Module leec_tls

Module in charge of managing TLS-related operations.

Description

Module in charge of managing TLS-related operations.

Data Types

any_directory_path()

any_directory_path() = file_utils:any_directory_path()

any_file_name()

any_file_name() = file_utils:any_file_name()

any_file_path()

any_file_path() = file_utils:any_file_path()

bin_certificate()

bin_certificate() = leec:bin_certificate()

bin_directory_path()

bin_directory_path() = file_utils:bin_directory_path()

bin_file_path()

bin_file_path() = file_utils:bin_file_path()

bin_fqdn()

bin_fqdn() = net_utils:bin_fqdn()

cert_file_path()

cert_file_path() = leec:cert_file_path()

cert_priv_key_file_path()

cert_priv_key_file_path() = leec:cert_priv_key_file_path()

certificate_provider()

certificate_provider() = leec:certificate_provider()

directory_path()

directory_path() = file_utils:bin_directory_path()

file_path()

file_path() = file_utils:file_path()

http_options()

http_options() = web_utils:http_options()

maybe()

maybe(T) = basic_utils:maybe(T)

san()

san() = leec:san()

table()

table(K, V) = map_hashtable:map_hashtable(K, V)

tls_private_key()

tls_private_key() = leec:tls_private_key()

tls_public_key()

tls_public_key() = leec:tls_public_key()

void()

void() = basic_utils:void()

Function Index

generate_certificate/5Generates the specified certificate with subjectAlternativeName, either an actual one, or a temporary (1 day), autosigned one.
get_cert_request/3Returns a CSR certificate request.
key_to_map/1Returns a map-based version of the specified public key record, typically for encoding.
map_to_key/1Returns the key record corresponding to the specified map, typically obtained from a remote server.
obtain_ca_cert_file/1Obtains the intermediate certificate of the default authority, using default HTTP options.
obtain_ca_cert_file/2Obtains the intermediate certificate of the default authority.
obtain_ca_cert_file/3Obtains the intermediate certificate of the specified authority.
obtain_dh_key/1Secures a proper DH file for safer key exchange, creates it only if necessary, returns its path.
obtain_private_key/2Obtains a private key for the current LEEC agent, either by creating it (in a specified filename or in a generated one) or by reading a pre-existing one from file.
write_certificate/3Writes the specified certificate, overwriting any prior one.

Function Details

generate_certificate/5

generate_certificate(CertType::request | autosigned, BinDomain::bin_fqdn(), OutCertPath::cert_file_path(), PrivKeyFilePath::cert_priv_key_file_path(), SANs::[san()]) -> void()

Generates the specified certificate with subjectAlternativeName, either an actual one, or a temporary (1 day), autosigned one.

get_cert_request/3

get_cert_request(BinDomain::bin_fqdn(), BinCertDirPath::bin_directory_path(), SANs::[san()]) -> leec:tls_csr()

Returns a CSR certificate request.

For that, generates also the whole base certificante and its private key.

key_to_map/1

key_to_map(Tls_public_key::tls_public_key()) -> map()

Returns a map-based version of the specified public key record, typically for encoding.

map_to_key/1

map_to_key(Map::map()) -> tls_public_key()

Returns the key record corresponding to the specified map, typically obtained from a remote server.

obtain_ca_cert_file/1

obtain_ca_cert_file(TargetDir::any_directory_path()) -> bin_file_path()

Obtains the intermediate certificate of the default authority, using default HTTP options.

obtain_ca_cert_file/2

obtain_ca_cert_file(TargetDir::any_directory_path(), HttpOptions::http_options()) -> bin_file_path()

Obtains the intermediate certificate of the default authority.

obtain_ca_cert_file/3

obtain_ca_cert_file(TargetDir::any_directory_path(), CertProvider::certificate_provider(), HttpOptions::http_options()) -> file_path()

Obtains the intermediate certificate of the specified authority.

obtain_dh_key/1

obtain_dh_key(CertDir::directory_path()) -> bin_file_path()

Secures a proper DH file for safer key exchange, creates it only if necessary, returns its path.

The Ephemeral Diffie-Helman key exchange is a very effective way of ensuring Forward Secrecy by exchanging a set of keys that never hit the wire.

Does not involve any network access.

obtain_private_key/2

obtain_private_key(KeyFileInfo::maybe({new, any_file_name()} | any_file_path()), BinCertDirPath::bin_directory_path()) -> tls_private_key()

Obtains a private key for the current LEEC agent, either by creating it (in a specified filename or in a generated one) or by reading a pre-existing one from file.

Does not involve any network access.

write_certificate/3

write_certificate(Domain::net_utils:string_fqdn(), BinDomainCert::bin_certificate(), BinCertDirPath::bin_directory_path()) -> file_path()

Writes the specified certificate, overwriting any prior one.

Domain certificate only.


Generated by EDoc