api

package
v3.0.0-rc.9 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Nov 1, 2024 License: Apache-2.0 Imports: 23 Imported by: 0

Documentation

Index

Constants

View Source
const (
	MAX_ITERATIONS               = 100000
	MAX_WAIT_SECONDS             = 30
	MAX_CONTEXT_DEADLINE_RETRIES = 5
)

Variables

View Source
var (
	// DefaultAPIPath is the default API path for Keyfactor Command.
	DefaultAPIPath = auth_providers.DefaultCommandAPIPath

	// EnvCommandHostname is the environment variable for the Keyfactor Command hostname.
	EnvCommandHostname = auth_providers.EnvKeyfactorHostName

	// EnvCommandAPI is the environment variable for the Keyfactor Command API path.
	EnvCommandAPI = auth_providers.EnvKeyfactorAPIPath

	// EnvCommandTimeout is the environment variable for the Keyfactor Command timeout.
	EnvCommandTimeout = auth_providers.EnvKeyfactorClientTimeout

	// EnvCommandUsername is the environment variable for the Keyfactor Command username.
	EnvCommandUsername = auth_providers.EnvKeyfactorUsername

	// EnvCommandPassword is the environment variable for the Keyfactor Command password.
	EnvCommandPassword = auth_providers.EnvKeyfactorPassword

	// EnvCommandDomain is the environment variable for the Keyfactor Command domain.
	EnvCommandDomain = auth_providers.EnvKeyfactorDomain

	// EnvCommandClientId is the environment variable for the Keyfactor Command client ID.
	EnvCommandClientId = auth_providers.EnvKeyfactorClientID

	// EnvCommandClientSecret is the environment variable for the Keyfactor Command client secret.
	EnvCommandClientSecret = auth_providers.EnvKeyfactorClientSecret

	// EnvCommandOAuthTokenUrl is the environment variable for the Keyfactor Command OAuth token URL.
	EnvCommandOAuthTokenUrl = auth_providers.EnvKeyfactorAuthTokenURL
)

Functions

func ConvertBase64P7BtoCertificates

func ConvertBase64P7BtoCertificates(base64P7B string) ([]*x509.Certificate, error)

ConvertBase64P7BtoCertificates takes a base64 encoded P7B certificate string and returns a slice of *x509.Certificate.

func ConvertBase64P7BtoPEM

func ConvertBase64P7BtoPEM(base64P7B string) ([]string, error)

ConvertBase64P7BtoPEM takes a base64 encoded P7B certificate string and converts it to PEM format.

Types

type AddCertificateToStore

type AddCertificateToStore struct {
	// An integer containing the Keyfactor Command reference ID of the certificate to be added to the certificate store(s).
	CertificateId int `json:"CertificateId"`

	// An array of certificate store GUIDs to identify the certificate stores to which the certificate should be added
	// and provide appropriate reference information for the certificate in the store.
	CertificateStores *[]CertificateStore `json:"CertificateStores,omitempty"`

	// The inventory schedule for the add job
	InventorySchedule *InventorySchedule `json:"Schedule,omitempty"`

	// An integer containing the Keyfactor Command reference ID of the certificate to be added to the certificate store(s).
	CollectionId int `json:"CollectionId,omitempty"`
}

AddCertificateToStore contains configuration content required to add a certificate to one or multiple certificate stores located inside Keyfactor Command.

type Agent

type Agent struct {
	AgentId                     string   `json:"AgentId"`
	ClientMachine               string   `json:"ClientMachine"`
	Username                    string   `json:"Username"`
	AgentPlatform               int      `json:"AgentPlatform"`
	Status                      int      `json:"Status"`
	Version                     string   `json:"Version"`
	LastSeen                    string   `json:"LastSeen"`
	Capabilities                []string `json:"Capabilities"`
	Blueprint                   string   `json:"Blueprint"`
	Thumbprint                  string   `json:"Thumbprint"`
	LegacyThumbprint            string   `json:"LegacyThumbprint"`
	AuthCertificateReenrollment string   `json:"AuthCertificateReenrollment"`
	LastThumbprintUsed          string   `json:"LastThumbprintUsed"`
	LastErrorCode               int      `json:"LastErrorCode"`
	LastErrorMessage            string   `json:"LastErrorMessage"`
}

type Agent9x

type Agent9x struct {
	AgentId          string `json:"AgentId"`
	AgentPoolId      string `json:"AgentPoolId"`
	ClientMachine    string `json:"ClientMachine"`
	Username         string `json:"Username"`
	AgentPlatform    int    `json:"AgentPlatform"`
	Status           int    `json:"Status"`
	EnableDiscover   bool   `json:"EnableDiscover"`
	EnableMonitor    bool   `json:"EnableMonitor"`
	Version          string `json:"Version"`
	LastSeen         string `json:"LastSeen"`
	Thumbprint       string `json:"Thumbprint"`
	LegacyThumbprint string `json:"LegacyThumbprint"`
}

type AuthConfig

type AuthConfig interface {
	Authenticate() error
	GetHttpClient() (*http.Client, error)
	GetServerConfig() *auth_providers.Server
}

Define an interface that both CommandConfigOauth and CommandAuthConfigBasic implement

type CA

type CA struct {
	Id                     int    `json:"Id"`
	LogicalName            string `json:"LogicalName"`
	HostName               string `json:"HostName"`
	Delegate               bool   `json:"Delegate"`
	ForestRoot             string `json:"ForestRoot"`
	Remote                 bool   `json:"Remote"`
	Agent                  string `json:"Agent"`
	Standalone             bool   `json:"Standalone"`
	MonitorThresholds      bool   `json:"MonitorThresholds"`
	IssuanceMax            int    `json:"IssuanceMax"`
	IssuanceMin            int    `json:"IssuanceMin"`
	DenialMax              int    `json:"DenialMax"`
	FailureMax             int    `json:"FailureMax"`
	RFCEnforcement         bool   `json:"RFCEnforcement"`
	Properties             string `json:"Properties"`
	AllowedEnrollmentTypes int    `json:"AllowedEnrollmentTypes"`
	KeyRetention           int    `json:"KeyRetention"`
	KeyRetentionDays       int    `json:"KeyRetentionDays"`
	ExplicitCredentials    bool   `json:"ExplicitCredentials"`
	SubscriberTerms        bool   `json:"SubscriberTerms"`
	ExplicitUser           string `json:"ExplicitUser"`
	ExplicitPassword       struct {
		SecretValue string `json:"SecretValue"`
		Parameters  struct {
		} `json:"Parameters"`
		Provider int `json:"Provider"`
	} `json:"ExplicitPassword"`
	UseAllowedRequesters bool     `json:"UseAllowedRequesters"`
	AllowedRequesters    []string `json:"AllowedRequesters"`
}

type CRLDistributionPoints

type CRLDistributionPoints struct {
	Id      int    `json:"Id"`
	URL     string `json:"URL"`
	URLHash string `json:"URLHash"`
}

CRLDistributionPoints contains details on the CRL distribution and is returned inside GetCertificateResponse with the GetCertificateContext method.

type CertStoreContainer

type CertStoreContainer struct {
	Id                 *int   `json:"Id,omitempty"`
	Name               string `json:"Name"`
	OverwriteSchedules bool   `json:"OverwriteSchedules"`
	Schedule           string `json:"Schedule"`
	CertStoreType      int    `json:"CertStoreType"`
}

CertStoreContainer holds the function arguments used for calling the GetStoreContainers method.

