Documentation
¶
Index ¶
- Constants
- Variables
- func ConvertBase64P7BtoCertificates(base64P7B string) ([]*x509.Certificate, error)
- func ConvertBase64P7BtoPEM(base64P7B string) ([]string, error)
- type AddCertificateToStore
- type Agent
- type Agent9x
- type AuthConfig
- type CA
- type CRLDistributionPoints
- type CertStoreContainer
- type CertStoreInventory
- type CertStoreInventoryV1
- type CertStoreTypeResponse
- type CertStoreTypeResponseList
- type CertificateInformation
- type CertificateInformationV2
- type CertificateLocations
- type CertificateStore
- type CertificateStoreType
- type CertificateStoreTypeGeneric
- type CertificateSubject
- type Client
- func (c *Client) AddCertificateToStores(config *AddCertificateToStore) ([]string, error)
- func (c *Client) ApproveAgent(id string) (string, error)
- func (c *Client) CreateSecurityIdentity(csia *CreateSecurityIdentityArg) (*CreateSecurityIdentityResponse, error)
- func (c *Client) CreateSecurityRole(input *CreateSecurityRoleArg) (*CreateSecurityRoleResponse, error)
- func (c *Client) CreateStore(ca *CreateStoreFctArgs) (*CreateStoreResponse, error)
- func (c *Client) CreateStoreType(ca *CertificateStoreType) (*CertificateStoreType, error)
- func (c *Client) DeleteCertificateStore(storeId string) error
- func (c *Client) DeleteCertificateStoreType(id int) (*DeleteStoreType, error)
- func (c *Client) DeleteSecurityIdentity(id int) error
- func (c *Client) DeleteSecurityRole(id int) error
- func (c *Client) DeployPFXCertificate(args *DeployPFXArgs) (*DeployPFXResp, error)
- func (c *Client) DisApproveAgent(id string) (string, error)
- func (c *Client) DownloadCertificate(certId int, thumbprint string, serialNumber string, issuerDn string) (*x509.Certificate, []*x509.Certificate, error)
- func (c *Client) EnrollCSR(ea *EnrollCSRFctArgs) (*EnrollResponse, error)
- func (c *Client) EnrollPFX(ea *EnrollPFXFctArgs) (*EnrollResponse, error)
- func (c *Client) EnrollPFXV2(ea *EnrollPFXFctArgsV2) (*EnrollResponseV2, error)
- func (c *Client) FetchAgentLogs(id string) (string, error)
- func (c *Client) GetAgent(id string) ([]Agent, error)
- func (c *Client) GetAgentList() ([]Agent, error)
- func (c *Client) GetAllMetadataFields() ([]MetadataField, error)
- func (c *Client) GetCAList() ([]CA, error)
- func (c *Client) GetCertStoreInventory(storeId string) (*[]CertStoreInventory, error)
- func (c *Client) GetCertificateContext(gca *GetCertificateContextArgs) (*GetCertificateResponse, error)
- func (c *Client) GetCertificateStoreByClientAndStorePath(clientMachine string, storePath, containerID interface{}) (*[]GetCertificateStoreResponse, error)
- func (c *Client) GetCertificateStoreByContainerID(containerID interface{}) (*[]GetCertificateStoreResponse, error)
- func (c *Client) GetCertificateStoreByID(storeId string) (*GetCertificateStoreResponse, error)
- func (c *Client) GetCertificateStoreType(id interface{}) (*CertificateStoreType, error)
- func (c *Client) GetCertificateStoreTypeById(id int) (*CertificateStoreType, error)
- func (c *Client) GetCertificateStoreTypeByName(name string) (*CertificateStoreType, error)
- func (c *Client) GetSecurityIdentities() ([]GetSecurityIdentityResponse, error)
- func (c *Client) GetSecurityRole(id interface{}) (*GetSecurityRoleResponse, error)
- func (c *Client) GetSecurityRoles() ([]GetSecurityRolesResponse, error)
- func (c *Client) GetStoreContainer(id interface{}) (*CertStoreContainer, error)
- func (c *Client) GetStoreContainers() (*[]CertStoreContainer, error)
- func (c *Client) GetTemplate(Id interface{}) (*GetTemplateResponse, error)
- func (c *Client) GetTemplates() ([]GetTemplateResponse, error)
- func (c *Client) ListCertificateStoreTypes() (*[]CertificateStoreType, error)
- func (c *Client) ListCertificateStores(params *map[string]interface{}) (*[]GetCertificateStoreResponse, error)
- func (c *Client) ListCertificates(q map[string]string) ([]GetCertificateResponse, error)
- func (c *Client) ListDeniedCertificates(q map[string]string) ([]WorkflowCertificate, error)
- func (c *Client) ListExternalValidationPendingCertificates(q map[string]string) ([]WorkflowCertificate, error)
- func (c *Client) ListPendingCertificates(q map[string]string) ([]WorkflowCertificate, error)
- func (c *Client) ListWorkflowCert(endpoint string) ([]WorkflowCertificate, error)
- func (c *Client) RecoverCertificate(certId int, thumbprint string, serialNumber string, issuerDn string, ...) (interface{}, *x509.Certificate, []*x509.Certificate, error)
- func (c *Client) RemoveCertificateFromStores(config *RemoveCertificateFromStore) ([]string, error)
- func (c *Client) ResetAgent(id string) (string, error)
- func (c *Client) RevokeCert(rvargs *RevokeCertArgs) error
- func (c *Client) UpdateMetadata(um *UpdateMetadataArgs) error
- func (c *Client) UpdateSecurityRole(input *UpdateSecurityRoleArg) (*UpdateSecurityRoleResponse, error)
- func (c *Client) UpdateStore(ua *UpdateStoreFctArgs) (*UpdateStoreResponse, error)
- func (c *Client) UpdateStoreType(ca *CertificateStoreType) (*CertificateStoreType, error)
- func (c *Client) UpdateTemplate(uta *UpdateTemplateArg) (*UpdateTemplateResponse, error)
- type CreateSecurityIdentityArg
- type CreateSecurityIdentityResponse
- type CreateSecurityRoleArg
- type CreateSecurityRoleResponse
- type CreateStoreFctArgs
- type CreateStoreResponse
- type DeleteStoreType
- type DeployPFXArgs
- type DeployPFXResp
- type DetailedKeyUsage
- type EnrollCSRFctArgs
- type EnrollPFXFctArgs
- type EnrollPFXFctArgsV2
- type EnrollResponse
- type EnrollResponseV2
- type EntryParameter
- type EntryParameterGeneric
- type EntryPassword
- type GetCertStoreInventoryResp
- type GetCertificateContextArgs
- type GetCertificateResponse
- type GetCertificateStoreResponse
- type GetSecurityIdentityResponse
- type GetSecurityRoleResponse
- type GetSecurityRolesResponse
- type GetTemplateResponse
- type InventoriedCertificate
- type InventoryDaily
- type InventoryInterval
- type InventoryOnce
- type InventorySchedule
- type ListCertificateResponse
- type ListCertificateStoresResponse
- type LocationsCount
- type MetadataField
- type PropertyDefinition
- type ProviderParams
- type ProviderType
- type ProviderTypeParams
- type ReEnrollmnentConfig
- type RemoveCertificateFromStore
- type RevokeCertArgs
- type SANs
- type SSLLocations
- type SecretParamValue
- type SecurityIdentity
- type SecurityRoleIdentityConfig
- type SecurityRoleInformation
- type SecurityRolePermission
- type SpecialPropertiesSecretValue
- type SpecialPropertiesValue
- type StorePasswordConfig
- type StoreTypePasswordOptions
- type StoreTypePropertyDefinition
- type StoreTypePropertyDefinitionGeneric
- type StoreTypeSupportedOperations
- type StoreTypes
- type StringTuple
- type SubjectAltNameElements
- type TemplateEnrollmentFields
- type TemplateMetadataFields
- type TemplateRegex
- type TerraformLogger
- type UpdateMetadataArgs
- type UpdateSecurityRoleArg
- type UpdateSecurityRoleResponse
- type UpdateStoreFctArgs
- type UpdateStoreResponse
- type UpdateTemplateArg
- type UpdateTemplateResponse
- type WorkflowActionResponse
- type WorkflowCertificate
- type WorkflowDenyCertificateRequest
Constants ¶
View Source
const ( MAX_ITERATIONS = 100000 MAX_WAIT_SECONDS = 30 MAX_CONTEXT_DEADLINE_RETRIES = 5 )
Variables ¶
View Source
var ( // DefaultAPIPath is the default API path for Keyfactor Command. DefaultAPIPath = auth_providers.DefaultCommandAPIPath // EnvCommandHostname is the environment variable for the Keyfactor Command hostname. EnvCommandHostname = auth_providers.EnvKeyfactorHostName // EnvCommandAPI is the environment variable for the Keyfactor Command API path. EnvCommandAPI = auth_providers.EnvKeyfactorAPIPath // EnvCommandTimeout is the environment variable for the Keyfactor Command timeout. EnvCommandTimeout = auth_providers.EnvKeyfactorClientTimeout // EnvCommandUsername is the environment variable for the Keyfactor Command username. EnvCommandUsername = auth_providers.EnvKeyfactorUsername // EnvCommandPassword is the environment variable for the Keyfactor Command password. EnvCommandPassword = auth_providers.EnvKeyfactorPassword // EnvCommandDomain is the environment variable for the Keyfactor Command domain. EnvCommandDomain = auth_providers.EnvKeyfactorDomain // EnvCommandClientId is the environment variable for the Keyfactor Command client ID. EnvCommandClientId = auth_providers.EnvKeyfactorClientID // EnvCommandClientSecret is the environment variable for the Keyfactor Command client secret. EnvCommandClientSecret = auth_providers.EnvKeyfactorClientSecret // EnvCommandOAuthTokenUrl is the environment variable for the Keyfactor Command OAuth token URL. EnvCommandOAuthTokenUrl = auth_providers.EnvKeyfactorAuthTokenURL )
Functions ¶
func ConvertBase64P7BtoCertificates ¶
func ConvertBase64P7BtoCertificates(base64P7B string) ([]*x509.Certificate, error)
ConvertBase64P7BtoCertificates takes a base64 encoded P7B certificate string and returns a slice of *x509.Certificate.
