k8s.io/apiserver@v0.31.1/pkg/server/dynamiccertificates/static_content.go (about) 1 /* 2 Copyright 2019 The Kubernetes Authors. 3 4 Licensed under the Apache License, Version 2.0 (the "License"); 5 you may not use this file except in compliance with the License. 6 You may obtain a copy of the License at 7 8 http://www.apache.org/licenses/LICENSE-2.0 9 10 Unless required by applicable law or agreed to in writing, software 11 distributed under the License is distributed on an "AS IS" BASIS, 12 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 See the License for the specific language governing permissions and 14 limitations under the License. 15 */ 16 17 package dynamiccertificates 18 19 import ( 20 "crypto/tls" 21 "crypto/x509" 22 ) 23 24 type staticCAContent struct { 25 name string 26 caBundle *caBundleAndVerifier 27 } 28 29 var _ CAContentProvider = &staticCAContent{} 30 31 // NewStaticCAContent returns a CAContentProvider that always returns the same value 32 func NewStaticCAContent(name string, caBundle []byte) (CAContentProvider, error) { 33 caBundleAndVerifier, err := newCABundleAndVerifier(name, caBundle) 34 if err != nil { 35 return nil, err 36 } 37 38 return &staticCAContent{ 39 name: name, 40 caBundle: caBundleAndVerifier, 41 }, nil 42 } 43 44 // Name is just an identifier 45 func (c *staticCAContent) Name() string { 46 return c.name 47 } 48 49 func (c *staticCAContent) AddListener(Listener) {} 50 51 // CurrentCABundleContent provides ca bundle byte content 52 func (c *staticCAContent) CurrentCABundleContent() (cabundle []byte) { 53 return c.caBundle.caBundle 54 } 55 56 func (c *staticCAContent) VerifyOptions() (x509.VerifyOptions, bool) { 57 return c.caBundle.verifyOptions, true 58 } 59 60 type staticCertKeyContent struct { 61 name string 62 cert []byte 63 key []byte 64 } 65 66 // NewStaticCertKeyContent returns a CertKeyContentProvider that always returns the same value 67 func NewStaticCertKeyContent(name string, cert, key []byte) (CertKeyContentProvider, error) { 68 // Ensure that the key matches the cert and both are valid 69 _, err := tls.X509KeyPair(cert, key) 70 if err != nil { 71 return nil, err 72 } 73 74 return &staticCertKeyContent{ 75 name: name, 76 cert: cert, 77 key: key, 78 }, nil 79 } 80 81 // Name is just an identifier 82 func (c *staticCertKeyContent) Name() string { 83 return c.name 84 } 85 86 func (c *staticCertKeyContent) AddListener(Listener) {} 87 88 // CurrentCertKeyContent provides cert and key content 89 func (c *staticCertKeyContent) CurrentCertKeyContent() ([]byte, []byte) { 90 return c.cert, c.key 91 } 92 93 type staticSNICertKeyContent struct { 94 staticCertKeyContent 95 sniNames []string 96 } 97 98 // NewStaticSNICertKeyContent returns a SNICertKeyContentProvider that always returns the same value 99 func NewStaticSNICertKeyContent(name string, cert, key []byte, sniNames ...string) (SNICertKeyContentProvider, error) { 100 // Ensure that the key matches the cert and both are valid 101 _, err := tls.X509KeyPair(cert, key) 102 if err != nil { 103 return nil, err 104 } 105 106 return &staticSNICertKeyContent{ 107 staticCertKeyContent: staticCertKeyContent{ 108 name: name, 109 cert: cert, 110 key: key, 111 }, 112 sniNames: sniNames, 113 }, nil 114 } 115 116 func (c *staticSNICertKeyContent) SNINames() []string { 117 return c.sniNames 118 } 119 120 func (c *staticSNICertKeyContent) AddListener(Listener) {}