type CertStoreInventory

type CertStoreInventory struct {
	Name         string                   `json:"Name,omitempty"` // This is the cert `alias` in the store
	Certificates []InventoriedCertificate `json:"Certificates,omitempty"`
	Thumbprints  []string                 `json:"-"`
	Serials      []string                 `json:"-"`
	Ids          []int                    `json:"-"`
}

type CertStoreInventoryV1

type CertStoreInventoryV1 struct {
	CertStoreInventoryItemId int                      `json:"CertStoreInventoryItemId"`
	Name                     string                   `json:"Name,omitempty"`
	Certificates             []InventoriedCertificate `json:"Certificates,omitempty"`
	Thumbprints              map[string]bool          `json:"-"`
	Serials                  map[string]bool          `json:"-"`
	Ids                      map[int]bool             `json:"-"`
	Properties               map[string]interface{}   `json:"-"`
	Parameters               map[string]interface{}   `json:"-"`
}

type CertStoreTypeResponse

type CertStoreTypeResponse struct {
	Name                string `json:"Name"`
	ShortName           string `json:"ShortName"`
	Capability          string `json:"Capability"`
	StoreType           int    `json:"StoreType"`
	ImportType          int    `json:"ImportType"`
	LocalStore          bool   `json:"LocalStore"`
	SupportedOperations struct {
		Add        bool `json:"Add"`
		Create     bool `json:"Create"`
		Discovery  bool `json:"Discovery"`
		Enrollment bool `json:"Enrollment"`
		Remove     bool `json:"Remove"`
	} `json:"SupportedOperations"`
	Properties      []PropertyDefinition `json:"Properties"`
	PasswordOptions struct {
		EntrySupported bool   `json:"EntrySupported"`
		StoreRequired  bool   `json:"StoreRequired"`
		Style          string `json:"Style"`
	} `json:"PasswordOptions"`
	StorePathValue     []string `json:"store_path_value"`
	PrivateKeyAllowed  string   `json:"private_key_allowed"`
	JobProperties      []string `json:"job_properties"`
	ServerRequired     bool     `json:"ServerRequired"`
	PowerShell         bool     `json:"PowerShell"`
	BlueprintAllowed   bool     `json:"BlueprintAllowed"`
	CustomAliasAllowed string   `json:"CustomAliasAllowed"`
	ServerRegistration int      `json:"ServerRegistration"`
	InventoryEndpoint  string   `json:"InventoryEndpoint"`
	InventoryJobType   string   `json:"InventoryJobType"`
	ManagementJobType  string   `json:"ManagementJobType"`
	DiscoveryJobType   string   `json:"DiscoveryJobType"`
	EnrollmentJobType  string   `json:"EnrollmentJobType"`
}

CertStoreTypeResponse contains the response elements returned from the GetCertificateStoreType method.

type CertStoreTypeResponseList

type CertStoreTypeResponseList []struct {
	CertStoreTypeResponse
}

type CertificateInformation

type CertificateInformation struct {
	SerialNumber       string      `json:"SerialNumber"`
	IssuerDN           string      `json:"IssuerDN"`
	Thumbprint         string      `json:"Thumbprint"`
	KeyfactorID        int         `json:"KeyfactorID"`
	KeyfactorRequestID int         `json:"KeyfactorRequestId"`
	PKCS12Blob         string      `json:"PKCS12Blob"`
	Certificates       []string    `json:"Certificates"`
	RequestDisposition string      `json:"RequestDisposition"`
	DispositionMessage string      `json:"DispositionMessage"`
	EnrollmentContext  interface{} `json:"EnrollmentContext"`
}

CertificateInformation contains response data from the Enroll methods.

type CertificateInformationV2

type CertificateInformationV2 struct {
	SerialNumber              string        `json:"SerialNumber"`
	IssuerDN                  string        `json:"IssuerDN"`
	Thumbprint                string        `json:"Thumbprint"`
	KeyfactorId               int           `json:"KeyfactorId"`
	Pkcs12Blob                string        `json:"Pkcs12Blob"`
	Password                  interface{}   `json:"Password"`
	WorkflowInstanceId        string        `json:"WorkflowInstanceId"`
	WorkflowReferenceId       int           `json:"WorkflowReferenceId"`
	StoreIdsInvalidForRenewal []interface{} `json:"StoreIdsInvalidForRenewal"`
	KeyfactorRequestId        int           `json:"KeyfactorRequestId"`
	RequestDisposition        string        `json:"RequestDisposition"`
	DispositionMessage        string        `json:"DispositionMessage"`
	EnrollmentContext         interface{}   `json:"EnrollmentContext"`
}

type CertificateLocations

type CertificateLocations struct {
	StoreMachine string `json:"StoreMachine,omitempty"`
	StorePath    string `json:"StorePath,omitempty"`
	StoreType    int    `json:"StoreType,omitempty"`
	Alias        string `json:"Alias,omitempty"`
	ChainLevel   int    `json:"ChainLevel,omitempty"`
	CertStoreId  string `json:"CertStoreId,omitempty"`
}

CertificateLocations contains response and request data for the GetCertificateContext and DeployPFXCertificate methods

type CertificateStore

type CertificateStore struct {
	// A string containing the GUID for the certificate store to which the certificate should be added.
	CertificateStoreId string `json:"CertificateStoreId,omitempty"`

	// A string providing an alias to be used for the certificate upon entry into the certificate store. The function of the alias varies depending on the certificate store type.
	Alias string `json:"Alias,omitempty"`

	// A Boolean that sets whether a certificate in the store with the Alias provided should be overwritten with the certificate being added (true) or not (false). The default is false
	Overwrite bool `json:"Overwrite,omitempty"`

	// The password to set on the entry within the certificate store, if applicable. Only select certificate stores support entry passwords (e.g. Java keystores).
	EntryPassword *EntryPassword `json:"EntryPassword"`

	// Password used to secure certificate store, if it exists as a PKCS#12
	PfxPassword string `json:"PfxPassword,omitempty"`

	// A Boolean that sets whether to include the private key of the certificate in the certificate store if private keys are optional for the given certificate store (true) or not (false). The default is false.
	IncludePrivateKey bool `json:"IncludePrivateKey,omitempty"`

	// Entry Parameters map
	JobParameters map[string]string `json:"JobFields,omitempty"`
}

CertificateStore contains configuration used by AddCertificateToStore and RemoveCertificateFromStore to configure the certificate stores that a certificate should be added to.

type CertificateStoreType

type CertificateStoreType struct {
	Name                string                         `json:"Name"`
	ShortName           string                         `json:"ShortName"`
	Capability          string                         `json:"Capability,omitempty"`
	StoreType           int                            `json:"StoreType"`
	ImportType          int                            `json:"ImportType,omitempty"`
	LocalStore          bool                           `json:"LocalStore,omitempty"`
	SupportedOperations *StoreTypeSupportedOperations  `json:"SupportedOperations,omitempty"`
	Properties          *[]StoreTypePropertyDefinition `json:"Properties,omitempty"`
	EntryParameters     *[]EntryParameter              `json:"EntryParameters,omitempty"`
	PasswordOptions     *StoreTypePasswordOptions      `json:"PasswordOptions,omitempty"`
	StorePathType       string                         `json:"StorePathType,omitempty"`
	StorePathValue      string                         `json:"StorePathValue,omitempty"`
	PrivateKeyAllowed   string                         `json:"PrivateKeyAllowed,omitempty"`
	JobProperties       *[]string                      `json:"JobProperties,omitempty"`
	ServerRequired      bool                           `json:"ServerRequired,omitempty"`
	PowerShell          bool                           `json:"PowerShell,omitempty"`
	BlueprintAllowed    bool                           `json:"BlueprintAllowed,omitempty"`
	CustomAliasAllowed  string                         `json:"CustomAliasAllowed,omitempty"`
	ServerRegistration  int                            `json:"ServerRegistration,omitempty"`
	InventoryEndpoint   string                         `json:"InventoryEndpoint,omitempty"`
	InventoryJobType    string                         `json:"InventoryJobType,omitempty"`
	ManagementJobType   string                         `json:"ManagementJobType,omitempty"`
	DiscoveryJobType    string                         `json:"DiscoveryJobType,omitempty"`
	EnrollmentJobType   string                         `json:"EnrollmentJobType,omitempty"`
}

