Documentation ¶
Index ¶
- func JSON(w http.ResponseWriter, v interface{})
- func JSONStatus(w http.ResponseWriter, v interface{}, status int)
- func LogCertificate(w http.ResponseWriter, cert *x509.Certificate)
- func LogEnabledResponse(rw http.ResponseWriter, v interface{})
- func LogError(rw http.ResponseWriter, err error)
- func ReadJSON(r io.Reader, v interface{}) error
- func WriteError(w http.ResponseWriter, err error)
- type Authority
- type Certificate
- type CertificateRequest
- type EnableLogger
- type FederationResponse
- type HealthResponse
- type ProvisionerKeyResponse
- type ProvisionersResponse
- type RekeyRequest
- type RevokeRequest
- type RevokeResponse
- type RootResponse
- type RootsResponse
- type Router
- type RouterHandler
- type SSHAuthority
- type SSHBastionRequest
- type SSHBastionResponse
- type SSHCertificate
- type SSHCheckPrincipalRequest
- type SSHCheckPrincipalResponse
- type SSHConfigRequest
- type SSHConfigResponse
- type SSHGetHostsResponse
- type SSHPublicKey
- type SSHRekeyRequest
- type SSHRekeyResponse
- type SSHRenewRequest
- type SSHRenewResponse
- type SSHRevokeRequest
- type SSHRevokeResponse
- type SSHRootsResponse
- type SSHSignRequest
- type SSHSignResponse
- type SignRequest
- type SignResponse
- type Template
- type TimeDuration
- type VersionResponse
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func JSON ¶
func JSON(w http.ResponseWriter, v interface{})
JSON writes the passed value into the http.ResponseWriter.
func JSONStatus ¶
func JSONStatus(w http.ResponseWriter, v interface{}, status int)
JSONStatus writes the given value into the http.ResponseWriter and the given status is written as the status code of the response.
func LogCertificate ¶
func LogCertificate(w http.ResponseWriter, cert *x509.Certificate)
LogCertificate add certificate fields to the log message.
func LogEnabledResponse ¶
func LogEnabledResponse(rw http.ResponseWriter, v interface{})
LogEnabledResponse log the response object if it implements the EnableLogger interface.
func LogError ¶
func LogError(rw http.ResponseWriter, err error)
LogError adds to the response writer the given error if it implements logging.ResponseLogger. If it does not implement it, then writes the error using the log package.
func WriteError ¶
func WriteError(w http.ResponseWriter, err error)
WriteError writes to w a JSON representation of the given error.
Types ¶
type Authority ¶
type Authority interface { SSHAuthority // context specifies the Authorize[Sign|Revoke|etc.] method. Authorize(ctx context.Context, ott string) ([]provisioner.SignOption, error) AuthorizeSign(ott string) ([]provisioner.SignOption, error) GetTLSOptions() *tlsutil.TLSOptions Root(shasum string) (*x509.Certificate, error) Sign(cr *x509.CertificateRequest, opts provisioner.SignOptions, signOpts ...provisioner.SignOption) ([]*x509.Certificate, error) Renew(peer *x509.Certificate) ([]*x509.Certificate, error) Rekey(peer *x509.Certificate, pk crypto.PublicKey) ([]*x509.Certificate, error) LoadProvisionerByCertificate(*x509.Certificate) (provisioner.Interface, error) LoadProvisionerByID(string) (provisioner.Interface, error) GetProvisioners(cursor string, limit int) (provisioner.List, string, error) Revoke(context.Context, *authority.RevokeOptions) error GetEncryptedKey(kid string) (string, error) GetRoots() (federation []*x509.Certificate, err error) GetFederation() ([]*x509.Certificate, error) Version() authority.Version }
Authority is the interface implemented by a CA authority.
type Certificate ¶
type Certificate struct {
*x509.Certificate
}
Certificate wraps a *x509.Certificate and adds the json.Marshaler interface.
func NewCertificate ¶
func NewCertificate(cr *x509.Certificate) Certificate
NewCertificate is a helper method that returns a Certificate from a *x509.Certificate.
func (Certificate) MarshalJSON ¶
func (c Certificate) MarshalJSON() ([]byte, error)
MarshalJSON implements the json.Marshaler interface. The certificate is quoted string using the PEM encoding.
