// New returns an http.RoundTripper that will provide the authentication // or transport level security defined by the provided Config. func New(config *Config) (http.RoundTripper, error) { … } func isValidHolders(config *Config) bool { … } // TLSConfigFor returns a tls.Config that will provide the transport level security defined // by the provided Config. Will return nil if no transport level security is requested. func TLSConfigFor(c *Config) (*tls.Config, error) { … } // loadTLSFiles copies the data from the CertFile, KeyFile, and CAFile fields into the CertData, // KeyData, and CAFile fields, or returns an error. If no error is returned, all three fields are // either populated or were empty to start. func loadTLSFiles(c *Config) error { … } // dataFromSliceOrFile returns data from the slice (if non-empty), or from the file, // or an error if an error occurred reading the file func dataFromSliceOrFile(data []byte, file string) ([]byte, error) { … } // rootCertPool returns nil if caData is empty. When passed along, this will mean "use system CAs". // When caData is not empty, it will be the ONLY information used in the CertPool. func rootCertPool(caData []byte) (*x509.CertPool, error) { … } // createErrorParsingCAData ALWAYS returns an error. We call it because know we failed to AppendCertsFromPEM // but we don't know the specific error because that API is just true/false func createErrorParsingCAData(pemCerts []byte) error { … } type WrapperFunc … // Wrappers accepts any number of wrappers and returns a wrapper // function that is the equivalent of calling each of them in order. Nil // values are ignored, which makes this function convenient for incrementally // wrapping a function. func Wrappers(fns ...WrapperFunc) WrapperFunc { … } // ContextCanceller prevents new requests after the provided context is finished. // err is returned when the context is closed, allowing the caller to provide a context // appropriate error. func ContextCanceller(ctx context.Context, err error) WrapperFunc { … } type contextCanceller … func (b *contextCanceller) RoundTrip(req *http.Request) (*http.Response, error) { … } func tryCancelRequest(rt http.RoundTripper, req *http.Request) { … } type certificateCacheEntry … // isStale returns true when this cache entry is too old to be usable func (c *certificateCacheEntry) isStale() bool { … } func newCertificateCacheEntry(certFile, keyFile string) certificateCacheEntry { … } // cachingCertificateLoader ensures that we don't hammer the filesystem when opening many connections // the underlying cert files are read at most once every second func cachingCertificateLoader(certFile, keyFile string) func() (*tls.Certificate, error) { … }