type CertificateStoreTypeGeneric

type CertificateStoreTypeGeneric struct {
	Name                string                                `json:"Name"`
	ShortName           string                                `json:"ShortName"`
	Capability          string                                `json:"Capability"`
	LocalStore          bool                                  `json:"LocalStore"`
	SupportedOperations *StoreTypeSupportedOperations         `json:"SupportedOperations"`
	Properties          *[]StoreTypePropertyDefinitionGeneric `json:"Properties"`
	EntryParameters     *[]EntryParameterGeneric              `json:"EntryParameters"`
	PasswordOptions     *StoreTypePasswordOptions             `json:"PasswordOptions"`
	//StorePathType       string                                `json:"StorePathType"` # This is not returned in the API and computed after POST
	StorePathValue    string `json:"StorePathValue"`
	PrivateKeyAllowed string `json:"PrivateKeyAllowed"`
	//JobProperties       *[]string                             `json:"JobProperties"` # This is not returned in the API and computed after POST
	ServerRequired     bool   `json:"ServerRequired"`
	PowerShell         bool   `json:"PowerShell"`
	BlueprintAllowed   bool   `json:"BlueprintAllowed"`
	CustomAliasAllowed string `json:"CustomAliasAllowed"`
}

type CertificateSubject

type CertificateSubject struct {
	SubjectCommonName         string
	SubjectLocality           string
	SubjectOrganization       string
	SubjectCountry            string
	SubjectOrganizationalUnit string
	SubjectState              string
}

CertificateSubject contains string elements for X.509V3 certificate distinguished name (subject)

type Client

type Client struct {
	AuthClient AuthConfig
	LoggerType string
}

func NewKeyfactorClient

func NewKeyfactorClient(cfg *auth_providers.Server, ctx *context.Context) (*Client, error)

NewKeyfactorClient creates a new Keyfactor client instance. A configured Client is returned with methods used to interact with Keyfactor.

func (*Client) AddCertificateToStores

func (c *Client) AddCertificateToStores(config *AddCertificateToStore) ([]string, error)

AddCertificateToStores takes argument for a AddCertificateToStore structure and is used to remove a configured certificate from one or more certificate stores.

func (*Client) ApproveAgent

func (c *Client) ApproveAgent(id string) (string, error)

func (*Client) CreateSecurityIdentity

func (c *Client) CreateSecurityIdentity(csia *CreateSecurityIdentityArg) (*CreateSecurityIdentityResponse, error)

CreateSecurityIdentity hits the /Security/Identities endpoint with a POST request to create a new Keyfactor security and returns a CreateSecurityIdentityResponse struct. The function takes argument for a CreateSecurityIdentityArg struct

func (*Client) CreateSecurityRole

func (c *Client) CreateSecurityRole(input *CreateSecurityRoleArg) (*CreateSecurityRoleResponse, error)

CreateSecurityRole creates a new Keyfacor security role. This function takes argument for a CreateSecurityRoleArg struct and returns a CreateSecurityRoleResponse struct.

func (*Client) CreateStore

func (c *Client) CreateStore(ca *CreateStoreFctArgs) (*CreateStoreResponse, error)

CreateStore takes arguments for CreateStoreFctArgs to facilitate the creation of all store types supported by a customer Keyfactor Command instance. Note that various certificate store types require different property arguments, and careful attention should be taken to ensure that all required elements are included. Required arguments for this method are:

  • ClientMachine : string
  • StorePath : string
  • Properties : []StringTuple *Note - Method converts this array of StringTuples to a JSON string if provided
  • AgentId : string

func (*Client) CreateStoreType

func (c *Client) CreateStoreType(ca *CertificateStoreType) (*CertificateStoreType, error)

CreateStoreType takes arguments for CreateStoreFctArgs to facilitate the creation of all store types supported by a customer Keyfactor Command instance. Note that various certificate store types require different property arguments, and careful attention should be taken to ensure that all required elements are included. Required arguments for this method are:

  • ClientMachine : string
  • StorePath : string
  • Properties : []StringTuple *Note - Method converts this array of StringTuples to a JSON string if provided
  • AgentId : string

func (*Client) DeleteCertificateStore

func (c *Client) DeleteCertificateStore(storeId string) error

DeleteCertificateStore takes arguments for a certificate store ID to facilitate a call to Keyfactor that deletes a certificate store. Only the store ID is required.

func (*Client) DeleteCertificateStoreType

func (c *Client) DeleteCertificateStoreType(id int) (*DeleteStoreType, error)

func (*Client) DeleteSecurityIdentity

func (c *Client) DeleteSecurityIdentity(id int) error

DeleteSecurityIdentity takes arguments for a security identity ID, and makes an associated call to Keyfactor to delete the identity.

func (*Client) DeleteSecurityRole

func (c *Client) DeleteSecurityRole(id int) error

DeleteSecurityRole takes arguments for a security role ID, and makes an associated call to Keyfactor to delete the role.

func (*Client) DeployPFXCertificate

func (c *Client) DeployPFXCertificate(args *DeployPFXArgs) (*DeployPFXResp, error)

DeployPFXCertificate takes pointers to DeployPFXArgs structs holding configuration data required for the deployment of a newly enrolled PFX certificate. It returns a pointer to a DeployPFXResp struct if successful, and an error message if not. Required fields to deploy a certificate to a store maintained by Keyfactor are:

  • StoreIds : []string
  • Password : string
  • CertificateId : int
  • RequestId : int

func (*Client) DisApproveAgent

func (c *Client) DisApproveAgent(id string) (string, error)

func (*Client) DownloadCertificate

func (c *Client) DownloadCertificate(
	certId int,
	thumbprint string,
	serialNumber string,
	issuerDn string,
) (*x509.Certificate, []*x509.Certificate, error)

DownloadCertificate takes arguments for DownloadCertArgs to facilitate a call to Keyfactor that downloads a certificate from Keyfactor. The download certificate endpoint requires one of the following to retrieve a cert:

  • CertID
  • Thumbprint
  • SerialNumber AND IssuerDN

Returns:

  • Leaf certificate
  • Certificate chain

func (*Client) EnrollCSR

func (c *Client) EnrollCSR(ea *EnrollCSRFctArgs) (*EnrollResponse, error)

EnrollCSR takes arguments for EnrollCSRFctArgs to enroll a passed Certificate Signing Request with Keyfactor. An EnrollResponse containing a signed certificate is returned upon successful enrollment. Required fields to complete a CSR enrollment are:

  • CSR : string
  • Template : string
  • CertificateAuthority : string

func (*Client) EnrollPFX

func (c *Client) EnrollPFX(ea *EnrollPFXFctArgs) (*EnrollResponse, error)

EnrollPFX takes arguments for EnrollPFXFctArgs to facilitate a call to Keyfactor that enrolls a PFX certificate with the supplied arguments.

func (*Client) EnrollPFXV2

func (c *Client) EnrollPFXV2(ea *EnrollPFXFctArgsV2) (*EnrollResponseV2, error)

func (*Client) FetchAgentLogs

func (c *Client) FetchAgentLogs(id string) (string, error)

func (*Client) GetAgent

func (c *Client) GetAgent(id string) ([]Agent, error)

func (*Client) GetAgentList

func (c *Client) GetAgentList() ([]Agent, error)

GetAgentList returns a list of orchestrators registered in the Keyfactor instance

func (*Client) GetAllMetadataFields

func (c *Client) GetAllMetadataFields() ([]MetadataField, error)

func (*Client) GetCAList

func (c *Client) GetCAList() ([]CA, error)

GetCAList returns a list of certificate authorities supported by the Keyfactor instance

func (*Client) GetCertStoreInventory

func (c *Client) GetCertStoreInventory(storeId string) (*[]CertStoreInventory, error)

func (*Client) GetCertificateContext

func (c *Client) GetCertificateContext(gca *GetCertificateContextArgs) (*GetCertificateResponse, error)