func ConvertBase64P7BtoPEM ¶
ConvertBase64P7BtoPEM takes a base64 encoded P7B certificate string and converts it to PEM format.
Types ¶
type AddCertificateToStore ¶
type AddCertificateToStore struct {
// An integer containing the Keyfactor Command reference ID of the certificate to be added to the certificate store(s).
CertificateId int `json:"CertificateId"`
// An array of certificate store GUIDs to identify the certificate stores to which the certificate should be added
// and provide appropriate reference information for the certificate in the store.
CertificateStores *[]CertificateStore `json:"CertificateStores,omitempty"`
// The inventory schedule for the add job
InventorySchedule *InventorySchedule `json:"Schedule,omitempty"`
// An integer containing the Keyfactor Command reference ID of the certificate to be added to the certificate store(s).
CollectionId int `json:"CollectionId,omitempty"`
}
AddCertificateToStore contains configuration content required to add a certificate to one or multiple certificate stores located inside Keyfactor Command.
type Agent ¶
type Agent struct {
AgentId string `json:"AgentId"`
ClientMachine string `json:"ClientMachine"`
Username string `json:"Username"`
AgentPlatform int `json:"AgentPlatform"`
Status int `json:"Status"`
Version string `json:"Version"`
LastSeen string `json:"LastSeen"`
Capabilities []string `json:"Capabilities"`
Blueprint string `json:"Blueprint"`
Thumbprint string `json:"Thumbprint"`
LegacyThumbprint string `json:"LegacyThumbprint"`
AuthCertificateReenrollment string `json:"AuthCertificateReenrollment"`
LastThumbprintUsed string `json:"LastThumbprintUsed"`
LastErrorCode int `json:"LastErrorCode"`
LastErrorMessage string `json:"LastErrorMessage"`
}
type Agent9x ¶
type Agent9x struct {
AgentId string `json:"AgentId"`
AgentPoolId string `json:"AgentPoolId"`
ClientMachine string `json:"ClientMachine"`
Username string `json:"Username"`
AgentPlatform int `json:"AgentPlatform"`
Status int `json:"Status"`
EnableDiscover bool `json:"EnableDiscover"`
EnableMonitor bool `json:"EnableMonitor"`
Version string `json:"Version"`
LastSeen string `json:"LastSeen"`
Thumbprint string `json:"Thumbprint"`
LegacyThumbprint string `json:"LegacyThumbprint"`
}
type AuthConfig ¶
type AuthConfig interface {
Authenticate() error
GetHttpClient() (*http.Client, error)
GetServerConfig() *auth_providers.Server
}
Define an interface that both CommandConfigOauth and CommandAuthConfigBasic implement
type CA ¶
type CA struct {
Id int `json:"Id"`
LogicalName string `json:"LogicalName"`
HostName string `json:"HostName"`
Delegate bool `json:"Delegate"`
ForestRoot string `json:"ForestRoot"`
Remote bool `json:"Remote"`
Agent string `json:"Agent"`
Standalone bool `json:"Standalone"`
MonitorThresholds bool `json:"MonitorThresholds"`
IssuanceMax int `json:"IssuanceMax"`
IssuanceMin int `json:"IssuanceMin"`
DenialMax int `json:"DenialMax"`
FailureMax int `json:"FailureMax"`
RFCEnforcement bool `json:"RFCEnforcement"`
Properties string `json:"Properties"`
AllowedEnrollmentTypes int `json:"AllowedEnrollmentTypes"`
KeyRetention int `json:"KeyRetention"`
KeyRetentionDays int `json:"KeyRetentionDays"`
ExplicitCredentials bool `json:"ExplicitCredentials"`
SubscriberTerms bool `json:"SubscriberTerms"`
ExplicitUser string `json:"ExplicitUser"`
ExplicitPassword struct {
SecretValue string `json:"SecretValue"`
Parameters struct {
} `json:"Parameters"`
Provider int `json:"Provider"`
} `json:"ExplicitPassword"`
UseAllowedRequesters bool `json:"UseAllowedRequesters"`
AllowedRequesters []string `json:"AllowedRequesters"`
}
type CRLDistributionPoints ¶
type CRLDistributionPoints struct {
Id int `json:"Id"`
URL string `json:"URL"`
URLHash string `json:"URLHash"`
}
CRLDistributionPoints contains details on the CRL distribution and is returned inside GetCertificateResponse with the GetCertificateContext method.
type CertStoreContainer ¶
type CertStoreContainer struct {
Id *int `json:"Id,omitempty"`
Name string `json:"Name"`
OverwriteSchedules bool `json:"OverwriteSchedules"`
Schedule string `json:"Schedule"`
CertStoreType int `json:"CertStoreType"`
}
CertStoreContainer holds the function arguments used for calling the GetStoreContainers method.
type CertStoreInventory ¶
type CertStoreInventory struct {
Name string `json:"Name,omitempty"` // This is the cert `alias` in the store
Certificates []InventoriedCertificate `json:"Certificates,omitempty"`
Thumbprints []string `json:"-"`
Serials []string `json:"-"`
Ids []int `json:"-"`
}
type CertStoreInventoryV1 ¶
type CertStoreInventoryV1 struct {
CertStoreInventoryItemId int `json:"CertStoreInventoryItemId"`
Name string `json:"Name,omitempty"`
Certificates []InventoriedCertificate `json:"Certificates,omitempty"`
Thumbprints map[string]bool `json:"-"`
Serials map[string]bool `json:"-"`
Ids map[int]bool `json:"-"`
Properties map[string]interface{} `json:"-"`
Parameters map[string]interface{} `json:"-"`
}
type CertStoreTypeResponse ¶
type CertStoreTypeResponse struct {
Name string `json:"Name"`
ShortName string `json:"ShortName"`
Capability string `json:"Capability"`
StoreType int `json:"StoreType"`
ImportType int `json:"ImportType"`
LocalStore bool `json:"LocalStore"`
SupportedOperations struct {
Add bool `json:"Add"`
Create bool `json:"Create"`
Discovery bool `json:"Discovery"`
Enrollment bool `json:"Enrollment"`
Remove bool `json:"Remove"`
} `json:"SupportedOperations"`
Properties []PropertyDefinition `json:"Properties"`
PasswordOptions struct {
EntrySupported bool `json:"EntrySupported"`
StoreRequired bool `json:"StoreRequired"`
Style string `json:"Style"`
} `json:"PasswordOptions"`
StorePathValue []string `json:"store_path_value"`
PrivateKeyAllowed string `json:"private_key_allowed"`
JobProperties []string `json:"job_properties"`
ServerRequired bool `json:"ServerRequired"`
PowerShell bool `json:"PowerShell"`
BlueprintAllowed bool `json:"BlueprintAllowed"`
CustomAliasAllowed string `json:"CustomAliasAllowed"`
ServerRegistration int `json:"ServerRegistration"`
InventoryEndpoint string `json:"InventoryEndpoint"`
InventoryJobType string `json:"InventoryJobType"`
ManagementJobType string `json:"ManagementJobType"`
DiscoveryJobType string `json:"DiscoveryJobType"`
EnrollmentJobType string `json:"EnrollmentJobType"`
}
CertStoreTypeResponse contains the response elements returned from the GetCertificateStoreType method.
type CertStoreTypeResponseList ¶
type CertStoreTypeResponseList []struct {
CertStoreTypeResponse
}
type CertificateInformation ¶
type CertificateInformation struct {
SerialNumber string `json:"SerialNumber"`
IssuerDN string `json:"IssuerDN"`
Thumbprint string `json:"Thumbprint"`
KeyfactorID int `json:"KeyfactorID"`
KeyfactorRequestID int `json:"KeyfactorRequestId"`
PKCS12Blob string `json:"PKCS12Blob"`
Certificates []string `json:"Certificates"`
RequestDisposition string `json:"RequestDisposition"`
DispositionMessage string `json:"DispositionMessage"`
EnrollmentContext interface{} `json:"EnrollmentContext"`
}
CertificateInformation contains response data from the Enroll methods.
type CertificateInformationV2 ¶
type CertificateInformationV2 struct {
SerialNumber string `json:"SerialNumber"`
IssuerDN string `json:"IssuerDN"`
Thumbprint string `json:"Thumbprint"`
KeyfactorId int `json:"KeyfactorId"`
Pkcs12Blob string `json:"Pkcs12Blob"`
Password interface{} `json:"Password"`
WorkflowInstanceId string `json:"WorkflowInstanceId"`
WorkflowReferenceId int `json:"WorkflowReferenceId"`
StoreIdsInvalidForRenewal []interface{} `json:"StoreIdsInvalidForRenewal"`
KeyfactorRequestId int `json:"KeyfactorRequestId"`
RequestDisposition string `json:"RequestDisposition"`
DispositionMessage string `json:"DispositionMessage"`
EnrollmentContext interface{} `json:"EnrollmentContext"`
}
type CertificateLocations ¶
type CertificateLocations struct {
StoreMachine string `json:"StoreMachine,omitempty"`
StorePath string `json:"StorePath,omitempty"`
StoreType int `json:"StoreType,omitempty"`
Alias string `json:"Alias,omitempty"`
ChainLevel int `json:"ChainLevel,omitempty"`
CertStoreId string `json:"CertStoreId,omitempty"`
}
CertificateLocations contains response and request data for the GetCertificateContext and DeployPFXCertificate methods
type CertificateStore ¶
type CertificateStore struct {
// A string containing the GUID for the certificate store to which the certificate should be added.
CertificateStoreId string `json:"CertificateStoreId,omitempty"`
// A string providing an alias to be used for the certificate upon entry into the certificate store. The function of the alias varies depending on the certificate store type.
Alias string `json:"Alias,omitempty"`
// A Boolean that sets whether a certificate in the store with the Alias provided should be overwritten with the certificate being added (true) or not (false). The default is false
Overwrite bool `json:"Overwrite,omitempty"`
// The password to set on the entry within the certificate store, if applicable. Only select certificate stores support entry passwords (e.g. Java keystores).
EntryPassword *EntryPassword `json:"EntryPassword"`
// Password used to secure certificate store, if it exists as a PKCS#12
PfxPassword string `json:"PfxPassword,omitempty"`
// A Boolean that sets whether to include the private key of the certificate in the certificate store if private keys are optional for the given certificate store (true) or not (false). The default is false.
IncludePrivateKey bool `json:"IncludePrivateKey,omitempty"`
// Entry Parameters map
JobParameters map[string]string `json:"JobFields,omitempty"`
}
CertificateStore contains configuration used by AddCertificateToStore and RemoveCertificateFromStore to configure the certificate stores that a certificate should be added to.
type CertificateStoreType ¶
type CertificateStoreType struct {
Name string `json:"Name"`
ShortName string `json:"ShortName"`
Capability string `json:"Capability,omitempty"`
StoreType int `json:"StoreType"`
ImportType int `json:"ImportType,omitempty"`
LocalStore bool `json:"LocalStore,omitempty"`
SupportedOperations *StoreTypeSupportedOperations `json:"SupportedOperations,omitempty"`
Properties *[]StoreTypePropertyDefinition `json:"Properties,omitempty"`
EntryParameters *[]EntryParameter `json:"EntryParameters,omitempty"`
PasswordOptions *StoreTypePasswordOptions `json:"PasswordOptions,omitempty"`
StorePathType string `json:"StorePathType,omitempty"`
StorePathValue string `json:"StorePathValue,omitempty"`
PrivateKeyAllowed string `json:"PrivateKeyAllowed,omitempty"`
JobProperties *[]string `json:"JobProperties,omitempty"`
ServerRequired bool `json:"ServerRequired,omitempty"`
PowerShell bool `json:"PowerShell,omitempty"`
BlueprintAllowed bool `json:"BlueprintAllowed,omitempty"`
CustomAliasAllowed string `json:"CustomAliasAllowed,omitempty"`
ServerRegistration int `json:"ServerRegistration,omitempty"`
InventoryEndpoint string `json:"InventoryEndpoint,omitempty"`
InventoryJobType string `json:"InventoryJobType,omitempty"`
ManagementJobType string `json:"ManagementJobType,omitempty"`
DiscoveryJobType string `json:"DiscoveryJobType,omitempty"`
EnrollmentJobType string `json:"EnrollmentJobType,omitempty"`
}
type CertificateStoreTypeGeneric ¶
type CertificateStoreTypeGeneric struct {
Name string `json:"Name"`
ShortName string `json:"ShortName"`
Capability string `json:"Capability"`
LocalStore bool `json:"LocalStore"`
SupportedOperations *StoreTypeSupportedOperations `json:"SupportedOperations"`
Properties *[]StoreTypePropertyDefinitionGeneric `json:"Properties"`
EntryParameters *[]EntryParameterGeneric `json:"EntryParameters"`
PasswordOptions *StoreTypePasswordOptions `json:"PasswordOptions"`
//StorePathType string `json:"StorePathType"` # This is not returned in the API and computed after POST
StorePathValue string `json:"StorePathValue"`
PrivateKeyAllowed string `json:"PrivateKeyAllowed"`
//JobProperties *[]string `json:"JobProperties"` # This is not returned in the API and computed after POST
ServerRequired bool `json:"ServerRequired"`
PowerShell bool `json:"PowerShell"`
BlueprintAllowed bool `json:"BlueprintAllowed"`
CustomAliasAllowed string `json:"CustomAliasAllowed"`
}
type CertificateSubject ¶
type CertificateSubject struct {
SubjectCommonName string
SubjectLocality string
SubjectOrganization string
SubjectCountry string
SubjectOrganizationalUnit string
SubjectState string
}
CertificateSubject contains string elements for X.509V3 certificate distinguished name (subject)
type Client ¶
type Client struct {
AuthClient AuthConfig
LoggerType string
}
func NewKeyfactorClient ¶
NewKeyfactorClient creates a new Keyfactor client instance. A configured Client is returned with methods used to interact with Keyfactor.
func (*Client) AddCertificateToStores ¶
func (c *Client) AddCertificateToStores(config *AddCertificateToStore) ([]string, error)
AddCertificateToStores takes argument for a AddCertificateToStore structure and is used to remove a configured certificate from one or more certificate stores.
func (*Client) CreateSecurityIdentity ¶
func (c *Client) CreateSecurityIdentity(csia *CreateSecurityIdentityArg) (*CreateSecurityIdentityResponse, error)
CreateSecurityIdentity hits the /Security/Identities endpoint with a POST request to create a new Keyfactor security and returns a CreateSecurityIdentityResponse struct. The function takes argument for a CreateSecurityIdentityArg struct
func (*Client) CreateSecurityRole ¶
func (c *Client) CreateSecurityRole(input *CreateSecurityRoleArg) (*CreateSecurityRoleResponse, error)
CreateSecurityRole creates a new Keyfacor security role. This function takes argument for a CreateSecurityRoleArg struct and returns a CreateSecurityRoleResponse struct.
func (*Client) CreateStore ¶
func (c *Client) CreateStore(ca *CreateStoreFctArgs) (*CreateStoreResponse, error)
CreateStore takes arguments for CreateStoreFctArgs to facilitate the creation of all store types supported by a customer Keyfactor Command instance. Note that various certificate store types require different property arguments, and careful attention should be taken to ensure that all required elements are included. Required arguments for this method are:
- ClientMachine : string
- StorePath : string
- Properties : []StringTuple *Note - Method converts this array of StringTuples to a JSON string if provided
- AgentId : string
func (*Client) CreateStoreType ¶
func (c *Client) CreateStoreType(ca *CertificateStoreType) (*CertificateStoreType, error)
CreateStoreType takes arguments for CreateStoreFctArgs to facilitate the creation of all store types supported by a customer Keyfactor Command instance. Note that various certificate store types require different property arguments, and careful attention should be taken to ensure that all required elements are included. Required arguments for this method are:
- ClientMachine : string
- StorePath : string
- Properties : []StringTuple *Note - Method converts this array of StringTuples to a JSON string if provided
- AgentId : string
func (*Client) DeleteCertificateStore ¶
DeleteCertificateStore takes arguments for a certificate store ID to facilitate a call to Keyfactor that deletes a certificate store. Only the store ID is required.
func (*Client) DeleteCertificateStoreType ¶
func (c *Client) DeleteCertificateStoreType(id int) (*DeleteStoreType, error)
func (*Client) DeleteSecurityIdentity ¶
DeleteSecurityIdentity takes arguments for a security identity ID, and makes an associated call to Keyfactor to delete the identity.
func (*Client) DeleteSecurityRole ¶
DeleteSecurityRole takes arguments for a security role ID, and makes an associated call to Keyfactor to delete the role.
func (*Client) DeployPFXCertificate ¶
func (c *Client) DeployPFXCertificate(args *DeployPFXArgs) (*DeployPFXResp, error)
DeployPFXCertificate takes pointers to DeployPFXArgs structs holding configuration data required for the deployment of a newly enrolled PFX certificate. It returns a pointer to a DeployPFXResp struct if successful, and an error message if not. Required fields to deploy a certificate to a store maintained by Keyfactor are:
- StoreIds : []string
- Password : string
- CertificateId : int
- RequestId : int
func (*Client) DownloadCertificate ¶
func (c *Client) DownloadCertificate( certId int, thumbprint string, serialNumber string, issuerDn string, ) (*x509.Certificate, []*x509.Certificate, error)
DownloadCertificate takes arguments for DownloadCertArgs to facilitate a call to Keyfactor that downloads a certificate from Keyfactor. The download certificate endpoint requires one of the following to retrieve a cert:
- CertID
- Thumbprint
- SerialNumber AND IssuerDN
Returns:
- Leaf certificate
- Certificate chain
func (*Client) EnrollCSR ¶
func (c *Client) EnrollCSR(ea *EnrollCSRFctArgs) (*EnrollResponse, error)
EnrollCSR takes arguments for EnrollCSRFctArgs to enroll a passed Certificate Signing Request with Keyfactor. An EnrollResponse containing a signed certificate is returned upon successful enrollment. Required fields to complete a CSR enrollment are:
- CSR : string
- Template : string
- CertificateAuthority : string
func (*Client) EnrollPFX ¶
func (c *Client) EnrollPFX(ea *EnrollPFXFctArgs) (*EnrollResponse, error)
EnrollPFX takes arguments for EnrollPFXFctArgs to facilitate a call to Keyfactor that enrolls a PFX certificate with the supplied arguments.
func (*Client) EnrollPFXV2 ¶
func (c *Client) EnrollPFXV2(ea *EnrollPFXFctArgsV2) (*EnrollResponseV2, error)
func (*Client) GetAgentList ¶
GetAgentList returns a list of orchestrators registered in the Keyfactor instance
func (*Client) GetAllMetadataFields ¶
func (c *Client) GetAllMetadataFields() ([]MetadataField, error)
func (*Client) GetCAList ¶
GetCAList returns a list of certificate authorities supported by the Keyfactor instance
func (*Client) GetCertStoreInventory ¶
func (c *Client) GetCertStoreInventory(storeId string) (*[]CertStoreInventory, error)
func (*Client) GetCertificateContext ¶
func (c *Client) GetCertificateContext(gca *GetCertificateContextArgs) (*GetCertificateResponse, error)
GetCertificateContext takes arguments for GetCertificateContextArgs used to facilitate the retrieval of certificate context. The primary query required to get certificate context is the certificate ID. Include metadata and include locations add additional data, but can be set to false if they are unneeded. A pointer to a GetCertificateResponse structure is returned, containing the certificate context.
func (*Client) GetCertificateStoreByClientAndStorePath ¶
func (c *Client) GetCertificateStoreByClientAndStorePath( clientMachine string, storePath, containerID interface{}, ) (*[]GetCertificateStoreResponse, error)
func (*Client) GetCertificateStoreByContainerID ¶
func (c *Client) GetCertificateStoreByContainerID(containerID interface{}) (*[]GetCertificateStoreResponse, error)
GetCertificateStoreByID takes arguments for a certificate store ID to facilitate a call to Keyfactor that retrieves a certificate store context. Only the store ID is required. A pointer to a GetStoreByIDResp struct is returned that contains information on the certificate store.
func (*Client) GetCertificateStoreByID ¶
func (c *Client) GetCertificateStoreByID(storeId string) (*GetCertificateStoreResponse, error)
GetCertificateStoreByID takes arguments for a certificate store ID to facilitate a call to Keyfactor that retrieves a certificate store context. Only the store ID is required. A pointer to a GetStoreByIDResp struct is returned that contains information on the certificate store.
func (*Client) GetCertificateStoreType ¶
func (c *Client) GetCertificateStoreType(id interface{}) (*CertificateStoreType, error)
GetCertificateStoreType takes arguments for a certificate store type ID or name and if found will return the certificate store type
func (*Client) GetCertificateStoreTypeById ¶
func (c *Client) GetCertificateStoreTypeById(id int) (*CertificateStoreType, error)
GetCertificateStoreTypeById takes arguments for a certificate store type ID to facilitate a call to Keyfactor that retrieves certificate store context associated with a store type ID
func (*Client) GetCertificateStoreTypeByName ¶
func (c *Client) GetCertificateStoreTypeByName(name string) (*CertificateStoreType, error)
GetCertificateStoreTypeByName takes arguments for a certificate store type ID to facilitate a call to Keyfactor that retrieves certificate store context associated with a store type ID
func (*Client) GetSecurityIdentities ¶
func (c *Client) GetSecurityIdentities() ([]GetSecurityIdentityResponse, error)
GetSecurityIdentities hits the /Security/Identities endpoint with a GET request and returns a list of GetSecurityIdentityResponse structs. The function takes no arguments.
func (*Client) GetSecurityRole ¶
func (c *Client) GetSecurityRole(id interface{}) (*GetSecurityRoleResponse, error)
func (*Client) GetSecurityRoles ¶
func (c *Client) GetSecurityRoles() ([]GetSecurityRolesResponse, error)
func (*Client) GetStoreContainer ¶
func (c *Client) GetStoreContainer(id interface{}) (*CertStoreContainer, error)
GetStoreContainer takes an ID and returns a single store container
func (*Client) GetStoreContainers ¶
func (c *Client) GetStoreContainers() (*[]CertStoreContainer, error)
GetStoreContainers returns a list of store containers
func (*Client) GetTemplate ¶
func (c *Client) GetTemplate(Id interface{}) (*GetTemplateResponse, error)
GetTemplate takes arguments for a template ID used to facilitate the retrieval of certificate template context. The primary query required to get certificate context is the template ID. A pointer to a GetTemplateResponse structure is returned, containing the template context.
func (*Client) GetTemplates ¶
func (c *Client) GetTemplates() ([]GetTemplateResponse, error)
GetTemplates asks Keyfactor for a complete list of known certificate templates. A list of GetTemplateResponse structures is returned, containing the template context.
func (*Client) ListCertificateStoreTypes ¶
func (c *Client) ListCertificateStoreTypes() (*[]CertificateStoreType, error)
ListCertificateStoreTypes takes no arguments and returns a list of certificate store types from Keyfactor.
func (*Client) ListCertificateStores ¶
func (c *Client) ListCertificateStores(params *map[string]interface{}) (*[]GetCertificateStoreResponse, error)
func (*Client) ListCertificates ¶
func (c *Client) ListCertificates(q map[string]string) ([]GetCertificateResponse, error)
func (*Client) ListDeniedCertificates ¶
func (c *Client) ListDeniedCertificates(q map[string]string) ([]WorkflowCertificate, error)
func (*Client) ListExternalValidationPendingCertificates ¶
func (c *Client) ListExternalValidationPendingCertificates(q map[string]string) ([]WorkflowCertificate, error)
func (*Client) ListPendingCertificates ¶
func (c *Client) ListPendingCertificates(q map[string]string) ([]WorkflowCertificate, error)
func (*Client) ListWorkflowCert ¶
func (c *Client) ListWorkflowCert(endpoint string) ([]WorkflowCertificate, error)
func (*Client) RecoverCertificate ¶
func (c *Client) RecoverCertificate( certId int, thumbprint string, serialNumber string, issuerDn string, password string, collectionId int, ) (interface{}, *x509.Certificate, []*x509.Certificate, error)
RecoverCertificate takes arguments for RecoverCertArgs to facilitate a call to Keyfactor that recovers a certificate and associated private key (if retained) in the specified format. The download certificate endpoint requires one of the following to retrieve a cert:
- CertID
- Thumbprint
- SerialNumber AND IssuerDN
Additionally, the certificate Password is required. Returns:
- Private key (*rsa.PrivateKey or *ecdsa.PrivateKey)
- Leaf certificate (*x509.Certificate)
- Certificate chain ([]*x509.Certificate)
func (*Client) RemoveCertificateFromStores ¶
func (c *Client) RemoveCertificateFromStores(config *RemoveCertificateFromStore) ([]string, error)
RemoveCertificateFromStores takes argument for a RemoveCertificateFromStore structure, and is used to remove a certificate from one or more certificate stores.
func (*Client) RevokeCert ¶
func (c *Client) RevokeCert(rvargs *RevokeCertArgs) error
RevokeCert takes arguments for RevokeCertArgs to facilitate the revocation of all specified certificate IDs. It returns nil upon successful revocation, and an error if not. Required fields to revoke a list of certificates in Keyfactor are:
- CertificateIds : []int
- Comment : string
func (*Client) UpdateMetadata ¶
func (c *Client) UpdateMetadata(um *UpdateMetadataArgs) error
UpdateMetadata takes arguments for UpdateMetadataArgs to facilitate the updating of metadata fields in Keyfactor. It returns nil upon successful revocation, and an error if not. Required fields to update certificate metadata are:
- CertID : int
- CertificateMetadata : []CertificateMetadata OR Metadata : map[string]string
UpdateMetadata sets the metadata associated with a certificate EXACTLY. IE; if CertificateMetadata or Metadata are blank, any metadata associated with a certificate will be erased.
func (*Client) UpdateSecurityRole ¶
func (c *Client) UpdateSecurityRole(input *UpdateSecurityRoleArg) (*UpdateSecurityRoleResponse, error)
UpdateSecurityRole updates the Keyfacor security role. This function takes argument for a CreateSecurityRoleArg struct and returns a CreateSecurityRoleResponse struct.
func (*Client) UpdateStore ¶
func (c *Client) UpdateStore(ua *UpdateStoreFctArgs) (*UpdateStoreResponse, error)
UpdateStore takes arguments for UpdateStoreFctArgs to facilitate the adjustment of a certificate store associated with a Keyfactor Command instance. Note that various certificate store types require different property arguments, and careful attention should be taken to ensure that all required elements are included. Required arguments for this method are:
- ClientMachine : string
- StorePath : string
- Properties : []StringTuple *Note - Method converts this slice of StringTuples to a JSON string if provided
- AgentId : string
func (*Client) UpdateStoreType ¶
func (c *Client) UpdateStoreType(ca *CertificateStoreType) (*CertificateStoreType, error)
func (*Client) UpdateTemplate ¶
func (c *Client) UpdateTemplate(uta *UpdateTemplateArg) (*UpdateTemplateResponse, error)
UpdateTemplate takes arguments for a UpdateTemplateArg structure used to facilitate the modification of a certificate template. Required parameters for this function are elements of UpdateTemplateArg that can't be set to nil. A pointer to a UpdateTemplateResponse structure is returned, containing the template context.
type CreateSecurityIdentityArg ¶
type CreateSecurityIdentityArg struct {
AccountName string `json:"AccountName,omitempty"`
}
CreateSecurityIdentityArg holds the request body required to create a new security identity
type CreateSecurityIdentityResponse ¶
type CreateSecurityIdentityResponse struct {
Id int `json:"Id,omitempty"`
AccountName string `json:"AccountName,omitempty"`
IdentityType string `json:"IdentityType,omitempty"`
Roles []SecurityRoleInformation `json:"Roles,omitempty"`
Valid bool `json:"Valid,omitempty"`
}
CreateSecurityIdentityResponse is returned by the POST call to /Security/Identities
type CreateSecurityRoleArg ¶
type CreateSecurityRoleArg struct {
Name string `json:"Name,omitempty"`
Description string `json:"Description,omitempty"`
Enabled *bool `json:"Enabled,omitempty"`
Private *bool `json:"Private,omitempty"`
Permissions *[]string `json:"Permissions,omitempty"` // List of permissions in ["key:value"] format
Identities *[]SecurityRoleIdentityConfig `json:"Identities,omitempty"`
}
CreateSecurityRoleArg holds the function arguments required for CreateSecurityRole
type CreateSecurityRoleResponse ¶
type CreateSecurityRoleResponse struct {
Id int `json:"Id,omitempty"`
Name string `json:"Name,omitempty"`
Description string `json:"Description,omitempty"`
Enabled *bool `json:"Enabled,omitempty"`
Immutable bool `json:"Immutable,omitempty"`
Private *bool `json:"Private,omitempty"`
Permissions *[]string `json:"Permissions,omitempty"` // List of permissions in ["key:value"] format
Identities *[]SecurityRoleIdentityConfig `json:"Identities,omitempty"`
}
CreateSecurityRoleResponse holds response elements returned by
type CreateStoreFctArgs ¶
type CreateStoreFctArgs struct {
ContainerId *int `json:"ContainerId,omitempty"`
ClientMachine string `json:"ClientMachine"`
StorePath string `json:"StorePath"`
CertStoreInventoryJobId *string `json:"CertStoreInventoryJobId,omitempty"`
CertStoreType int `json:"CertStoreType"`
Approved *bool `json:"Approved,omitempty"`
CreateIfMissing *bool `json:"CreateIfMissing,omitempty"`
// String JSON name-value pairs; this field is not recommended. Instead, please use Properties. This field is
// automatically populated by the CreateStore method. However, if configured, this field will be used.
PropertiesString string `json:"Properties,omitempty"`
// Mapped name-value pair field used to configure properties.
Properties map[string]interface{} `json:"-"`
AgentId string `json:"AgentId"`
AgentAssigned *bool `json:"AgentAssigned,omitempty"`
ContainerName *string `json:"ContainerName,omitempty"`
InventorySchedule *InventorySchedule `json:"InventorySchedule,omitempty"`
ReEnrollmentStatus *ReEnrollmnentConfig `json:"ReEnrollmentStatus,omitempty"`
SetNewPasswordAllowed *bool `json:"SetNewPasswordAllowed,omitempty"`
Password *StorePasswordConfig `json:"Password"`
}
CreateStoreFctArgs holds the function arguments used for calling the CreateStore method.
type CreateStoreResponse ¶
type CreateStoreResponse struct {
Id string `json:"Id"`
ContainerId int `json:"ContainerId"`
ClientMachine string `json:"ClientMachine"`
Storepath string `json:"Storepath"`
CertStoreInventoryJobId string `json:"CertStoreInventoryJobId"`
CertStoreType int `json:"CertStoreType"`
Approved bool `json:"Approved"`
CreateIfMissing bool `json:"CreateIfMissing"`
PropertiesString string `json:"Properties"`
Properties map[string]string `json:"-"`
AgentId string `json:"AgentId"`
AgentAssigned bool `json:"AgentAssigned"`
ContainerName string `json:"ContainerName"`
InventorySchedule InventorySchedule `json:"InventorySchedule"`
ReenrollmentStatus ReEnrollmnentConfig `json:"ReenrollmentStatus"`
SetNewPasswordAllowed bool `json:"SetNewPasswordAllowed"`
}
CreateStoreResponse contains the response elements returned from the CreateStore method.
type DeleteStoreType ¶
type DeleteStoreType struct {
ID int `json:"id"`
}
type DeployPFXArgs ¶
type DeployPFXArgs struct {
StoreIds []string `json:"StoreIds"`
Password string `json:"Password"`
StoreTypes []StoreTypes `json:"StoreTypes"`
CertificateId int `json:"CertificateId"`
RequestId int `json:"RequestId"`
JobTime *string `json:"JobTime,omitempty"`
}
DeployPFXArgs holds the function arguments used for calling the DeployPFXCertificate method.
type DeployPFXResp ¶
type DeployPFXResp struct {
SuccessfulStores []string `json:"SuccessfulStores"`
FailedStores []string `json:"FailedStores"`
}
DeployPFXResp holds response data from the DeployPFXCertificate method.
type DetailedKeyUsage ¶
type DetailedKeyUsage struct {
CrlSign bool `json:"CrlSign,omitempty"`
DataEncipherment bool `json:"DataEncipherment,omitempty"`
DecipherOnly bool `json:"DecipherOnly,omitempty"`
DigitalSignature bool `json:"DigitalSignature,omitempty"`
EncipherOnly bool `json:"EncipherOnly,omitempty"`
KeyAgreement bool `json:"KeyAgreement,omitempty"`
KeyCertSign bool `json:"KeyCertSign,omitempty"`
KeyEncipherment bool `json:"KeyEncipherment,omitempty"`
NonRepudiation bool `json:"NonRepudiation,omitempty"`
HexCode string `json:"HexCode,omitempty"`
}
DetailedKeyUsage contains key useage data returned by the GetCertificateContext method.
type EnrollCSRFctArgs ¶
type EnrollCSRFctArgs struct {
CSR string
Timestamp string `json:"Timestamp"`
Template string `json:"Template"`
CertFormat string `json:"-"`
CertificateAuthority string `json:"CertificateAuthority"`
IncludeChain bool `json:"IncludeChain"`
SANs *SANs `json:"SANs"`
Metadata map[string]interface{} `json:"Metadata"`
}
EnrollCSRFctArgs holds the function arguments used for calling the EnrollCSR method.
type EnrollPFXFctArgs ¶
type EnrollPFXFctArgs struct {
CustomFriendlyName string `json:"CustomFriendlyName,omitempty"`
Password string `json:"Password"`
PopulateMissingValuesFromAD bool `json:"PopulateMissingValuesFromAD"`
// Configure the SubjectString field as the full string subject for the certificate. For example, if you don't have
// subject fields individually separated, and the subject is already in the format required by RFC5280, use the SubjectString field.
SubjectString string `json:"Subject"`
// If the certificate subject is not already in the format required by RFC5280, configure the subject fields using a CertificateSubject
// struct, and EnrollPFX will automatically compile this information into a proper subject.
Subject *CertificateSubject `json:"-"`
IncludeChain bool `json:"IncludeChain"`
RenewalCertificateId int `json:"RenewalCertificateId,omitempty"`
CertificateAuthority string `json:"CertificateAuthority"`
Timestamp string `json:"Timestamp"`
Template string `json:"Template"`
SANs *SANs `json:"SANs,omitempty"`
Metadata map[string]interface{} `json:"Metadata,omitempty"`
CertFormat string `json:"-"`
}
EnrollPFXFctArgs holds the function arguments used for calling the EnrollPFX method.
type EnrollPFXFctArgsV2 ¶
type EnrollPFXFctArgsV2 struct {
Stores []CertificateStore `json:"Stores,omitempty"`
CustomFriendlyName string `json:"CustomFriendlyName,omitempty"`
Password string `json:"Password"`
PopulateMissingValuesFromAD bool `json:"PopulateMissingValuesFromAD"`
// Configure the SubjectString field as the full string subject for the certificate. For example, if you don't have
// subject fields individually separated, and the subject is already in the format required by RFC5280, use the SubjectString field.
SubjectString string `json:"Subject"`
// If the certificate subject is not already in the format required by RFC5280, configure the subject fields using a CertificateSubject
// struct, and EnrollPFX will automatically compile this information into a proper subject.
Subject *CertificateSubject `json:"-"`
IncludeChain bool `json:"IncludeChain"`
RenewalCertificateId int `json:"RenewalCertificateId,omitempty"`
CertificateAuthority string `json:"CertificateAuthority"`
Timestamp string `json:"Timestamp"`
Template string `json:"Template"`
SANs *SANs `json:"SANs,omitempty"`
Metadata map[string]interface{} `json:"Metadata,omitempty"`
CertFormat string `json:"-"`
InstallIntoExistingCertificateStores bool `json:"InstallIntoExistingCertificateStores,omitempty"`
ChainOrder string `json:"ChainOrder,omitempty"`
KeyType string `json:"KeyType,omitempty"`
KeyLength int `json:"KeyLength,omitempty"`
}
type EnrollResponse ¶
type EnrollResponse struct {
Certificates []string
CertificateInformation CertificateInformation `json:"CertificateInformation"`
}
EnrollResponse is the outer certificate enrollment response. When Enroll functions are called, the certificates are placed inside the Certificates element, and certificate information is placed inside CertificateInformation
type EnrollResponseV2 ¶
type EnrollResponseV2 struct {
SuccessfulStores []string `json:"SuccessfulStores"`
CertificateInformation CertificateInformation `json:"CertificateInformation"`
Metadata interface{} `json:"Metadata,omitempty"`
}
type EntryParameter ¶
type EntryParameter struct {
StoreTypeId int `json:"StoreTypeId"`
Name string `json:"Name"`
DisplayName string `json:"DisplayName"`
Type string `json:"Type"`
RequiredWhen struct {
HasPrivateKey bool `json:"HasPrivateKey"`
OnAdd bool `json:"OnAdd"`
OnRemove bool `json:"OnRemove"`
OnReenrollment bool `json:"OnReenrollment"`
}
DependsOn string `json:"DependsOn"`
DefaultValue string `json:"DefaultValue"`
Options string `json:"Options"`
}
type EntryParameterGeneric ¶
type EntryParameterGeneric struct {
Name string `json:"Name"`
DisplayName string `json:"DisplayName"`
Type string `json:"Type"`
RequiredWhen struct {
HasPrivateKey bool `json:"HasPrivateKey"`
OnAdd bool `json:"OnAdd"`
OnRemove bool `json:"OnRemove"`
OnReenrollment bool `json:"OnReenrollment"`
}
DependsOn string `json:"DependsOn"`
DefaultValue string `json:"DefaultValue"`
Options string `json:"Options"`
}
type EntryPassword ¶
type EntryPassword struct {
// A string containing the password. This value only needs to be supplied if you're storing your password in the Keyfactor Command database.
SecretValue string `json:"SecretValue,omitempty"`
// The parameters required by your PAM provider, containing the information that identifies the location of the password in the PAM solution.
Parameters struct{} `json:"Parameters,omitempty"`
// An integer that identifies the PAM provider used to store the password.
Provider int `json:"Provider,omitempty"`
}
type GetCertStoreInventoryResp ¶
type GetCertStoreInventoryResp struct {
Inventory []CertStoreInventory
}
type GetCertificateContextArgs ¶
type GetCertificateContextArgs struct {
IncludeMetadata *bool `json:"IncludeMetadata,omitempty"` // Query
IncludeLocations *bool `json:"IncludeLocations,omitempty"` // Query
CollectionId *int `json:"CollectionId,omitempty"` // Query
Thumbprint string `json:"Thumbprint,omitempty"` // Query
CommonName string `json:"CommonName,omitempty"` // Query
Id int `json:"Id"` // Query
IncludeHasPrivateKey *bool `json:"IncludeHasPrivateKey,omitempty"` // Query
RequestId int `json:"RequestId,omitempty"` // Query
}
GetCertificateContextArgs holds the function arguments used for calling the GetCertificateContext method.
type GetCertificateResponse ¶
type GetCertificateResponse struct {
Id int `json:"Id"`
Thumbprint string `json:"Thumbprint"`
SerialNumber string `json:"SerialNumber"`
IssuedDN string `json:"IssuedDN"`
IssuedCN string `json:"IssuedCN"`
ImportDate string `json:"ImportDate"`
NotBefore string `json:"NotBefore"`
NotAfter string `json:"NotAfter"`
IssuerDN string `json:"IssuerDN"`
PrincipalId string `json:"PrincipalId"`
TemplateId int `json:"TemplateId"`
CertState int `json:"CertState"`
KeySizeInBits int `json:"KeySizeInBits"`
KeyType int `json:"KeyType"`
RequesterId int `json:"RequesterId"`
IssuedOU string `json:"IssuedOU"`
KeyUsage int `json:"KeyUsage"`
SigningAlgorithm string `json:"SigningAlgorithm"`
CertStateString string `json:"CertStateString"`
KeyTypeString string `json:"KeyTypeString"`
RevocationEffDate string `json:"RevocationEffDate"`
RevocationReason int `json:"RevocationReason"`
RevocationComment string `json:"RevocationComment"`
CertificateAuthorityId int `json:"CertificateAuthorityId"`
CertificateAuthorityName string `json:"CertificateAuthorityName"`
TemplateName string `json:"TemplateName"`
ArchivedKey bool `json:"ArchivedKey"`
HasPrivateKey bool `json:"HasPrivateKey"`
PrincipalName string `json:"PrincipalName"`
CertRequestId int `json:"CertRequestId"`
RequesterName string `json:"RequesterName"`
ContentBytes string `json:"ContentBytes"`
ExtendedKeyUsages []interface{}
SubjectAltNameElements []SubjectAltNameElements `json:"SubjectAltNameElements"`
CRLDistributionPoints []CRLDistributionPoints `json:"CRLDistributionPoints"`
LocationsCount []LocationsCount `json:"LocationsCount"`
SSLLocations []SSLLocations `json:"SSLLocations"`
Locations []CertificateLocations `json:"Locations"`
Metadata interface{} `json:"Metadata"`
CertificateKeyId int `json:"CertificateKeyId"`
CARowIndex int `json:"CARowIndex"`
DetailedKeyUsage []DetailedKeyUsage `json:"detailed_key_usage"`
KeyRecoverable bool `json:"KeyRecoverable"`
}
GetCertificateResponse contains the response elements returned from the GetCertificateContext method.
type GetCertificateStoreResponse ¶
type GetCertificateStoreResponse struct {
Id string `json:"Id,omitempty"`
ContainerId int `json:"ContainerId,omitempty"`
ClientMachine string `json:"ClientMachine,omitempty"`
StorePath string `json:"Storepath,omitempty"`
CertStoreInventoryJobId string `json:"CertStoreInventoryJobId,omitempty"`
CertStoreType int `json:"CertStoreType,omitempty"`
Approved bool `json:"Approved,omitempty"`
CreateIfMissing bool `json:"CreateIfMissing,omitempty"`
PropertiesString string `json:"Properties,omitempty"`
Properties map[string]interface{} `json:"-"`
AgentId string `json:"AgentId,omitempty"`
AgentAssigned bool `json:"AgentAssigned,omitempty"`
ContainerName string `json:"ContainerName,omitempty"`
InventorySchedule InventorySchedule `json:"InventorySchedule"`
ReenrollmentStatus ReEnrollmnentConfig `json:"ReenrollmentStatus,omitempty"`
SetNewPasswordAllowed bool `json:"SetNewPasswordAllowed,omitempty"`
Password StorePasswordConfig `json:"Password,omitempty"`
DisplayName string `json:"DisplayName,omitempty"`
}
type GetSecurityIdentityResponse ¶
type GetSecurityIdentityResponse struct {
Id int `json:"Id,omitempty"`
AccountName string `json:"AccountName,omitempty"`
IdentityType string `json:"IdentityType,omitempty"`
Roles []SecurityRoleInformation `json:"Roles,omitempty"`
Valid bool `json:"Valid,omitempty"`
}
GetSecurityIdentityResponse holds the response data returned by /Security/Identities
type GetSecurityRoleResponse ¶
type GetSecurityRoleResponse struct {
Id float64 `json:"Id,omitempty"`
Name string `json:"Name,omitempty"`
Description string `json:"Description,omitempty"`
Identities []SecurityIdentity `json:"Identities,omitempty"`
Permissions []string `json:"Permissions,omitempty"`
}
type GetSecurityRolesResponse ¶
type GetSecurityRolesResponse struct {
ID float64 `json:"Id"`
Description string `json:"Description,omitempty"`
Enabled bool `json:"Enabled"`
Immutable bool `json:"Immutable"`
Valid bool `json:"Valid"`
Private bool `json:"Private"`
Identities []SecurityIdentity `json:"Identities"`
Name string `json:"Name,omitempty"`
Permissions []string `json:"Permissions"`
}
GetSecurityRolesResponse holds the response data returned by /Security/Roles
type GetTemplateResponse ¶
type GetTemplateResponse struct {
Id int `json:"Id,omitempty"`
CommonName string `json:"CommonName,omitempty"`
TemplateName string `json:"TemplateName,omitempty"`
Oid string `json:"Oid,omitempty"`
KeySize string `json:"KeySize,omitempty"`
KeyType string `json:"KeyType,omitempty"`
ForestRoot string `json:"ForestRoot,omitempty"`
FriendlyName string `json:"FriendlyName,omitempty"`
KeyRetention string `json:"KeyRetention,omitempty"`
KeyRetentionDays int `json:"KeyRetentionDays,omitempty"`
KeyArchival bool `json:"KeyArchival,omitempty"`
EnrollmentFields []TemplateEnrollmentFields `json:"EnrollmentFields,omitempty"`
MetadataFields []TemplateMetadataFields `json:"MetadataFields,omitempty"`
AllowedEnrollmentTypes int `json:"AllowedEnrollmentTypes,omitempty"`
TemplateRegexes []TemplateRegex `json:"TemplateRegexes,omitempty"`
UseAllowedRequesters bool `json:"UseAllowedRequesters,omitempty"`
AllowedRequesters []string `json:"AllowedRequesters,omitempty"`
RFCEnforcement bool `json:"RFCEnforcement,omitempty"`
RequiresApproval bool `json:"RequiresApproval,omitempty"`
KeyUsage int `json:"KeyUsage,omitempty"`
}
type InventoriedCertificate ¶
type InventoriedCertificate struct {
Id int `json:"Id"`
IssuedDN string `json:"IssuedDN"`
SerialNumber string `json:"SerialNumber"`
NotBefore string `json:"NotBefore"`
NotAfter string `json:"NotAfter"`
SigningAlgorithm string `json:"SigningAlgorithm"`
IssuerDN string `json:"IssuerDN"`
Thumbprint string `json:"Thumbprint"`
CertStoreInventoryItemId int `json:"CertStoreInventoryItemId"`
Metadata map[string]interface{} `json:"Metadata"`
}
type InventoryDaily ¶
type InventoryDaily struct {
Time string `json:"Time"`
}
InventoryDaily specifies that the inventory should happen at a given time in the day, daily
type InventoryInterval ¶
type InventoryInterval struct {
Minutes int `json:"Minutes"`
}
InventoryInterval specifies that the inventory should happen at a given interval in minutes
type InventoryOnce ¶
type InventoryOnce struct {
Time string `json:"Time"`
}
InventoryOnce specifies that the inventory should happen once, at a given time
type InventorySchedule ¶
type InventorySchedule struct {
Immediate *bool `json:"Immediate,omitempty"`
Interval *InventoryInterval `json:"Interval,omitempty"`
Daily *InventoryDaily `json:"Daily,omitempty"`
ExactlyOnce *InventoryOnce `json:"ExactlyOnce,omitempty"`
}
InventorySchedule holds configuration data for creating an inventory schedule for a certificate store in Keyfactor
type ListCertificateResponse ¶
type ListCertificateResponse struct {
Certificates []GetCertificateResponse `json:"Certificates"`
}
type ListCertificateStoresResponse ¶
type ListCertificateStoresResponse struct {
// An array of certificate store objects.
CertificateStores []CertificateStore `json:"CertificateStores"`
}
type LocationsCount ¶
type LocationsCount struct {
Type string `json:"Type,omitempty"`
Count int `json:"Count,omitempty"`
}
LocationsCount contains details on what kind of and how many stores the certificate is deployed inside.
type MetadataField ¶
type MetadataField struct {
Id int `json:"Id"`
Name string `json:"Name"`
Description string `json:"Description"`
DataType int `json:"DataType"`
Hint string `json:"Hint"`
Validation string `json:"Validation"`
Enrollment int `json:"Enrollment"`
Message string `json:"Message"`
Options string `json:"Options"`
DefaultValue string `json:"DefaultValue"`
DisplayOrder int `json:"DisplayOrder"`
}
type PropertyDefinition ¶
type PropertyDefinition struct {
StoreTypeID int `json:"StoreTypeID"`
Name string `json:"Name"`
DisplayName string `json:"DisplayName"`
Type string `json:"Type"`
DependsOn string `json:"DependsOn"`
DefaultValue string `json:"DefaultValue"`
Required bool `json:"Required"`
}
PropertyDefinition defines property fields associated with a certificate store type, and is returned by the GetCertificateStoreType method
type ProviderParams ¶
type ProviderParams struct {
Id int
Name string
Area int
ProviderType ProviderType
}
type ProviderType ¶
type ProviderTypeParams ¶
type ProviderTypeParams struct {
Id string
Value string
InstanceId string
InstanceGuid string
Provider ProviderParams
}
type ReEnrollmnentConfig ¶
type ReEnrollmnentConfig struct {
Data bool `json:"Data"`
AgentId string `json:"AgentId"`
Message string `json:"Message"`
JobProperties string `json:"JobProperties"`
CustomAliasAllowed int `json:"CustomAliasAllowed"`
}
ReEnrollmnentConfig configures the re-enrollment job for a created certificate.
type RemoveCertificateFromStore ¶
type RemoveCertificateFromStore struct {
// An integer containing the Keyfactor Command reference ID of the certificate to be removed to the certificate store(s).
CertificateId int `json:"CertificateId"`
Alias string `json:"Alias"`
// An array of certificate store GUIDs to identify the certificate stores to which the certificate should be removed
// and provide appropriate reference information for the certificate in the store.
CertificateStores *[]CertificateStore `json:"CertificateStores,omitempty"`
// The inventory schedule for the remove job
InventorySchedule *InventorySchedule `json:"Schedule,omitempty"`
// An integer containing the Keyfactor Command reference ID of the certificate to be removed to the certificate store(s).
CollectionId int `json:"CollectionId,omitempty"`
}
RemoveCertificateFromStore contains configuration data required to remove a certificate associated with a specific alias from one or more certificate stores.
type RevokeCertArgs ¶
type RevokeCertArgs struct {
CertificateIds []int `json:"CertificateIds"`
Reason int `json:"Reason"`
Comment string `json:"Comment"`
EffectiveDate string `json:"EffectiveDate"`
CollectionId int `json:"CollectionId,omitempty"`
}
RevokeCertArgs holds the function arguments used for calling the RevokeCert method.
type SANs ¶
type SANs struct {
IP4 []string `json:"ip4,omitempty"`
IP6 []string `json:"ip6,omitempty"`
DNS []string `json:"dns,omitempty"`
URI []string `json:"uri,omitempty"`
}
SANs holds arrays of strings associated with IPv4 (IP4), IPv6 (IP6), DNS, and URI SANs.
type SSLLocations ¶
type SSLLocations struct {
StorePath string `json:"StorePath,omitempty"`
AgentPool string `json:"AgentPool,omitempty"`
IPAddress string `json:"IPAddress,omitempty"`
Port int `json:"Port,omitempty"`
NetworkName string `json:"NetworkName,omitempty"`
}
SSLLocations contains detailed information on the locations that the certificate was found in a scan.
type SecretParamValue ¶
type SecretParamValue struct {
SecretValue string `json:"SecretValue"`
}
type SecurityIdentity ¶
type SecurityIdentity struct {
Id float64 `json:"Id"`
AccountName string `json:"AccountName"`
IdentityType string `json:"IdentityType"`
Sid string `json:"SID"`
}
SecurityIdentity contains the contains required elements to attach an identity to a role
type SecurityRoleIdentityConfig ¶
SecurityRoleIdentityConfig holds configuration data defining which security identities are attached to a given security role.
type SecurityRoleInformation ¶
type SecurityRoleInformation struct {
Id int `json:"Id,omitempty"`
Name string `json:"Name,omitempty"`
Description string `json:"Description,omitempty"`
}
SecurityRoleInformation holds security role information associated with an identity
type SecurityRolePermission ¶
type SecurityRolePermission struct {
AgentAutoRegistration *string `json:"AgentAutoRegistration,omitempty"`
AgentManagement *string `json:"agent_management,omitempty"`
API *string `json:"api,omitempty"`
Auditing *string `json:"auditing,omitempty"`
CertificateCollections *string `json:"certificate_collections,omitempty"`
CertificateEnrollment *string `json:"certificate_enrollment,omitempty"`
CertificateMetadataTypes *string `json:"certificate_metadata_types,omitempty"`
CertificateStoreManagement *string `json:"certificate_store_management,omitempty"`
Certificates *string `json:"certificates,omitempty"`
Dashboard *string `json:"dashboard,omitempty"`
MacAutoEnrollManagement *string `json:"mac_auto_enroll_management,omitempty"`
AdminPortal *string `json:"admin_portal,omitempty"`
Monitoring *string `json:"monitoring,omitempty"`
PkiManagement *string `json:"pki_management,omitempty"`
Reports *string `json:"reports,omitempty"`
SecuritySettings *string `json:"security_settings,omitempty"`
SSH *string `json:"ssh,omitempty"`
SslManagement *string `json:"ssl_management,omitempty"`
SystemSettings *string `json:"system_settings,omitempty"`
WorkflowManagement *string `json:"workflow_management,omitempty"`
}
SecurityRolePermission holds the permission configuration to create or update a Keyefactor security role. See API documentation for specifics on how to configure these fields.
type SpecialPropertiesSecretValue ¶
type SpecialPropertiesSecretValue struct {
Value SecretParamValue `json:"value"`
}
type SpecialPropertiesValue ¶
type SpecialPropertiesValue struct {
Value interface{} `json:"value"`
}
type StorePasswordConfig ¶
type StorePasswordConfig struct {
Value *string `json:"SecretValue"`
SecretTypeGuid *string `json:"SecretTypeGuid,omitempty"`
InstanceId *string `json:"InstanceId,omitempty"`
} // ProviderTypeParameterValues - Not yet implemented
StorePasswordConfig configures the password field for a new certificate store.
type StoreTypes ¶
type StoreTypes struct {
StoreTypeId int `json:"StoreTypeId"`
Alias *string `json:"Alias,omitempty"`
Overwrite *bool `json:"Overwrite,omitempty"`
Properties *[]string `json:"Properties,omitempty"`
}
StoreTypes holds necessary store type metadata for creating and deploying certificates.
type StringTuple ¶
type StringTuple struct {
Elem1 string `json:"elem1,omitempty"`
Elem2 string `json:"elem2,omitempty"`
}
StringTuple is a struct holding two string elements used by the Keyfactor Go Client library for data types requiring a tuple of strings
type SubjectAltNameElements ¶
type SubjectAltNameElements struct {
Id int `json:"Id"`
Value string `json:"Value"`
Type int `json:"Type"`
ValueHash string `json:"ValueHash"`
}
SubjectAltNameElements contains detailed information on the SANs attached to a certificate, and is returned inside the GetCertificateContext method
type TemplateMetadataFields ¶
type TemplateRegex ¶
type TerraformLogger ¶
type TerraformLogger struct {
// contains filtered or unexported fields
}
TerraformLogger wraps the tflog logging to handle Go's log messages with log level mapping.
type UpdateMetadataArgs ¶
type UpdateMetadataArgs struct {
CertID int `json:"Id"`
CertificateMetadata []StringTuple `json:"-"`
Metadata map[string]interface{} `json:"Metadata"`
CollectionId int `json:"CollectionId"`
}
UpdateMetadataArgs holds the function arguments used for calling the UpdateMetadata method.
type UpdateSecurityRoleArg ¶
type UpdateSecurityRoleArg struct {
Id int `json:"Id,omitempty"`
CreateSecurityRoleArg
}
UpdateSecurityRoleArg holds the function arguments used for calling the UpdateSecurityRole method.
type UpdateSecurityRoleResponse ¶
type UpdateSecurityRoleResponse struct {
CreateSecurityRoleResponse
}
UpdateSecurityRoleResponse holds the response elements returned by the UpdateSecurityRole method
type UpdateStoreFctArgs ¶
type UpdateStoreFctArgs struct {
Id string `json:"Id,omitempty"`
ContainerId *int `json:"ContainerId,omitempty"`
ClientMachine string `json:"ClientMachine"`
StorePath string `json:"StorePath"`
CertStoreInventoryJobId *string `json:"CertStoreInventoryJobId,omitempty"`
CertStoreType int `json:"CertStoreType"`
Approved *bool `json:"Approved,omitempty"`
CreateIfMissing *bool `json:"CreateIfMissing,omitempty"`
// String JSON name-value pairs; this field is not recommended. Instead, please use Properties. This field is
// automatically populated by the CreateStore method. However, if configured, this field will be used.
PropertiesString string `json:"Properties,omitempty"`
// Mapped name-value pair field used to configure properties.
Properties map[string]interface{} `json:"-"`
AgentId string `json:"AgentId"`
AgentAssigned *bool `json:"AgentAssigned,omitempty"`
ContainerName *string `json:"ContainerName,omitempty"`
InventorySchedule *InventorySchedule `json:"InventorySchedule,omitempty"`
ReEnrollmentStatus *ReEnrollmnentConfig `json:"ReEnrollmentStatus,omitempty"`
SetNewPasswordAllowed *bool `json:"SetNewPasswordAllowed,omitempty"`
Password *StorePasswordConfig `json:"Password"`
}
UpdateStoreFctArgs holds the function arguments used for calling the UpdateStore method.
type UpdateStoreResponse ¶
type UpdateStoreResponse struct{ CreateStoreResponse }
UpdateStoreResponse contains the response elements returned from the UpdateStore method.
type UpdateTemplateArg ¶
type UpdateTemplateArg struct {
Id int `json:"Id,omitempty"`
CommonName string `json:"CommonName,omitempty"`
TemplateName string `json:"TemplateName,omitempty"`
Oid string `json:"Oid,omitempty"`
KeySize string `json:"KeySize,omitempty"`
KeyType *string `json:"KeyType,omitempty"`
ForestRoot string `json:"ForestRoot,omitempty"`
FriendlyName *string `json:"FriendlyName,omitempty"`
KeyRetention *string `json:"KeyRetention,omitempty"`
KeyRetentionDays *int `json:"KeyRetentionDays,omitempty"`
KeyArchival *bool `json:"KeyArchival,omitempty"`
EnrollmentFields *[]TemplateEnrollmentFields `json:"EnrollmentFields,omitempty"`
MetadataFields *[]TemplateMetadataFields `json:"MetadataFields,omitempty"`
AllowedEnrollmentTypes *int `json:"AllowedEnrollmentTypes,omitempty"`
TemplateRegexes *[]TemplateRegex `json:"TemplateRegexes,omitempty"`
UseAllowedRequesters *bool `json:"UseAllowedRequesters,omitempty"`
AllowedRequesters *[]string `json:"AllowedRequesters,omitempty"`
RFCEnforcement *bool `json:"RFCEnforcement,omitempty"`
RequiresApproval *bool `json:"RequiresApproval,omitempty"`
KeyUsage *bool `json:"KeyUsage,omitempty"`
}
type UpdateTemplateResponse ¶
type UpdateTemplateResponse struct{ GetTemplateResponse }
type WorkflowActionResponse ¶
type WorkflowActionResponse struct {
Failures []struct {
CARowId int `json:"CARowId"`
CARequestId string `json:"CARequestId"`
CAHost string `json:"CAHost"`
CALogicalName string `json:"CALogicalName"`
KeyfactorRequestId int `json:"KeyfactorRequestId"`
Comment string `json:"Comment"`
} `json:"Failures"`
Denials []struct {
CARowId int `json:"CARowId"`
CARequestId string `json:"CARequestId"`
CAHost string `json:"CAHost"`
CALogicalName string `json:"CALogicalName"`
KeyfactorRequestId int `json:"KeyfactorRequestId"`
Comment string `json:"Comment"`
} `json:"Denials"`
Successes []struct {
CARowId int `json:"CARowId"`
CARequestId string `json:"CARequestId"`
CAHost string `json:"CAHost"`
CALogicalName string `json:"CALogicalName"`
KeyfactorRequestId int `json:"KeyfactorRequestId"`
Comment string `json:"Comment"`
} `json:"Successes"`
}
type WorkflowCertificate ¶
type WorkflowCertificate struct {
Id int `json:"Id"`
CARequestId string `json:"CARequestId"`
CommonName string `json:"CommonName"`
DistinguishedName string `json:"DistinguishedName"`
SubmissionDate time.Time `json:"SubmissionDate"`
CertificateAuthority string `json:"CertificateAuthority"`
Template string `json:"Template"`
Requester string `json:"Requester"`
State int `json:"State"`
StateString string `json:"StateString"`
Metadata map[string]string `json:"Metadata"`
}
Source Files
¶
- agent.go
- agent_models.go
- ca.go
- ca_models.go
- certificate.go
- certificate_models.go
- client.go
- client_models.go
- constants.go
- metadata.go
- metadata_models.go
- security.go
- security_models.go
- store.go
- store_container.go
- store_container_models.go
- store_models.go
- store_type.go
- store_type_models.go
- template.go
- template_models.go
- workflow.go
- workflow_models.go
Click to show internal directories.
Click to hide internal directories.