mtls

package

v0.1.9 Latest Latest Go to latest Published: Dec 19, 2025 License: MIT Imports: 11 Imported by: 1

Documentation ¶

This section is empty.

This section is empty.

func NewTLSConfig(privKey ed25519.PrivateKey, pubKeys []ed25519.PublicKey) (*tls.Config, error)

func NewTransportCredentials(privKey ed25519.PrivateKey, pubKeys []ed25519.PublicKey) (credentials.TransportCredentials, error)

NewTransportCredentials creates a gRPC TransportCredentials from a PrivateKey and PublicKeys set.

func NewTransportSigner(signer crypto.Signer, pubKeys []ed25519.PublicKey) (credentials.TransportCredentials, error)

type PrivateKey struct {
	// contains filtered or unexported fields
}

func ValidPrivateKeyFromEd25519(key ed25519.PrivateKey) (*PrivateKey, error)

type PublicKeys struct {
	// contains filtered or unexported fields
}

PublicKeys wraps a slice of keys so we can update the keys dynamically.

func ValidPublicKeysFromEd25519(keys ...ed25519.PublicKey) (*PublicKeys, error)

func (r *PublicKeys) Keys() []ed25519.PublicKey

func (r *PublicKeys) Replace(pubs *PublicKeys)

Replace replaces the existing keys with new keys. Use this to dynamically update the allowable keys at runtime.

func (r *PublicKeys) VerifyPeerCertificate() func(rawCerts [][]byte, verifiedChains [][]*x509.Certificate) error

Verifies that the certificate's public key matches with one of the keys in our list of registered keys.

type StaticSizedPublicKey [ed25519.PublicKeySize]byte

func PubKeyFromCert(cert *x509.Certificate) (StaticSizedPublicKey, error)

PubKeyFromCert extracts the public key from the cert and returns it as a statically sized byte array.

func ToStaticallySizedPublicKey(pubKey ed25519.PublicKey) (StaticSizedPublicKey, error)

ToStaticallySizedPublicKey converts an ed25519 public key into a statically sized byte array.

func (p StaticSizedPublicKey) String() string