GetCertificateContext takes arguments for GetCertificateContextArgs used to facilitate the retrieval of certificate context. The primary query required to get certificate context is the certificate ID. Include metadata and include locations add additional data, but can be set to false if they are unneeded. A pointer to a GetCertificateResponse structure is returned, containing the certificate context.

func (*Client) GetCertificateStoreByClientAndStorePath

func (c *Client) GetCertificateStoreByClientAndStorePath(
	clientMachine string,
	storePath, containerID interface{},
) (*[]GetCertificateStoreResponse, error)

func (*Client) GetCertificateStoreByContainerID

func (c *Client) GetCertificateStoreByContainerID(containerID interface{}) (*[]GetCertificateStoreResponse, error)

GetCertificateStoreByID takes arguments for a certificate store ID to facilitate a call to Keyfactor that retrieves a certificate store context. Only the store ID is required. A pointer to a GetStoreByIDResp struct is returned that contains information on the certificate store.

func (*Client) GetCertificateStoreByID

func (c *Client) GetCertificateStoreByID(storeId string) (*GetCertificateStoreResponse, error)

GetCertificateStoreByID takes arguments for a certificate store ID to facilitate a call to Keyfactor that retrieves a certificate store context. Only the store ID is required. A pointer to a GetStoreByIDResp struct is returned that contains information on the certificate store.

func (*Client) GetCertificateStoreType

func (c *Client) GetCertificateStoreType(id interface{}) (*CertificateStoreType, error)

GetCertificateStoreType takes arguments for a certificate store type ID or name and if found will return the certificate store type

func (*Client) GetCertificateStoreTypeById

func (c *Client) GetCertificateStoreTypeById(id int) (*CertificateStoreType, error)

GetCertificateStoreTypeById takes arguments for a certificate store type ID to facilitate a call to Keyfactor that retrieves certificate store context associated with a store type ID

func (*Client) GetCertificateStoreTypeByName

func (c *Client) GetCertificateStoreTypeByName(name string) (*CertificateStoreType, error)

GetCertificateStoreTypeByName takes arguments for a certificate store type ID to facilitate a call to Keyfactor that retrieves certificate store context associated with a store type ID

func (*Client) GetSecurityIdentities

func (c *Client) GetSecurityIdentities() ([]GetSecurityIdentityResponse, error)

GetSecurityIdentities hits the /Security/Identities endpoint with a GET request and returns a list of GetSecurityIdentityResponse structs. The function takes no arguments.

func (*Client) GetSecurityRole

func (c *Client) GetSecurityRole(id interface{}) (*GetSecurityRoleResponse, error)

func (*Client) GetSecurityRoles

func (c *Client) GetSecurityRoles() ([]GetSecurityRolesResponse, error)

func (*Client) GetStoreContainer

func (c *Client) GetStoreContainer(id interface{}) (*CertStoreContainer, error)

GetStoreContainer takes an ID and returns a single store container

func (*Client) GetStoreContainers

func (c *Client) GetStoreContainers() (*[]CertStoreContainer, error)

GetStoreContainers returns a list of store containers

func (*Client) GetTemplate

func (c *Client) GetTemplate(Id interface{}) (*GetTemplateResponse, error)

GetTemplate takes arguments for a template ID used to facilitate the retrieval of certificate template context. The primary query required to get certificate context is the template ID. A pointer to a GetTemplateResponse structure is returned, containing the template context.

func (*Client) GetTemplates

func (c *Client) GetTemplates() ([]GetTemplateResponse, error)

GetTemplates asks Keyfactor for a complete list of known certificate templates. A list of GetTemplateResponse structures is returned, containing the template context.

func (*Client) ListCertificateStoreTypes

func (c *Client) ListCertificateStoreTypes() (*[]CertificateStoreType, error)

ListCertificateStoreTypes takes no arguments and returns a list of certificate store types from Keyfactor.

func (*Client) ListCertificateStores

func (c *Client) ListCertificateStores(params *map[string]interface{}) (*[]GetCertificateStoreResponse, error)

func (*Client) ListCertificates

func (c *Client) ListCertificates(q map[string]string) ([]GetCertificateResponse, error)

func (*Client) ListDeniedCertificates

func (c *Client) ListDeniedCertificates(q map[string]string) ([]WorkflowCertificate, error)

func (*Client) ListExternalValidationPendingCertificates

func (c *Client) ListExternalValidationPendingCertificates(q map[string]string) ([]WorkflowCertificate, error)

func (*Client) ListPendingCertificates

func (c *Client) ListPendingCertificates(q map[string]string) ([]WorkflowCertificate, error)

func (*Client) ListWorkflowCert

func (c *Client) ListWorkflowCert(endpoint string) ([]WorkflowCertificate, error)

func (*Client) RecoverCertificate

func (c *Client) RecoverCertificate(
	certId int,
	thumbprint string,
	serialNumber string,
	issuerDn string,
	password string,
	collectionId int,
) (interface{}, *x509.Certificate, []*x509.Certificate, error)

RecoverCertificate takes arguments for RecoverCertArgs to facilitate a call to Keyfactor that recovers a certificate and associated private key (if retained) in the specified format. The download certificate endpoint requires one of the following to retrieve a cert:

  • CertID
  • Thumbprint
  • SerialNumber AND IssuerDN

Additionally, the certificate Password is required. Returns:

  • Private key (*rsa.PrivateKey or *ecdsa.PrivateKey)
  • Leaf certificate (*x509.Certificate)
  • Certificate chain ([]*x509.Certificate)

func (*Client) RemoveCertificateFromStores

func (c *Client) RemoveCertificateFromStores(config *RemoveCertificateFromStore) ([]string, error)

RemoveCertificateFromStores takes argument for a RemoveCertificateFromStore structure, and is used to remove a certificate from one or more certificate stores.

func (*Client) ResetAgent

func (c *Client) ResetAgent(id string) (string, error)

func (*Client) RevokeCert

func (c *Client) RevokeCert(rvargs *RevokeCertArgs) error

RevokeCert takes arguments for RevokeCertArgs to facilitate the revocation of all specified certificate IDs. It returns nil upon successful revocation, and an error if not. Required fields to revoke a list of certificates in Keyfactor are:

  • CertificateIds : []int
  • Comment : string

func (*Client) UpdateMetadata

func (c *Client) UpdateMetadata(um *UpdateMetadataArgs) error

UpdateMetadata takes arguments for UpdateMetadataArgs to facilitate the updating of metadata fields in Keyfactor. It returns nil upon successful revocation, and an error if not. Required fields to update certificate metadata are:

  • CertID : int
  • CertificateMetadata : []CertificateMetadata OR Metadata : map[string]string

UpdateMetadata sets the metadata associated with a certificate EXACTLY. IE; if CertificateMetadata or Metadata are blank, any metadata associated with a certificate will be erased.

func (*Client) UpdateSecurityRole

func (c *Client) UpdateSecurityRole(input *UpdateSecurityRoleArg) (*UpdateSecurityRoleResponse, error)

UpdateSecurityRole updates the Keyfacor security role. This function takes argument for a CreateSecurityRoleArg struct and returns a CreateSecurityRoleResponse struct.

func (*Client) UpdateStore

func (c *Client) UpdateStore(ua *UpdateStoreFctArgs) (*UpdateStoreResponse, error)

UpdateStore takes arguments for UpdateStoreFctArgs to facilitate the adjustment of a certificate store associated with a Keyfactor Command instance. Note that various certificate store types require different property arguments, and careful attention should be taken to ensure that all required elements are included. Required arguments for this method are:

  • ClientMachine : string
  • StorePath : string
  • Properties : []StringTuple *Note - Method converts this slice of StringTuples to a JSON string if provided
  • AgentId : string

func (*Client) UpdateStoreType

func (c *Client) UpdateStoreType(ca *CertificateStoreType) (*CertificateStoreType, error)

func (*Client) UpdateTemplate

func (c *Client) UpdateTemplate(uta *UpdateTemplateArg) (*UpdateTemplateResponse, error)

UpdateTemplate takes arguments for a UpdateTemplateArg structure used to facilitate the modification of a certificate template. Required parameters for this function are elements of UpdateTemplateArg that can't be set to nil. A pointer to a UpdateTemplateResponse structure is returned, containing the template context.

type CreateSecurityIdentityArg

type CreateSecurityIdentityArg struct {
	AccountName string `json:"AccountName,omitempty"`
}

CreateSecurityIdentityArg holds the request body required to create a new security identity

type CreateSecurityIdentityResponse

type CreateSecurityIdentityResponse struct {
	Id           int                       `json:"Id,omitempty"`
	AccountName  string                    `json:"AccountName,omitempty"`
	IdentityType string                    `json:"IdentityType,omitempty"`
	Roles        []SecurityRoleInformation `json:"Roles,omitempty"`
	Valid        bool                      `json:"Valid,omitempty"`
}

CreateSecurityIdentityResponse is returned by the POST call to /Security/Identities

type CreateSecurityRoleArg

type CreateSecurityRoleArg struct {
	Name        string                        `json:"Name,omitempty"`
	Description string                        `json:"Description,omitempty"`
	Enabled     *bool                         `json:"Enabled,omitempty"`
	Private     *bool                         `json:"Private,omitempty"`
	Permissions *[]string                     `json:"Permissions,omitempty"` // List of permissions in ["key:value"] format
	Identities  *[]SecurityRoleIdentityConfig `json:"Identities,omitempty"`
}

CreateSecurityRoleArg holds the function arguments required for CreateSecurityRole

type CreateSecurityRoleResponse

type CreateSecurityRoleResponse struct {
	Id          int                           `json:"Id,omitempty"`
	Name        string                        `json:"Name,omitempty"`
	Description string                        `json:"Description,omitempty"`
	Enabled     *bool                         `json:"Enabled,omitempty"`
	Immutable   bool                          `json:"Immutable,omitempty"`
	Private     *bool                         `json:"Private,omitempty"`
	Permissions *[]string                     `json:"Permissions,omitempty"` // List of permissions in ["key:value"] format
	Identities  *[]SecurityRoleIdentityConfig `json:"Identities,omitempty"`
}

CreateSecurityRoleResponse holds response elements returned by

type CreateStoreFctArgs

type CreateStoreFctArgs struct {
	ContainerId             *int    `json:"ContainerId,omitempty"`
	ClientMachine           string  `json:"ClientMachine"`
	StorePath               string  `json:"StorePath"`
	CertStoreInventoryJobId *string `json:"CertStoreInventoryJobId,omitempty"`
	CertStoreType           int     `json:"CertStoreType"`
	Approved                *bool   `json:"Approved,omitempty"`
	CreateIfMissing         *bool   `json:"CreateIfMissing,omitempty"`
	// String JSON name-value pairs; this field is not recommended. Instead, please use Properties. This field is
	// automatically populated by the CreateStore method. However, if configured, this field will be used.
	PropertiesString string `json:"Properties,omitempty"`
	// Mapped name-value pair field used to configure properties.
	Properties            map[string]interface{} `json:"-"`
	AgentId               string                 `json:"AgentId"`
	AgentAssigned         *bool                  `json:"AgentAssigned,omitempty"`
	ContainerName         *string                `json:"ContainerName,omitempty"`
	InventorySchedule     *InventorySchedule     `json:"InventorySchedule,omitempty"`
	ReEnrollmentStatus    *ReEnrollmnentConfig   `json:"ReEnrollmentStatus,omitempty"`
	SetNewPasswordAllowed *bool                  `json:"SetNewPasswordAllowed,omitempty"`
	Password              *StorePasswordConfig   `json:"Password"`
}

CreateStoreFctArgs holds the function arguments used for calling the CreateStore method.

type CreateStoreResponse

type CreateStoreResponse struct {
	Id                      string              `json:"Id"`
	ContainerId             int                 `json:"ContainerId"`
	ClientMachine           string              `json:"ClientMachine"`
	Storepath               string              `json:"Storepath"`
	CertStoreInventoryJobId string              `json:"CertStoreInventoryJobId"`
	CertStoreType           int                 `json:"CertStoreType"`
	Approved                bool                `json:"Approved"`
	CreateIfMissing         bool                `json:"CreateIfMissing"`
	PropertiesString        string              `json:"Properties"`
	Properties              map[string]string   `json:"-"`
	AgentId                 string              `json:"AgentId"`
	AgentAssigned           bool                `json:"AgentAssigned"`
	ContainerName           string              `json:"ContainerName"`
	InventorySchedule       InventorySchedule   `json:"InventorySchedule"`
	ReenrollmentStatus      ReEnrollmnentConfig `json:"ReenrollmentStatus"`
	SetNewPasswordAllowed   bool                `json:"SetNewPasswordAllowed"`
}

CreateStoreResponse contains the response elements returned from the CreateStore method.

type DeleteStoreType

type DeleteStoreType struct {
	ID int `json:"id"`
}

type DeployPFXArgs

type DeployPFXArgs struct {
	StoreIds      []string     `json:"StoreIds"`
	Password      string       `json:"Password"`
	StoreTypes    []StoreTypes `json:"StoreTypes"`
	CertificateId int          `json:"CertificateId"`
	RequestId     int          `json:"RequestId"`
	JobTime       *string      `json:"JobTime,omitempty"`
}

DeployPFXArgs holds the function arguments used for calling the DeployPFXCertificate method.

type DeployPFXResp

type DeployPFXResp struct {
	SuccessfulStores []string `json:"SuccessfulStores"`
	FailedStores     []string `json:"FailedStores"`
}

DeployPFXResp holds response data from the DeployPFXCertificate method.

type DetailedKeyUsage

type DetailedKeyUsage struct {
	CrlSign          bool   `json:"CrlSign,omitempty"`
	DataEncipherment bool   `json:"DataEncipherment,omitempty"`
	DecipherOnly     bool   `json:"DecipherOnly,omitempty"`
	DigitalSignature bool   `json:"DigitalSignature,omitempty"`
	EncipherOnly     bool   `json:"EncipherOnly,omitempty"`
	KeyAgreement     bool   `json:"KeyAgreement,omitempty"`
	KeyCertSign      bool   `json:"KeyCertSign,omitempty"`
	KeyEncipherment  bool   `json:"KeyEncipherment,omitempty"`
	NonRepudiation   bool   `json:"NonRepudiation,omitempty"`
	HexCode          string `json:"HexCode,omitempty"`
}

DetailedKeyUsage contains key useage data returned by the GetCertificateContext method.

type EnrollCSRFctArgs

type EnrollCSRFctArgs struct {
	CSR                  string
	Timestamp            string                 `json:"Timestamp"`
	Template             string                 `json:"Template"`
	CertFormat           string                 `json:"-"`
	CertificateAuthority string                 `json:"CertificateAuthority"`
	IncludeChain         bool                   `json:"IncludeChain"`
	SANs                 *SANs                  `json:"SANs"`
	Metadata             map[string]interface{} `json:"Metadata"`
}

EnrollCSRFctArgs holds the function arguments used for calling the EnrollCSR method.

type EnrollPFXFctArgs

type EnrollPFXFctArgs struct {
	CustomFriendlyName          string `json:"CustomFriendlyName,omitempty"`
	Password                    string `json:"Password"`
	PopulateMissingValuesFromAD bool   `json:"PopulateMissingValuesFromAD"`
	// Configure the SubjectString field as the full string subject for the certificate. For example, if you don't have
	// subject fields individually separated, and the subject is already in the format required by RFC5280, use the SubjectString field.
	SubjectString string `json:"Subject"`

	// If the certificate subject is not already in the format required by RFC5280, configure the subject fields using a CertificateSubject
	// struct, and EnrollPFX will automatically compile this information into a proper subject.
	Subject              *CertificateSubject    `json:"-"`
	IncludeChain         bool                   `json:"IncludeChain"`
	RenewalCertificateId int                    `json:"RenewalCertificateId,omitempty"`
	CertificateAuthority string                 `json:"CertificateAuthority"`
	Timestamp            string                 `json:"Timestamp"`
	Template             string                 `json:"Template"`
	SANs                 *SANs                  `json:"SANs,omitempty"`
	Metadata             map[string]interface{} `json:"Metadata,omitempty"`
	CertFormat           string                 `json:"-"`
}

EnrollPFXFctArgs holds the function arguments used for calling the EnrollPFX method.

type EnrollPFXFctArgsV2

type EnrollPFXFctArgsV2 struct {
	Stores                      []CertificateStore `json:"Stores,omitempty"`
	CustomFriendlyName          string             `json:"CustomFriendlyName,omitempty"`
	Password                    string             `json:"Password"`
	PopulateMissingValuesFromAD bool               `json:"PopulateMissingValuesFromAD"`
	// Configure the SubjectString field as the full string subject for the certificate. For example, if you don't have
	// subject fields individually separated, and the subject is already in the format required by RFC5280, use the SubjectString field.
	SubjectString string `json:"Subject"`

	// If the certificate subject is not already in the format required by RFC5280, configure the subject fields using a CertificateSubject
	// struct, and EnrollPFX will automatically compile this information into a proper subject.
	Subject                              *CertificateSubject    `json:"-"`
	IncludeChain                         bool                   `json:"IncludeChain"`
	RenewalCertificateId                 int                    `json:"RenewalCertificateId,omitempty"`
	CertificateAuthority                 string                 `json:"CertificateAuthority"`
	Timestamp                            string                 `json:"Timestamp"`
	Template                             string                 `json:"Template"`
	SANs                                 *SANs                  `json:"SANs,omitempty"`
	Metadata                             map[string]interface{} `json:"Metadata,omitempty"`
	CertFormat                           string                 `json:"-"`
	InstallIntoExistingCertificateStores bool                   `json:"InstallIntoExistingCertificateStores,omitempty"`
	ChainOrder                           string                 `json:"ChainOrder,omitempty"`
	KeyType                              string                 `json:"KeyType,omitempty"`
	KeyLength                            int                    `json:"KeyLength,omitempty"`
}

type EnrollResponse

type EnrollResponse struct {
	Certificates           []string
	CertificateInformation CertificateInformation `json:"CertificateInformation"`
}

EnrollResponse is the outer certificate enrollment response. When Enroll functions are called, the certificates are placed inside the Certificates element, and certificate information is placed inside CertificateInformation

type EnrollResponseV2

type EnrollResponseV2 struct {
	SuccessfulStores       []string               `json:"SuccessfulStores"`
	CertificateInformation CertificateInformation `json:"CertificateInformation"`
	Metadata               interface{}            `json:"Metadata,omitempty"`
}

type EntryParameter

type EntryParameter struct {
	StoreTypeId  int    `json:"StoreTypeId"`
	Name         string `json:"Name"`
	DisplayName  string `json:"DisplayName"`
	Type         string `json:"Type"`
	RequiredWhen struct {
		HasPrivateKey  bool `json:"HasPrivateKey"`
		OnAdd          bool `json:"OnAdd"`
		OnRemove       bool `json:"OnRemove"`
		OnReenrollment bool `json:"OnReenrollment"`
	}
	DependsOn    string `json:"DependsOn"`
	DefaultValue string `json:"DefaultValue"`
	Options      string `json:"Options"`
}

type EntryParameterGeneric

type EntryParameterGeneric struct {
	Name         string `json:"Name"`
	DisplayName  string `json:"DisplayName"`
	Type         string `json:"Type"`
	RequiredWhen struct {
		HasPrivateKey  bool `json:"HasPrivateKey"`
		OnAdd          bool `json:"OnAdd"`
		OnRemove       bool `json:"OnRemove"`
		OnReenrollment bool `json:"OnReenrollment"`
	}
	DependsOn    string `json:"DependsOn"`
	DefaultValue string `json:"DefaultValue"`
	Options      string `json:"Options"`
}

type EntryPassword

type EntryPassword struct {
	// A string containing the password. This value only needs to be supplied if you're storing your password in the Keyfactor Command database.
	SecretValue string `json:"SecretValue,omitempty"`

	// The parameters required by your PAM provider, containing the information that identifies the location of the password in the PAM solution.
	Parameters struct{} `json:"Parameters,omitempty"`

	// An integer that identifies the PAM provider used to store the password.
	Provider int `json:"Provider,omitempty"`
}

type GetCertStoreInventoryResp

type GetCertStoreInventoryResp struct {
	Inventory []CertStoreInventory
}

type GetCertificateContextArgs

type GetCertificateContextArgs struct {
	IncludeMetadata      *bool  `json:"IncludeMetadata,omitempty"`      // Query
	IncludeLocations     *bool  `json:"IncludeLocations,omitempty"`     // Query
	CollectionId         *int   `json:"CollectionId,omitempty"`         // Query
	Thumbprint           string `json:"Thumbprint,omitempty"`           // Query
	CommonName           string `json:"CommonName,omitempty"`           // Query
	Id                   int    `json:"Id"`                             // Query
	IncludeHasPrivateKey *bool  `json:"IncludeHasPrivateKey,omitempty"` // Query
	RequestId            int    `json:"RequestId,omitempty"`            // Query
}

GetCertificateContextArgs holds the function arguments used for calling the GetCertificateContext method.

type GetCertificateResponse

type GetCertificateResponse struct {
	Id                       int    `json:"Id"`
	Thumbprint               string `json:"Thumbprint"`
	SerialNumber             string `json:"SerialNumber"`
	IssuedDN                 string `json:"IssuedDN"`
	IssuedCN                 string `json:"IssuedCN"`
	ImportDate               string `json:"ImportDate"`
	NotBefore                string `json:"NotBefore"`
	NotAfter                 string `json:"NotAfter"`
	IssuerDN                 string `json:"IssuerDN"`
	PrincipalId              string `json:"PrincipalId"`
	TemplateId               int    `json:"TemplateId"`
	CertState                int    `json:"CertState"`
	KeySizeInBits            int    `json:"KeySizeInBits"`
	KeyType                  int    `json:"KeyType"`
	RequesterId              int    `json:"RequesterId"`
	IssuedOU                 string `json:"IssuedOU"`
	KeyUsage                 int    `json:"KeyUsage"`
	SigningAlgorithm         string `json:"SigningAlgorithm"`
	CertStateString          string `json:"CertStateString"`
	KeyTypeString            string `json:"KeyTypeString"`
	RevocationEffDate        string `json:"RevocationEffDate"`
	RevocationReason         int    `json:"RevocationReason"`
	RevocationComment        string `json:"RevocationComment"`
	CertificateAuthorityId   int    `json:"CertificateAuthorityId"`
	CertificateAuthorityName string `json:"CertificateAuthorityName"`
	TemplateName             string `json:"TemplateName"`
	ArchivedKey              bool   `json:"ArchivedKey"`
	HasPrivateKey            bool   `json:"HasPrivateKey"`
	PrincipalName            string `json:"PrincipalName"`
	CertRequestId            int    `json:"CertRequestId"`
	RequesterName            string `json:"RequesterName"`
	ContentBytes             string `json:"ContentBytes"`
	ExtendedKeyUsages        []interface{}
	SubjectAltNameElements   []SubjectAltNameElements `json:"SubjectAltNameElements"`
	CRLDistributionPoints    []CRLDistributionPoints  `json:"CRLDistributionPoints"`
	LocationsCount           []LocationsCount         `json:"LocationsCount"`
	SSLLocations             []SSLLocations           `json:"SSLLocations"`
	Locations                []CertificateLocations   `json:"Locations"`
	Metadata                 interface{}              `json:"Metadata"`
	CertificateKeyId         int                      `json:"CertificateKeyId"`
	CARowIndex               int                      `json:"CARowIndex"`
	DetailedKeyUsage         []DetailedKeyUsage       `json:"detailed_key_usage"`
	KeyRecoverable           bool                     `json:"KeyRecoverable"`
}

GetCertificateResponse contains the response elements returned from the GetCertificateContext method.

type GetCertificateStoreResponse

type GetCertificateStoreResponse struct {
	Id                      string                 `json:"Id,omitempty"`
	ContainerId             int                    `json:"ContainerId,omitempty"`
	ClientMachine           string                 `json:"ClientMachine,omitempty"`
	StorePath               string                 `json:"Storepath,omitempty"`
	CertStoreInventoryJobId string                 `json:"CertStoreInventoryJobId,omitempty"`
	CertStoreType           int                    `json:"CertStoreType,omitempty"`
	Approved                bool                   `json:"Approved,omitempty"`
	CreateIfMissing         bool                   `json:"CreateIfMissing,omitempty"`
	PropertiesString        string                 `json:"Properties,omitempty"`
	Properties              map[string]interface{} `json:"-"`
	AgentId                 string                 `json:"AgentId,omitempty"`
	AgentAssigned           bool                   `json:"AgentAssigned,omitempty"`
	ContainerName           string                 `json:"ContainerName,omitempty"`
	InventorySchedule       InventorySchedule      `json:"InventorySchedule"`
	ReenrollmentStatus      ReEnrollmnentConfig    `json:"ReenrollmentStatus,omitempty"`
	SetNewPasswordAllowed   bool                   `json:"SetNewPasswordAllowed,omitempty"`
	Password                StorePasswordConfig    `json:"Password,omitempty"`
	DisplayName             string                 `json:"DisplayName,omitempty"`
}

type GetSecurityIdentityResponse

type GetSecurityIdentityResponse struct {
	Id           int                       `json:"Id,omitempty"`
	AccountName  string                    `json:"AccountName,omitempty"`
	IdentityType string                    `json:"IdentityType,omitempty"`
	Roles        []SecurityRoleInformation `json:"Roles,omitempty"`
	Valid        bool                      `json:"Valid,omitempty"`
}

GetSecurityIdentityResponse holds the response data returned by /Security/Identities

type GetSecurityRoleResponse

type GetSecurityRoleResponse struct {
	Id          float64            `json:"Id,omitempty"`
	Name        string             `json:"Name,omitempty"`
	Description string             `json:"Description,omitempty"`
	Identities  []SecurityIdentity `json:"Identities,omitempty"`
	Permissions []string           `json:"Permissions,omitempty"`
}

type GetSecurityRolesResponse

type GetSecurityRolesResponse struct {
	ID          float64            `json:"Id"`
	Description string             `json:"Description,omitempty"`
	Enabled     bool               `json:"Enabled"`
	Immutable   bool               `json:"Immutable"`
	Valid       bool               `json:"Valid"`
	Private     bool               `json:"Private"`
	Identities  []SecurityIdentity `json:"Identities"`
	Name        string             `json:"Name,omitempty"`
	Permissions []string           `json:"Permissions"`
}

GetSecurityRolesResponse holds the response data returned by /Security/Roles

type GetTemplateResponse

type GetTemplateResponse struct {
	Id                     int                        `json:"Id,omitempty"`
	CommonName             string                     `json:"CommonName,omitempty"`
	TemplateName           string                     `json:"TemplateName,omitempty"`
	Oid                    string                     `json:"Oid,omitempty"`
	KeySize                string                     `json:"KeySize,omitempty"`
	KeyType                string                     `json:"KeyType,omitempty"`
	ForestRoot             string                     `json:"ForestRoot,omitempty"`
	FriendlyName           string                     `json:"FriendlyName,omitempty"`
	KeyRetention           string                     `json:"KeyRetention,omitempty"`
	KeyRetentionDays       int                        `json:"KeyRetentionDays,omitempty"`
	KeyArchival            bool                       `json:"KeyArchival,omitempty"`
	EnrollmentFields       []TemplateEnrollmentFields `json:"EnrollmentFields,omitempty"`
	MetadataFields         []TemplateMetadataFields   `json:"MetadataFields,omitempty"`
	AllowedEnrollmentTypes int                        `json:"AllowedEnrollmentTypes,omitempty"`
	TemplateRegexes        []TemplateRegex            `json:"TemplateRegexes,omitempty"`
	UseAllowedRequesters   bool                       `json:"UseAllowedRequesters,omitempty"`
	AllowedRequesters      []string                   `json:"AllowedRequesters,omitempty"`
	RFCEnforcement         bool                       `json:"RFCEnforcement,omitempty"`
	RequiresApproval       bool                       `json:"RequiresApproval,omitempty"`
	KeyUsage               int                        `json:"KeyUsage,omitempty"`
}

type InventoriedCertificate

type InventoriedCertificate struct {
	Id                       int                    `json:"Id"`
	IssuedDN                 string                 `json:"IssuedDN"`
	SerialNumber             string                 `json:"SerialNumber"`
	NotBefore                string                 `json:"NotBefore"`
	NotAfter                 string                 `json:"NotAfter"`
	SigningAlgorithm         string                 `json:"SigningAlgorithm"`
	IssuerDN                 string                 `json:"IssuerDN"`
	Thumbprint               string                 `json:"Thumbprint"`
	CertStoreInventoryItemId int                    `json:"CertStoreInventoryItemId"`
	Metadata                 map[string]interface{} `json:"Metadata"`
}

type InventoryDaily

type InventoryDaily struct {
	Time string `json:"Time"`
}

InventoryDaily specifies that the inventory should happen at a given time in the day, daily

type InventoryInterval

type InventoryInterval struct {
	Minutes int `json:"Minutes"`
}

InventoryInterval specifies that the inventory should happen at a given interval in minutes

type InventoryOnce

type InventoryOnce struct {
	Time string `json:"Time"`
}

InventoryOnce specifies that the inventory should happen once, at a given time

type InventorySchedule

type InventorySchedule struct {
	Immediate   *bool              `json:"Immediate,omitempty"`
	Interval    *InventoryInterval `json:"Interval,omitempty"`
	Daily       *InventoryDaily    `json:"Daily,omitempty"`
	ExactlyOnce *InventoryOnce     `json:"ExactlyOnce,omitempty"`
}

InventorySchedule holds configuration data for creating an inventory schedule for a certificate store in Keyfactor

type ListCertificateResponse

type ListCertificateResponse struct {
	Certificates []GetCertificateResponse `json:"Certificates"`
}

type ListCertificateStoresResponse

type ListCertificateStoresResponse struct {
	// An array of certificate store objects.
	CertificateStores []CertificateStore `json:"CertificateStores"`
}

type LocationsCount

type LocationsCount struct {
	Type  string `json:"Type,omitempty"`
	Count int    `json:"Count,omitempty"`
}

LocationsCount contains details on what kind of and how many stores the certificate is deployed inside.

