Package securitytest embeds the TLS test certificates.

CACertFilename returns the expected file name for the CA certificate.

CertInfoFromFilename takes a filename and attempts to determine the certificate usage (ca, node, etc..).

ClientCertFilename returns the expected file name for the user's certificate.

ClientKeyFilename returns the expected file name for the user's key.

ClusterTLSSettings creates a TLSSettings backed by the given cluster settings.

CompareHashAndPassword tests that the provided bytes are equivalent to the hash of the supplied password.

Contains returns true if the specified string is present in the given slice.

CreateCAPair creates a general CA certificate and associated key.

CreateClientCAPair creates a client CA certificate and associated key.

CreateClientPair creates a node key and certificate.

CreateNodePair creates a node key and certificate.

CreateTenantClientCAPair creates a tenant client CA pair.

CreateTenantClientPair creates a key and certificate for use as client certs when communicating with the KV layer.

CreateUICAPair creates a UI CA certificate and associated key.

CreateUIPair creates a UI certificate and key using the UI CA.

ExtKeyUsageToString converts a x509.ExtKeyUsage to a string, returning "unknown" if the list is not up-to-date.

ForTenant is an option to NewCertificateManager which ties the manager to the provided tenant.

GenerateCA generates a CA certificate and signs it using the signer (a private key).

GenerateClientCert generates a client certificate and returns the cert bytes.

GenerateServerCert generates a server certificate and returns the cert bytes.

GenerateTenantClientCert generates a tenant client certificate and returns the cert bytes.

GenerateUIServerCert generates a server certificate for the Admin UI and returns the cert bytes.

GetAssetLoader returns the active asset loader.

GetCertificateUsers extract the users from a client certificate.

HashPassword takes a raw password and returns a bcrypt hashed password.

KeyUsageToString returns the list of key usages described by the bitmask.

MakeCertsLocator initializes a CertsLocator.

NewCertificateLoader creates a new instance of the certificate loader.

NewCertificateManager creates a new certificate manager.

NewCertificateManagerFirstRun creates a new certificate manager.

NodeCertFilename returns the expected file name for the node certificate.

NodeKeyFilename returns the expected file name for the node key.

PEMContentsToX509 takes raw pem-encoded contents and attempts to parse into x509.Certificate objects.

PEMToCertificates parses multiple certificate PEM blocks and returns them.

PEMToPrivateKey parses a PEM block and returns the private key.

PrivateKeyToPEM generates a PEM block from a private key.

PrivateKeyToPKCS8 encodes a private key into PKCS#8.

PromptForPassword prompts for a password.

ResetAssetLoader restores the asset loader to the default value.

SafeWriteToFile writes the passed-in bytes to a file.

SetAssetLoader overrides the asset loader with the passed-in one.

SetCertPrincipalMap sets the global principal map.

TenantClientCACertFilename returns the expected file name for the Tenant CA certificate.

TenantClientCertFilename returns the expected file name for the user's certificate.

TenantClientKeyFilename returns the expected file name for the user's key.

UserAuthCertHook builds an authentication hook based on the security mode and client certificate.

UserAuthPasswordHook builds an authentication hook based on the security mode, password, and its potentially matching hash.

WritePEMToFile writes an arbitrary number of PEM blocks to a file.

WriteTenantClientPair writes a TenantClientPair into certsDir.

AdminRole is the default (and non-droppable) role with superuser privileges.

CAPem describes the main CA certificate.

ClientCAPem describes the CA certificate used to verify client certificates.

ClientPem describes a client certificate.

EmbeddedCertsDir is the certs directory inside embedded assets.

EmbeddedCertsDir is the certs directory inside embedded assets.

EmbeddedCertsDir is the certs directory inside embedded assets.

EmbeddedCertsDir is the certs directory inside embedded assets.

EmbeddedCertsDir is the certs directory inside embedded assets.

EmbeddedCertsDir is the certs directory inside embedded assets.

EmbeddedCertsDir is the certs directory inside embedded assets.

EmbeddedCertsDir is the certs directory inside embedded assets.

EmbeddedCertsDir is the certs directory inside embedded assets.

CA for client connections.

CA for client connections.

EmbeddedCertsDir is the certs directory inside embedded assets.

EmbeddedCertsDir is the certs directory inside embedded assets.

EmbeddedCertsDir is the certs directory inside embedded assets.

EmbeddedCertsDir is the certs directory inside embedded assets.

ErrPasswordUserAuthFailed is the error template for failed password auth of a user.

NodePem describes the server certificate for the node, possibly a combined server/client certificate for user Node if a separate 'client.node.crt' is not present.

NodeUser is used by nodes for intra-cluster traffic.

PublicRole is the special "public" pseudo-role.

RootUser is the default cluster administrator.

TenantClientCAPem describes the CA certificate used to broker authN/Z for SQL tenants wishing to access the KV layer.

TenantClientPem describes a SQL tenant client certificate.

TenantsOU is the OrganizationalUnit that determines a client certificate should be treated as a tenant client certificate (as opposed to a KV node client certificate).

UICAPem describes the CA certificate used to verify the Admin UI server certificate.

UIPem describes the server certificate for the admin UI.

BcryptCost is the cost to use when hashing passwords.

EmbeddedTenantIDs lists the tenants we embed certs for.

ErrEmptyPassword indicates that an empty password was attempted to be set.

ErrPasswordTooShort indicates that a client provided a password that was too short according to policy.

MinPasswordLength is the cluster setting that configures the minimum SQL password length.

AssetLoader describes the functions necessary to read certificate and key files.

CertificateLoader searches for certificates and keys in the certs directory.

CertificateManager lives for the duration of the process and manages certificates and keys.

CertificateMetrics holds metrics about the various certificates.

CertInfo describe a certificate file and optional key file.

A CertsLocator provides locations to certificates.

CommandTLSSettings defines the TLS settings for command-line tools.

Error is the error type for this package.

TenantClientPair are client certs for use with multi-tenancy.

TLSSettings allows for customization of TLS behavior.

Option is an option to NewCertificateManager.

PemUsage indicates the purpose of a given certificate.

UserAuthHook authenticates a user based on their username and whether their connection originates from a client or another node in the cluster.