Package securitytest embeds the TLS test certificates.

GenerateCA generates a CA certificate and returns the cert bytes as well as the private key used to generate the certificate.

GenerateClientCert generates a client certificate and returns the cert bytes as well as the private key used to generate the certificate.

GenerateServerCert generates a server certificate and returns the cert bytes as well as the private key used to generate the certificate.

GetCertificateUser extract the username from a client certificate.

HashPassword takes a raw password and returns a bcrypt hashed password.

LoadClientTLSConfig creates a client TLSConfig by loading the CA and client certs.

LoadServerTLSConfig creates a server TLSConfig by loading the CA and server certs.

PromptForPasswordAndHash prompts for a password on the stdin twice, and if both match, returns a bcrypt hashed password.

ProtoAuthHook builds an authentication hook based on the security mode and client certificate.

ResetReadFileFn is the counterpart to SetReadFileFn, restoring the original behaviour for loading certificate related data from disk.

RunCreateCACert is the entry-point from the command-line interface to generate CA cert and key.

RunCreateClientCert is the entry-point from the command-line interface to generate a client cert and key.

RunCreateNodeCert is the entry-point from the command-line interface to generate node certs and keys: - sslCA: path to the CA certificate - sslCAKey: path to the CA key - sslCert: path to the node certificate - sslCertKey: path to the node key.

SetReadFileFn allows to switch out ioutil.ReadFile by a mock for testing purposes.

UserAuthHook builds an authentication hook based on the security mode and client certificate.

EmbeddedCertsDir is the certs directory inside embedded assets.

EmbeddedCertsDir is the certs directory inside embedded assets.

EmbeddedCertsDir is the certs directory inside embedded assets.

EmbeddedCertsDir is the certs directory inside embedded assets.

EmbeddedCertsDir is the certs directory inside embedded assets.

EmbeddedCertsDir is the certs directory inside embedded assets.

EmbeddedCertsDir is the certs directory inside embedded assets.

EmbeddedCertsDir is the certs directory inside embedded assets.

EmbeddedCertsDir is the certs directory inside embedded assets.

NodeUser is used by nodes for intra-cluster traffic.

RootUser is the default cluster administrator.

RequestWithUser must be implemented by `roachpb.Request`s which are arguments to methods that are not permitted to skip user checks.