicCertProvider) FetchClientCAs() (*x509.CertPool, error)

func (*TestDynamicCertProvider) FetchClientCertificate 

func (t *TestDynamicCertProvider) FetchClientCertificate(_ bool) (*tls.Certificate, error)

func (*TestDynamicCertProvider) FetchServerCertificate 

func (t *TestDynamicCertProvider) FetchServerCertificate() (*tls.Certificate, error)

func (*TestDynamicCertProvider) FetchServerRootCAsForClient 

func (t *TestDynamicCertProvider) FetchServerRootCAsForClient(_ bool) (*x509.CertPool, error)

func (*TestDynamicCertProvider) GetCertProvider 

func (t *TestDynamicCertProvider) GetCertProvider(hostName string) (CertProvider, bool, error)

func (*TestDynamicCertProvider) GetExpiringCerts 

func (t *TestDynamicCertProvider) GetExpiringCerts(_ time.Duration,
) (expiring CertExpirationMap, expired CertExpirationMap, err error)

func (*TestDynamicCertProvider) GetSettings 

func (t *TestDynamicCertProvider) GetSettings() *config.GroupTLS

func (*TestDynamicCertProvider) Initialize 

func (t *TestDynamicCertProvider) Initialize(refreshInterval time.Duration)

func (*TestDynamicCertProvider) NumberOfHosts 

func (t *TestDynamicCertProvider) NumberOfHosts() int

func (*TestDynamicCertProvider) SetServerName 

func (t *TestDynamicCertProvider) SetServerName(serverName string)

func (*TestDynamicCertProvider) SwitchToWrongServerRootCACerts 

func (t *TestDynamicCertProvider) SwitchToWrongServerRootCACerts()

type TestDynamicTLSConfigProvider 

type TestDynamicTLSConfigProvider struct {
	InternodeCertProvider       *TestDynamicCertProvider
	InternodeClientCertProvider *TestDynamicCertProvider
	FrontendCertProvider        *TestDynamicCertProvider
	FrontendClientCertProvider  *TestDynamicCertProvider
	WorkerCertProvider          *TestDynamicCertProvider

	FrontendPerHostCertProviderMap PerHostCertProviderMap
	// contains filtered or unexported fields
}

func NewTestDynamicTLSConfigProvider 

func NewTestDynamicTLSConfigProvider(
	tlsConfig *config.RootTLS,
	internodeCerts []*tls.Certificate,
	internodeCACerts *x509.CertPool,
	frontendCerts []*tls.Certificate,
	frontendCACerts *x509.CertPool,
	wrongCACerts *x509.CertPool,
) (*TestDynamicTLSConfigProvider, error)

func (*TestDynamicTLSConfigProvider) GetExpiringCerts 

func (t *TestDynamicTLSConfigProvider) GetExpiringCerts(timeWindow time.Duration) (expiring CertExpirationMap, expired CertExpirationMap, err error)

func (*TestDynamicTLSConfigProvider) GetFrontendClientConfig 

func (t *TestDynamicTLSConfigProvider) GetFrontendClientConfig() (*tls.Config, error)

func (*TestDynamicTLSConfigProvider) GetFrontendServerConfig 

func (t *TestDynamicTLSConfigProvider) GetFrontendServerConfig() (*tls.Config, error)

func (*TestDynamicTLSConfigProvider) GetInternodeClientConfig 

func (t *TestDynamicTLSConfigProvider) GetInternodeClientConfig() (*tls.Config, error)

func (*TestDynamicTLSConfigProvider) GetInternodeServerConfig 

func (t *TestDynamicTLSConfigProvider) GetInternodeServerConfig() (*tls.Config, error)

func (*TestDynamicTLSConfigProvider) GetRemoteClusterClientConfig 

func (t *TestDynamicTLSConfigProvider) GetRemoteClusterClientConfig(hostName string) (*tls.Config, error)

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.