var clientCertificateExpirationHistogram … func init() { … } type UserConversion … type UserConversionFunc … // User implements x509.UserConversion func (f UserConversionFunc) User(chain []*x509.Certificate) (*authenticator.Response, bool, error) { … } func columnSeparatedHex(d []byte) string { … } func certificateIdentifier(c *x509.Certificate) string { … } type VerifyOptionFunc … type Authenticator … // New returns a request.Authenticator that verifies client certificates using the provided // VerifyOptions, and converts valid certificate chains into user.Info using the provided UserConversion func New(opts x509.VerifyOptions, user UserConversion) *Authenticator { … } // NewDynamic returns a request.Authenticator that verifies client certificates using the provided // VerifyOptionFunc (which may be dynamic), and converts valid certificate chains into user.Info using the provided UserConversion func NewDynamic(verifyOptionsFn VerifyOptionFunc, user UserConversion) *Authenticator { … } // AuthenticateRequest authenticates the request using presented client certificates func (a *Authenticator) AuthenticateRequest(req *http.Request) (*authenticator.Response, bool, error) { … } type Verifier … // NewVerifier create a request.Authenticator by verifying a client cert on the request, then delegating to the wrapped auth func NewVerifier(opts x509.VerifyOptions, auth authenticator.Request, allowedCommonNames sets.String) authenticator.Request { … } // NewDynamicCAVerifier create a request.Authenticator by verifying a client cert on the request, then delegating to the wrapped auth func NewDynamicCAVerifier(verifyOptionsFn VerifyOptionFunc, auth authenticator.Request, allowedCommonNames StringSliceProvider) authenticator.Request { … } // AuthenticateRequest verifies the presented client certificate, then delegates to the wrapped auth func (a *Verifier) AuthenticateRequest(req *http.Request) (*authenticator.Response, bool, error) { … } func (a *Verifier) verifySubject(subject pkix.Name) error { … } // DefaultVerifyOptions returns VerifyOptions that use the system root certificates, current time, // and requires certificates to be valid for client auth (x509.ExtKeyUsageClientAuth) func DefaultVerifyOptions() x509.VerifyOptions { … } var CommonNameUserConversion …
Codebase Browser
kubernetes