Package securitytest embeds the TLS test certificates.

CACertFilename returns the expected file name for the CA certificate.

CertInfoFromFilename takes a filename and attempts to determine the certificate usage (ca, node, etc..).

ClientCertFilename returns the expected file name for the user's certificate.

ClientKeyFilename returns the expected file name for the user's key.

CompareHashAndPassword tests that the provided bytes are equivalent to the hash of the supplied password.

CreateCAPair creates a general CA certificate and associated key.

CreateClientCAPair creates a client CA certificate and associated key.

CreateClientPair creates a node key and certificate.

CreateNodePair creates a node key and certificate.

CreateUICAPair creates a UI CA certificate and associated key.

CreateUIPair creates a UI certificate and key using the UI CA.

ExtKeyUsageToString converts a x509.ExtKeyUsage to a string, returning "unknown" if the list is not up-to-date.

GenerateCA generates a CA certificate and signs it using the signer (a private key).

GenerateClientCert generates a client certificate and returns the cert bytes.

GenerateServerCert generates a server certificate and returns the cert bytes.

GenerateUIServerCert generates a server certificate for the Admin UI and returns the cert bytes.

GetCertificateUser extract the username from a client certificate.

HashPassword takes a raw password and returns a bcrypt hashed password.

KeyUsageToString returns the list of key usages described by the bitmask.

LoadClientTLSConfig creates a client TLSConfig by loading the CA and client certs.

LoadServerTLSConfig creates a server TLSConfig by loading the CA and server certs.

NewCertificateLoader creates a new instance of the certificate loader.

NewCertificateManager creates a new certificate manager.

NewCertificateManagerFirstRun creates a new certificate manager.

PEMContentsToX509 takes raw pem-encoded contents and attempts to parse into x509.Certificate objects.

PEMToCertificates parses multiple certificate PEM blocks and returns them.

PEMToPrivateKey parses a PEM block and returns the private key.

PrivateKeyToPEM generates a PEM block from a private key.

PrivateKeyToPKCS8 encodes a private key into PKCS#8.

PromptForPassword prompts for a password.

PromptForPasswordTwice prompts for a password twice, returning the read string if they match, or an error.

ResetAssetLoader restores the asset loader to the default value.

SafeWriteToFile writes the passed-in bytes to a file.

SetAssetLoader overrides the asset loader with the passed-in one.

UserAuthCertHook builds an authentication hook based on the security mode and client certificate.

UserAuthPasswordHook builds an authentication hook based on the security mode, password, and its potentially matching hash.

WritePEMToFile writes an arbitrary number of PEM blocks to a file.

CAPem describes the main CA certificate.

ClientCAPem describes the CA certificate used to verify client certificates.

ClientPem describes a client certificate.

EmbeddedCertsDir is the certs directory inside embedded assets.

EmbeddedCertsDir is the certs directory inside embedded assets.

EmbeddedCertsDir is the certs directory inside embedded assets.

EmbeddedCertsDir is the certs directory inside embedded assets.

EmbeddedCertsDir is the certs directory inside embedded assets.

EmbeddedCertsDir is the certs directory inside embedded assets.

EmbeddedCertsDir is the certs directory inside embedded assets.

EmbeddedCertsDir is the certs directory inside embedded assets.

EmbeddedCertsDir is the certs directory inside embedded assets.

EmbeddedCertsDir is the certs directory inside embedded assets.

EmbeddedCertsDir is the certs directory inside embedded assets.

EmbeddedCertsDir is the certs directory inside embedded assets.

EmbeddedCertsDir is the certs directory inside embedded assets.

ErrPasswordUserAuthFailed is the error template for failed password auth of a user.

NodePem describes the server certificate for the node, possibly a combined server/client certificate for user Node if a separate 'client.node.crt' is not present.

NodeUser is used by nodes for intra-cluster traffic.

RootUser is the default cluster administrator.

UICAPem describes the CA certificate used to verify the Admin UI server certificate.

UIPem describes the server certificate for the admin UI.

BcryptCost is the cost to use when hashing passwords.

ErrEmptyPassword indicates that an empty password was attempted to be set.

AssetLoader describes the functions necessary to read certificate and key files.

CertificateLoader searches for certificates and keys in the certs directory.

CertificateManager lives for the duration of the process and manages certificates and keys.

CertificateMetrics holds metrics about the various certificates.

CertInfo describe a certificate file and optional key file.

Error is the error type for this package.

PemUsage indicates the purpose of a given certificate.

UserAuthHook authenticates a user based on their username and whether their connection originates from a client or another node in the cluster.