operations

package

v0.4.9 Latest Latest Go to latest Published: Jan 20, 2025 License: Apache-2.0 Imports: 17 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/3scale/aws-cvpn-pki-manager

Links

Open Source Insights

Documentation ¶

Index ¶

func GetCRL(r *GetCRLRequest) ([]byte, error)
func IssueClientCertificate(r *IssueCertificateRequest) (string, error)
func ListUsers(r *ListUsersRequest) (map[string][]Certificate, error)
func RevokeUser(r *RevokeUserRequest) error
func RotateCRL(r *RotateCRLRequest) error
func UpdateCRL(r *UpdateCRLRequest) ([]byte, error)
type Certificate
type GetCRLRequest
type IssueCertificateRequest
type ListUsersRequest
type RevokeUserRequest
type RotateCRLRequest
type UpdateCRLRequest

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func GetCRL ¶

func GetCRL(r *GetCRLRequest) ([]byte, error)

GetCRL return the Client Revocation List PEM as a []byte

func IssueClientCertificate ¶

func IssueClientCertificate(r *IssueCertificateRequest) (string, error)

IssueClientCertificate generates a new certificate for a given users, causing the revocation of other certificates emitted for that same user

func ListUsers ¶

func ListUsers(r *ListUsersRequest) (map[string][]Certificate, error)

ListUsers retrieves the list of all Client VPN users and certificates

func RevokeUser ¶

func RevokeUser(r *RevokeUserRequest) error

RevokeUser revokes all the issued certificates for a given user

func RotateCRL ¶

func RotateCRL(r *RotateCRLRequest) error

func UpdateCRL ¶

func UpdateCRL(r *UpdateCRLRequest) ([]byte, error)

UpdateCRL maintains the CRL to keep just one active certificte per VPN user. This will always be the one emitted at a later date. Users can also have all their certificates revoked.

Types ¶

type Certificate ¶

type Certificate struct {
	SerialNumber   string    `json:"serial"`
	IssuerCN       string    `json:"issuer-cn"`
	SubjectCN      string    `json:"subject-cn"`
	NotBefore      time.Time `json:"notBefore"`
	NotAfter       time.Time `json:"notAfter"`
	Revoked        bool      `json:"revoked"`
	CertificatePEM string    `json:"certificate-pem"`
}

Certificate represents a certificate stored in the vault cvpn-pki secret engine

type GetCRLRequest ¶

type GetCRLRequest struct {
	Client       *api.Client
	VaultPKIPath string
}

GetCRLRequest is the structure containing the required data to issue a new certificate

type IssueCertificateRequest ¶

type IssueCertificateRequest struct {
	Client              *api.Client
	VaultPKIPaths       []string
	Username            string
	VaultPKIRole        string
	ClientVPNEndpointID string
	VaultKVPath         string
	CfgTplPath          string
	Temporary           bool
}

IssueCertificateRequest is the structure containing the required data to issue a new certificate

type ListUsersRequest ¶

type ListUsersRequest struct {
	Client              *api.Client
	VaultPKIPath        string
	ClientVPNEndpointID string
}

ListUsersRequest is the structure containing the required data to issue a new certificate

type RevokeUserRequest ¶

type RevokeUserRequest struct {
	Client              *api.Client
	VaultPKIPath        string
	Username            string
	ClientVPNEndpointID string
}

RevokeUserRequest is the structure containing the required data to issue a new certificate

type RotateCRLRequest ¶

type RotateCRLRequest struct {
	Client              *api.Client
	VaultPKIPath        string
	ClientVPNEndpointID string
}

RotateCRLRequest is the structure containing the required data to rotate the Client Revocation List

type UpdateCRLRequest ¶

type UpdateCRLRequest struct {
	Client              *api.Client
	VaultPKIPath        string
	ClientVPNEndpointID string
}

UpdateCRLRequest is the structure containing the required data to issue a new certificate

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL