scepserver

package
v2.2.2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jun 20, 2024 License: MIT Imports: 22 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func DecodeSCEPResponse 

func DecodeSCEPResponse(ctx context.Context, r *http.Response) (interface{}, error)

DecodeSCEPResponse decodes a SCEP response

func EncodeSCEPRequest 

func EncodeSCEPRequest(ctx context.Context, r *http.Request, request interface{}) error

EncodeSCEPRequest encodes a SCEP HTTP Request. Used by the client.

func EndpointLoggingMiddleware 

func EndpointLoggingMiddleware(logger log.Logger) endpoint.Middleware

EndpointLoggingMiddleware returns an endpoint middleware that logs the duration of each invocation, and the resulting error, if any.

func MakeHTTPHandler 

func MakeHTTPHandler(e *Endpoints, svc Service, logger kitlog.Logger) http.Handler

func MakeSCEPEndpoint 

func MakeSCEPEndpoint(svc Service) endpoint.Endpoint

Types

type CSRSigner 

type CSRSigner interface {
	SignCSR(*scep.CSRReqMessage) (*x509.Certificate, error)
}

CSRSigner is a handler for CSR signing by the CA/RA

SignCSR should take the CSR in the CSRReqMessage and return a Certificate signed by the CA.

type CSRSignerContext 

type CSRSignerContext interface {
	SignCSRContext(context.Context, *scep.CSRReqMessage) (*x509.Certificate, error)
}

CSRSignerContext is a handler for signing CSRs by a CA/RA.

SignCSRContext should take the CSR in the CSRReqMessage and return a Certificate signed by the CA.

type CSRSignerContextFunc 

type CSRSignerContextFunc func(context.Context, *scep.CSRReqMessage) (*x509.Certificate, error)

CSRSignerContextFunc is an adapter for CSR signing by the CA/RA.

func NopCSRSigner 

func NopCSRSigner() CSRSignerContextFunc

NopCSRSigner does nothing.

func SignCSRAdapter 

func SignCSRAdapter(next CSRSigner) CSRSignerContextFunc

SignCSRAdapter adapts a next (i.e. no context) to a context signer.

func StaticChallengeMiddleware 

func StaticChallengeMiddleware(challenge string, next CSRSignerContext) CSRSignerContextFunc

StaticChallengeMiddleware wraps next and validates the challenge from the CSR.

func (CSRSignerContextFunc) SignCSRContext 

func (f CSRSignerContextFunc) SignCSRContext(ctx context.Context, m *scep.CSRReqMessage) (*x509.Certificate, error)

SignCSR calls f(ctx, m).

type CSRSignerFunc 

type CSRSignerFunc func(*scep.CSRReqMessage) (*x509.Certificate, error)

CSRSignerFunc is an adapter for CSR signing by the CA/RA.

func (CSRSignerFunc) SignCSR 

func (f CSRSignerFunc) SignCSR(m *scep.CSRReqMessage) (*x509.Certificate, error)

SignCSR calls f(m).

type Endpoints 

type Endpoints struct {
	GetEndpoint  endpoint.Endpoint
	PostEndpoint endpoint.Endpoint
	// contains filtered or unexported fields
}

func MakeClientEndpoints 

func MakeClientEndpoints(instance string) (*Endpoints, error)

MakeClientEndpoints returns an Endpoints struct where each endpoint invokes the corresponding method on the remote instance, via a transport/http.Client. Useful in a SCEP client.

func MakeServerEndpoints 

func MakeServerEndpoints(svc Service) *Endpoints

func (*Endpoints) GetCACaps 

func (e *Endpoints) GetCACaps(ctx context.Context) ([]byte, error)

func (*Endpoints) GetCACert 

func (e *Endpoints) GetCACert(ctx context.Context, message string) ([]byte, int, error)

func (*Endpoints) GetNextCACert 

func (e *Endpoints) GetNextCACert(ctx context.Context) ([]byte, error)

func (*Endpoints) PKIOperation 

func (e *Endpoints) PKIOperation(ctx context.Context, msg []byte) ([]byte, error)

func (*Endpoints) Supports 

func (e *Endpoints) Supports(cap string) bool

type SCEPRequest 

type SCEPRequest struct {
	Operation string
	Message   []byte
}

SCEPRequest is a SCEP server request.

type SCEPResponse 

type SCEPResponse struct {
	CACertNum int
	Data      []byte
	Err       error
	// contains filtered or unexported fields
}

SCEPResponse is a SCEP server response. Business errors will be encoded as a CertRep message with pkiStatus FAILURE and a failInfo attribute.

type Service 

type Service interface {
	// GetCACaps returns a list of options
	// which are supported by the server.
	GetCACaps(ctx context.Context) ([]byte, error)

	// GetCACert returns CA certificate or
	// a CA certificate chain with intermediates
	// in a PKCS#7 Degenerate Certificates format
	// message is an optional string for the CA
	GetCACert(ctx context.Context, message string) ([]byte, int, error)

	// PKIOperation handles incoming SCEP messages such as PKCSReq and
	// sends back a CertRep PKIMessag.
	PKIOperation(ctx context.Context, msg []byte) ([]byte, error)

	// GetNextCACert returns a replacement certificate or certificate chain
	// when the old one expires. The response format is a PKCS#7 Degenerate
	// Certificates type.
	GetNextCACert(ctx context.Context) ([]byte, error)
}

Service is the interface for all supported SCEP server operations.

func NewLoggingService 

func NewLoggingService(logger log.Logger, s Service) Service

NewLoggingService creates adds logging to the SCEP service

func NewService 

func NewService(crt *x509.Certificate, key *rsa.PrivateKey, signer CSRSignerContext, opts ...ServiceOption) (Service, error)

NewService creates a new scep service

type ServiceOption 

type ServiceOption func(*service) error

ServiceOption is a server configuration option

func WithAddlCA 

func WithAddlCA(ca *x509.Certificate) ServiceOption

WithAddlCA appends an additional certificate to the slice of CA certs

func WithLogger 

func WithLogger(logger log.Logger) ServiceOption

WithLogger configures a logger for the SCEP Service. By default, a no-op logger is used.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.