func (*Certificate) UnmarshalJSON ¶
func (c *Certificate) UnmarshalJSON(data []byte) error
UnmarshalJSON implements the json.Unmarshaler interface. The certificate is expected to be a quoted string using the PEM encoding.
type CertificateRequest ¶
type CertificateRequest struct {
*x509.CertificateRequest
}
CertificateRequest wraps a *x509.CertificateRequest and adds the json.Unmarshaler interface.
func NewCertificateRequest ¶
func NewCertificateRequest(cr *x509.CertificateRequest) CertificateRequest
NewCertificateRequest is a helper method that returns a CertificateRequest from a *x509.CertificateRequest.
func (CertificateRequest) MarshalJSON ¶
func (c CertificateRequest) MarshalJSON() ([]byte, error)
MarshalJSON implements the json.Marshaler interface. The certificate request is a quoted string using the PEM encoding.
func (*CertificateRequest) UnmarshalJSON ¶
func (c *CertificateRequest) UnmarshalJSON(data []byte) error
UnmarshalJSON implements the json.Unmarshaler interface. The certificate request is expected to be a quoted string using the PEM encoding.
type EnableLogger ¶
type EnableLogger interface {
ToLog() (interface{}, error)
}
EnableLogger is an interface that enables response logging for an object.
type FederationResponse ¶
type FederationResponse struct {
Certificates []Certificate `json:"crts"`
}
FederationResponse is the response object of the federation request.
type HealthResponse ¶
type HealthResponse struct {
Status string `json:"status"`
}
HealthResponse is the response object that returns the health of the server.
type ProvisionerKeyResponse ¶
type ProvisionerKeyResponse struct {
Key string `json:"key"`
}
ProvisionerKeyResponse is the response object that returns the encrypted key of a provisioner.
type ProvisionersResponse ¶
type ProvisionersResponse struct { Provisioners provisioner.List `json:"provisioners"` NextCursor string `json:"nextCursor"` }
ProvisionersResponse is the response object that returns the list of provisioners.
type RekeyRequest ¶
type RekeyRequest struct {
CsrPEM CertificateRequest `json:"csr"`
}
RekeyRequest is the request body for a certificate rekey request.
func (*RekeyRequest) Validate ¶
func (s *RekeyRequest) Validate() error
Validate checks the fields of the RekeyRequest and returns nil if they are ok or an error if something is wrong.
type RevokeRequest ¶
type RevokeRequest struct { Serial string `json:"serial"` OTT string `json:"ott"` ReasonCode int `json:"reasonCode"` Reason string `json:"reason"` Passive bool `json:"passive"` }
RevokeRequest is the request body for a revocation request.
func (*RevokeRequest) Validate ¶
func (r *RevokeRequest) Validate() (err error)
Validate checks the fields of the RevokeRequest and returns nil if they are ok or an error if something is wrong.
type RevokeResponse ¶
type RevokeResponse struct {
Status string `json:"status"`
}
RevokeResponse is the response object that returns the health of the server.
type RootResponse ¶
type RootResponse struct {
RootPEM Certificate `json:"ca"`
}
RootResponse is the response object that returns the PEM of a root certificate.
type RootsResponse ¶
type RootsResponse struct {
Certificates []Certificate `json:"crts"`
}
RootsResponse is the response object of the roots request.
type Router ¶
type Router interface { // MethodFunc adds routes for `pattern` that matches // the `method` HTTP method. MethodFunc(method, pattern string, h http.HandlerFunc) }
Router defines a common router interface.
type RouterHandler ¶
type RouterHandler interface {
Route(r Router)
}
RouterHandler is the interface that a HTTP handler that manages multiple endpoints will implement.
func New ¶
func New(authority Authority) RouterHandler
New creates a new RouterHandler with the CA endpoints.
type SSHAuthority ¶
type SSHAuthority interface { SignSSH(ctx context.Context, key ssh.PublicKey, opts provisioner.SignSSHOptions, signOpts ...provisioner.SignOption) (*ssh.Certificate, error) RenewSSH(ctx context.Context, cert *ssh.Certificate) (*ssh.Certificate, error) RekeySSH(ctx context.Context, cert *ssh.Certificate, key ssh.PublicKey, signOpts ...provisioner.SignOption) (*ssh.Certificate, error) SignSSHAddUser(ctx context.Context, key ssh.PublicKey, cert *ssh.Certificate) (*ssh.Certificate, error) GetSSHRoots(ctx context.Context) (*authority.SSHKeys, error) GetSSHFederation(ctx context.Context) (*authority.SSHKeys, error) GetSSHConfig(ctx context.Context, typ string, data map[string]string) ([]templates.Output, error) CheckSSHHost(ctx context.Context, principal string, token string) (bool, error) GetSSHHosts(ctx context.Context, cert *x509.Certificate) ([]sshutil.Host, error) GetSSHBastion(ctx context.Context, user string, hostname string) (*authority.Bastion, error) }
SSHAuthority is the interface implemented by a SSH CA authority.
type SSHBastionRequest ¶
SSHBastionRequest is the request body used to get the bastion for a given host.
func (*SSHBastionRequest) Validate ¶
func (r *SSHBastionRequest) Validate() error
Validate checks the values of the SSHBastionRequest.
type SSHBastionResponse ¶
type SSHBastionResponse struct { Hostname string `json:"hostname"` Bastion *authority.Bastion `json:"bastion,omitempty"` }
SSHBastionResponse is the response body used to return the bastion for a given host.
type SSHCertificate ¶
type SSHCertificate struct {
*ssh.Certificate `json:"omitempty"`
}
SSHCertificate represents the response SSH certificate.
func (SSHCertificate) MarshalJSON ¶
func (c SSHCertificate) MarshalJSON() ([]byte, error)
MarshalJSON implements the json.Marshaler interface. Returns a quoted, base64 encoded, openssh wire format version of the certificate.
func (*SSHCertificate) UnmarshalJSON ¶
func (c *SSHCertificate) UnmarshalJSON(data []byte) error
UnmarshalJSON implements the json.Unmarshaler interface. The certificate is expected to be a quoted, base64 encoded, openssh wire formatted block of bytes.
type SSHCheckPrincipalRequest ¶
type SSHCheckPrincipalRequest struct { Type string `json:"type"` Principal string `json:"principal"` Token string `json:"token,omitempty"` }
SSHCheckPrincipalRequest is the request body used to check if a principal certificate has been created. Right now it only supported for hosts certificates.
func (*SSHCheckPrincipalRequest) Validate ¶
func (r *SSHCheckPrincipalRequest) Validate() error
Validate checks the check principal request.
type SSHCheckPrincipalResponse ¶
type SSHCheckPrincipalResponse struct {
Exists bool `json:"exists"`
}
SSHCheckPrincipalResponse is the response body used to check if a principal exists.
type SSHConfigRequest ¶
SSHConfigRequest is the request body used to get the SSH configuration templates.
func (*SSHConfigRequest) Validate ¶
func (r *SSHConfigRequest) Validate() error
Validate checks the values of the SSHConfigurationRequest.
type SSHConfigResponse ¶
type SSHConfigResponse struct { UserTemplates []Template `json:"userTemplates,omitempty"` HostTemplates []Template `json:"hostTemplates,omitempty"` }
SSHConfigResponse is the response that returns the rendered templates.
type SSHGetHostsResponse ¶
SSHGetHostsResponse is the response object that returns the list of valid hosts for SSH.
type SSHPublicKey ¶
SSHPublicKey represents a public key in a response object.
func (*SSHPublicKey) MarshalJSON ¶
func (p *SSHPublicKey) MarshalJSON() ([]byte, error)
MarshalJSON implements the json.Marshaler interface. Returns a quoted, base64 encoded, openssh wire format version of the public key.
func (*SSHPublicKey) UnmarshalJSON ¶
func (p *SSHPublicKey) UnmarshalJSON(data []byte) error
UnmarshalJSON implements the json.Unmarshaler interface. The public key is expected to be a quoted, base64 encoded, openssh wire formatted block of bytes.
type SSHRekeyRequest ¶
type SSHRekeyRequest struct { OTT string `json:"ott"` PublicKey []byte `json:"publicKey"` //base64 encoded }
SSHRekeyRequest is the request body of an SSH certificate request.
func (*SSHRekeyRequest) Validate ¶
func (s *SSHRekeyRequest) Validate() error
Validate validates the SSHSignRekey.
type SSHRekeyResponse ¶
type SSHRekeyResponse struct { Certificate SSHCertificate `json:"crt"` IdentityCertificate []Certificate `json:"identityCrt,omitempty"` }
SSHRekeyResponse is the response object that returns the SSH certificate.
