apitls

package
v0.10.2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 19, 2026 License: BSD-3-Clause-Clear Imports: 6 Imported by: 0

Documentation

Overview

Package apitls provides TLS certificate management with automatic renewal support.

This package handles TLS certificate provisioning and management for secure inter-service communication within the NTP Pool project infrastructure. It provides both server and client certificate management through the CertificateProvider interface and includes a trusted CA certificate pool for validating certificates.

The package integrates with certman for automatic certificate renewal and includes embedded CA certificates for establishing trust relationships between services.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func CAPool 

func CAPool() (*x509.CertPool, error)

CAPool returns a certificate pool containing trusted CA certificates for validating TLS connections within the NTP Pool infrastructure.

The CA certificates are embedded in the binary and include the trusted certificate authorities used for inter-service communication. This pool should be used in tls.Config.RootCAs for client connections or tls.Config.ClientCAs for server connections requiring client certificates.

Returns an error if the embedded CA certificates cannot be parsed or loaded.

func GetCertman 

func GetCertman(certFile, keyFile string) (*certman.CertMan, error)

GetCertman sets up certman for the specified cert / key pair. It is used in the monitor-api and (for now) in the client

Types

type CertificateProvider 

type CertificateProvider interface {
	// GetCertificate retrieves a server certificate based on the client hello information.
	// This method is typically used in tls.Config.GetCertificate for server-side TLS.
	GetCertificate(hello *tls.ClientHelloInfo) (*tls.Certificate, error)

	// GetClientCertificate retrieves a client certificate for mutual TLS authentication.
	// This method is used in tls.Config.GetClientCertificate for client-side TLS.
	GetClientCertificate(certRequestInfo *tls.CertificateRequestInfo) (*tls.Certificate, error)
}

CertificateProvider defines the interface for providing TLS certificates for both server and client connections. Implementations should handle certificate retrieval, caching, and renewal as needed.

This interface supports both server-side certificate provisioning (via GetCertificate) and client-side certificate authentication (via GetClientCertificate).

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.