Package securitytest embeds the TLS test certificates.

CompareHashAndPassword tests that the provided bytes are equivalent to the hash of the supplied password.

CreateCAPair creates a CA key and a CA certificate.

CreateClientPair creates a node key and certificate.

CreateNodePair creates a node key and certificate.

ExtKeyUsageToString converts a x509.ExtKeyUsage to a string, returning "unknown" if the list is not up-to-date.

GenerateCA generates a CA certificate and signs it using the signer (a private key).

GenerateClientCert generates a client certificate and returns the cert bytes.

GenerateServerCert generates a server certificate and returns the cert bytes.

GetCertificateUser extract the username from a client certificate.

HashPassword takes a raw password and returns a bcrypt hashed password.

KeyUsageToString returns the list of key usages described by the bitmask.

LoadClientTLSConfig creates a client TLSConfig by loading the CA and client certs.

LoadServerTLSConfig creates a server TLSConfig by loading the CA and server certs.

NewCertificateLoader creates a new instance of the certificate loader.

NewCertificateManager creates a new certificate manager.

NewCertificateManagerFirstRun creates a new certificate manager.

PEMContentsToX509 takes raw pem-encoded contents and attempts to parse into x509.Certificate objects.

PEMToCertificates parses multiple certificate PEM blocks and returns them.

PEMToPrivateKey parses a PEM block and returns the private key.

PrivateKeyToPEM generates a PEM block from a private key.

PromptForPassword prompts for a password.

PromptForPasswordAndHash prompts for a password twice and returns the bcrypt hash.

PromptForPasswordTwice prompts for a password twice, returning the read string if they match, or an error.

ProtoAuthHook builds an authentication hook based on the security mode and client certificate.

ResetAssetLoader restores the asset loader to the default value.

SetAssetLoader overrides the asset loader with the passed-in one.

UserAuthCertHook builds an authentication hook based on the security mode and client certificate.

UserAuthPasswordHook builds an authentication hook based on the security mode, password, and its potentially matching hash.

WritePEMToFile writes an arbitrary number of PEM blocks to a file.

CAPem describes a CA certificate.

ClientPem describes a client certificate.

EmbeddedCertsDir is the certs directory inside embedded assets.

EmbeddedCertsDir is the certs directory inside embedded assets.

EmbeddedCertsDir is the certs directory inside embedded assets.

EmbeddedCertsDir is the certs directory inside embedded assets.

EmbeddedCertsDir is the certs directory inside embedded assets.

EmbeddedCertsDir is the certs directory inside embedded assets.

EmbeddedCertsDir is the certs directory inside embedded assets.

EmbeddedCertsDir is the certs directory inside embedded assets.

EmbeddedCertsDir is the certs directory inside embedded assets.

NodePem describes a combined server/client certificate for user Node.

NodeUser is used by nodes for intra-cluster traffic.

RootUser is the default cluster administrator.

ErrEmptyPassword indicates that an empty password was attempted to be set.

AssetLoader describes the functions necessary to read certificate and key files.

CertificateLoader searches for certificates and keys in the certs directory.

CertificateManager lives for the duration of the process and manages certificates and keys.

CertificateMetrics holds metrics about the various certificates.

CertInfo describe a certificate file and optional key file.

RequestWithUser must be implemented by `roachpb.Request`s which are arguments to methods that are not permitted to skip user checks.

UserAuthHook authenticates a user based on their username and whether their connection originates from a client or another node in the cluster.