type SSHRenewRequest ¶
type SSHRenewRequest struct {
OTT string `json:"ott"`
}
SSHRenewRequest is the request body of an SSH certificate request.
func (*SSHRenewRequest) Validate ¶
func (s *SSHRenewRequest) Validate() error
Validate validates the SSHSignRequest.
type SSHRenewResponse ¶
type SSHRenewResponse struct { Certificate SSHCertificate `json:"crt"` IdentityCertificate []Certificate `json:"identityCrt,omitempty"` }
SSHRenewResponse is the response object that returns the SSH certificate.
type SSHRevokeRequest ¶
type SSHRevokeRequest struct { Serial string `json:"serial"` OTT string `json:"ott"` ReasonCode int `json:"reasonCode"` Reason string `json:"reason"` Passive bool `json:"passive"` }
SSHRevokeRequest is the request body for a revocation request.
func (*SSHRevokeRequest) Validate ¶
func (r *SSHRevokeRequest) Validate() (err error)
Validate checks the fields of the RevokeRequest and returns nil if they are ok or an error if something is wrong.
type SSHRevokeResponse ¶
type SSHRevokeResponse struct {
Status string `json:"status"`
}
SSHRevokeResponse is the response object that returns the health of the server.
type SSHRootsResponse ¶
type SSHRootsResponse struct { UserKeys []SSHPublicKey `json:"userKey,omitempty"` HostKeys []SSHPublicKey `json:"hostKey,omitempty"` }
SSHRootsResponse represents the response object that returns the SSH user and host keys.
type SSHSignRequest ¶
type SSHSignRequest struct { PublicKey []byte `json:"publicKey"` // base64 encoded OTT string `json:"ott"` CertType string `json:"certType,omitempty"` Principals []string `json:"principals,omitempty"` ValidAfter TimeDuration `json:"validAfter,omitempty"` ValidBefore TimeDuration `json:"validBefore,omitempty"` AddUserPublicKey []byte `json:"addUserPublicKey,omitempty"` KeyID string `json:"keyID"` IdentityCSR CertificateRequest `json:"identityCSR,omitempty"` }
SSHSignRequest is the request body of an SSH certificate request.
func (*SSHSignRequest) Validate ¶
func (s *SSHSignRequest) Validate() error
Validate validates the SSHSignRequest.
type SSHSignResponse ¶
type SSHSignResponse struct { Certificate SSHCertificate `json:"crt"` AddUserCertificate *SSHCertificate `json:"addUserCrt,omitempty"` IdentityCertificate []Certificate `json:"identityCrt,omitempty"` }
SSHSignResponse is the response object that returns the SSH certificate.
type SignRequest ¶
type SignRequest struct { CsrPEM CertificateRequest `json:"csr"` OTT string `json:"ott"` NotAfter TimeDuration `json:"notAfter"` NotBefore TimeDuration `json:"notBefore"` TemplateData json.RawMessage `json:"templateData"` }
SignRequest is the request body for a certificate signature request.
func (*SignRequest) Validate ¶
func (s *SignRequest) Validate() error
Validate checks the fields of the SignRequest and returns nil if they are ok or an error if something is wrong.
type SignResponse ¶
type SignResponse struct { ServerPEM Certificate `json:"crt"` CaPEM Certificate `json:"ca"` CertChainPEM []Certificate `json:"certChain"` TLSOptions *tlsutil.TLSOptions `json:"tlsOptions,omitempty"` TLS *tls.ConnectionState `json:"-"` }
SignResponse is the response object of the certificate signature request.
type TimeDuration ¶
type TimeDuration = provisioner.TimeDuration
TimeDuration is an alias of provisioner.TimeDuration
func NewTimeDuration ¶
func NewTimeDuration(t time.Time) TimeDuration
NewTimeDuration returns a TimeDuration with the defined time.
func ParseTimeDuration ¶
func ParseTimeDuration(s string) (TimeDuration, error)
ParseTimeDuration returns a new TimeDuration parsing the RFC 3339 time or time.Duration string.
type VersionResponse ¶
type VersionResponse struct { Version string `json:"version"` RequireClientAuthentication bool `json:"requireClientAuthentication,omitempty"` }
VersionResponse is the response object that returns the version of the server.