kubernetes/staging/src/k8s.io/apiserver/pkg/util/x509metrics/server_cert_deprecations.go

var _

type x509DeprecatedCertificateMetricsRTWrapper

type deprecatedCertificateAttributeChecker

type counterRaiser

func (c *counterRaiser) IncreaseMetricsCounter(req *http.Request) {}

// NewDeprecatedCertificateRoundTripperWrapperConstructor returns a RoundTripper wrapper that's usable within ClientConfig.Wrap.
//
// It increases the `missingSAN` counter whenever:
//  1. we get a x509.HostnameError with string `x509: certificate relies on legacy Common Name field`
//     which indicates an error caused by the deprecation of Common Name field when veryfing remote
//     hostname
//  2. the server certificate in response contains no SAN. This indicates that this binary run
//     with the GODEBUG=x509ignoreCN=0 in env
//
// It increases the `sha1` counter whenever:
//  1. we get a x509.InsecureAlgorithmError with string `SHA1`
//     which indicates an error caused by an insecure SHA1 signature
//  2. the server certificate in response contains a SHA1WithRSA or ECDSAWithSHA1 signature.
//     This indicates that this binary run with the GODEBUG=x509sha1=1 in env
func NewDeprecatedCertificateRoundTripperWrapperConstructor(missingSAN, sha1 *metrics.Counter) func(rt http.RoundTripper) http.RoundTripper {}

func (w *x509DeprecatedCertificateMetricsRTWrapper) RoundTrip(req *http.Request) (*http.Response, error) {}

func (w *x509DeprecatedCertificateMetricsRTWrapper) WrappedRoundTripper() http.RoundTripper {}

var _

type missingSANChecker

func NewSANDeprecatedChecker(counter *metrics.Counter) *missingSANChecker {}

// CheckRoundTripError returns true when we're running w/o GODEBUG=x509ignoreCN=0
// and the client reports a HostnameError about the legacy CN fields
func (c *missingSANChecker) CheckRoundTripError(err error) bool {}

// CheckPeerCertificates returns true when the server response contains
// a leaf certificate w/o the SAN extension
func (c *missingSANChecker) CheckPeerCertificates(peerCertificates []*x509.Certificate) bool {}

func hasSAN(c *x509.Certificate) bool {}

type sha1SignatureChecker

func NewSHA1SignatureDeprecatedChecker(counter *metrics.Counter) *sha1SignatureChecker {}

// CheckRoundTripError returns true when we're running w/o GODEBUG=x509sha1=1
// and the client reports an InsecureAlgorithmError about a SHA1 signature
func (c *sha1SignatureChecker) CheckRoundTripError(err error) bool {}

// CheckPeerCertificates returns true when the server response contains
// a non-root non-self-signed  certificate with a deprecated SHA1 signature
func (c *sha1SignatureChecker) CheckPeerCertificates(peerCertificates []*x509.Certificate) bool {}