type MetadataField

type MetadataField struct {
	Id           int    `json:"Id"`
	Name         string `json:"Name"`
	Description  string `json:"Description"`
	DataType     int    `json:"DataType"`
	Hint         string `json:"Hint"`
	Validation   string `json:"Validation"`
	Enrollment   int    `json:"Enrollment"`
	Message      string `json:"Message"`
	Options      string `json:"Options"`
	DefaultValue string `json:"DefaultValue"`
	DisplayOrder int    `json:"DisplayOrder"`
}

type PropertyDefinition

type PropertyDefinition struct {
	StoreTypeID  int    `json:"StoreTypeID"`
	Name         string `json:"Name"`
	DisplayName  string `json:"DisplayName"`
	Type         string `json:"Type"`
	DependsOn    string `json:"DependsOn"`
	DefaultValue string `json:"DefaultValue"`
	Required     bool   `json:"Required"`
}

PropertyDefinition defines property fields associated with a certificate store type, and is returned by the GetCertificateStoreType method

type ProviderParams

type ProviderParams struct {
	Id           int
	Name         string
	Area         int
	ProviderType ProviderType
}

type ProviderType

type ProviderType struct {
	Id   string
	Name string
}

type ProviderTypeParams

type ProviderTypeParams struct {
	Id           string
	Value        string
	InstanceId   string
	InstanceGuid string
	Provider     ProviderParams
}

type ReEnrollmnentConfig

type ReEnrollmnentConfig struct {
	Data               bool   `json:"Data"`
	AgentId            string `json:"AgentId"`
	Message            string `json:"Message"`
	JobProperties      string `json:"JobProperties"`
	CustomAliasAllowed int    `json:"CustomAliasAllowed"`
}

ReEnrollmnentConfig configures the re-enrollment job for a created certificate.

type RemoveCertificateFromStore

type RemoveCertificateFromStore struct {
	// An integer containing the Keyfactor Command reference ID of the certificate to be removed to the certificate store(s).
	CertificateId int    `json:"CertificateId"`
	Alias         string `json:"Alias"`
	// An array of certificate store GUIDs to identify the certificate stores to which the certificate should be removed
	// and provide appropriate reference information for the certificate in the store.
	CertificateStores *[]CertificateStore `json:"CertificateStores,omitempty"`

	// The inventory schedule for the remove job
	InventorySchedule *InventorySchedule `json:"Schedule,omitempty"`

	// An integer containing the Keyfactor Command reference ID of the certificate to be removed to the certificate store(s).
	CollectionId int `json:"CollectionId,omitempty"`
}

RemoveCertificateFromStore contains configuration data required to remove a certificate associated with a specific alias from one or more certificate stores.

type RevokeCertArgs

type RevokeCertArgs struct {
	CertificateIds []int  `json:"CertificateIds"`
	Reason         int    `json:"Reason"`
	Comment        string `json:"Comment"`
	EffectiveDate  string `json:"EffectiveDate"`
	CollectionId   int    `json:"CollectionId,omitempty"`
}

RevokeCertArgs holds the function arguments used for calling the RevokeCert method.

type SANs

type SANs struct {
	IP4 []string `json:"ip4,omitempty"`
	IP6 []string `json:"ip6,omitempty"`
	DNS []string `json:"dns,omitempty"`
	URI []string `json:"uri,omitempty"`
}

SANs holds arrays of strings associated with IPv4 (IP4), IPv6 (IP6), DNS, and URI SANs.

type SSLLocations

type SSLLocations struct {
	StorePath   string `json:"StorePath,omitempty"`
	AgentPool   string `json:"AgentPool,omitempty"`
	IPAddress   string `json:"IPAddress,omitempty"`
	Port        int    `json:"Port,omitempty"`
	NetworkName string `json:"NetworkName,omitempty"`
}

SSLLocations contains detailed information on the locations that the certificate was found in a scan.

type SecretParamValue

type SecretParamValue struct {
	SecretValue string `json:"SecretValue"`
}

type SecurityIdentity

type SecurityIdentity struct {
	Id           float64 `json:"Id"`
	AccountName  string  `json:"AccountName"`
	IdentityType string  `json:"IdentityType"`
	Sid          string  `json:"SID"`
}

SecurityIdentity contains the contains required elements to attach an identity to a role

type SecurityRoleIdentityConfig

type SecurityRoleIdentityConfig struct {
	AccountName string
	SID         *string
}

SecurityRoleIdentityConfig holds configuration data defining which security identities are attached to a given security role.

type SecurityRoleInformation

type SecurityRoleInformation struct {
	Id          int    `json:"Id,omitempty"`
	Name        string `json:"Name,omitempty"`
	Description string `json:"Description,omitempty"`
}

SecurityRoleInformation holds security role information associated with an identity

type SecurityRolePermission

type SecurityRolePermission struct {
	AgentAutoRegistration      *string `json:"AgentAutoRegistration,omitempty"`
	AgentManagement            *string `json:"agent_management,omitempty"`
	API                        *string `json:"api,omitempty"`
	Auditing                   *string `json:"auditing,omitempty"`
	CertificateCollections     *string `json:"certificate_collections,omitempty"`
	CertificateEnrollment      *string `json:"certificate_enrollment,omitempty"`
	CertificateMetadataTypes   *string `json:"certificate_metadata_types,omitempty"`
	CertificateStoreManagement *string `json:"certificate_store_management,omitempty"`
	Certificates               *string `json:"certificates,omitempty"`
	Dashboard                  *string `json:"dashboard,omitempty"`
	MacAutoEnrollManagement    *string `json:"mac_auto_enroll_management,omitempty"`
	AdminPortal                *string `json:"admin_portal,omitempty"`
	Monitoring                 *string `json:"monitoring,omitempty"`
	PkiManagement              *string `json:"pki_management,omitempty"`
	Reports                    *string `json:"reports,omitempty"`
	SecuritySettings           *string `json:"security_settings,omitempty"`
	SSH                        *string `json:"ssh,omitempty"`
	SslManagement              *string `json:"ssl_management,omitempty"`
	SystemSettings             *string `json:"system_settings,omitempty"`
	WorkflowManagement         *string `json:"workflow_management,omitempty"`
}

SecurityRolePermission holds the permission configuration to create or update a Keyefactor security role. See API documentation for specifics on how to configure these fields.

type SpecialPropertiesSecretValue

type SpecialPropertiesSecretValue struct {
	Value SecretParamValue `json:"value"`
}

type SpecialPropertiesValue

type SpecialPropertiesValue struct {
	Value interface{} `json:"value"`
}

type StorePasswordConfig

type StorePasswordConfig struct {
	Value          *string `json:"SecretValue"`
	SecretTypeGuid *string `json:"SecretTypeGuid,omitempty"`
	InstanceId     *string `json:"InstanceId,omitempty"`

} // ProviderTypeParameterValues - Not yet implemented

StorePasswordConfig configures the password field for a new certificate store.

type StoreTypePasswordOptions

type StoreTypePasswordOptions struct {
	EntrySupported bool   `json:"EntrySupported"`
	StoreRequired  bool   `json:"StoreRequired"`
	Style          string `json:"Style"`
}

type StoreTypePropertyDefinition

type StoreTypePropertyDefinition struct {
	StoreTypeID  int         `json:"StoreTypeId"`
	Name         string      `json:"Name"`
	DisplayName  string      `json:"DisplayName"`
	Type         string      `json:"Type"`
	DependsOn    interface{} `json:"DependsOn"`
	DefaultValue interface{} `json:"DefaultValue"`
	Required     bool        `json:"Required"`
}

type StoreTypePropertyDefinitionGeneric

type StoreTypePropertyDefinitionGeneric struct {
	Name         string      `json:"Name"`
	DisplayName  string      `json:"DisplayName"`
	Type         string      `json:"Type"`
	DependsOn    interface{} `json:"DependsOn"`
	DefaultValue interface{} `json:"DefaultValue"`
	Required     bool        `json:"Required"`
}

type StoreTypeSupportedOperations

type StoreTypeSupportedOperations struct {
	Add        bool `json:"Add"`
	Create     bool `json:"Create"`
	Discovery  bool `json:"Discovery"`
	Enrollment bool `json:"Enrollment"`
	Remove     bool `json:"Remove"`
}

type StoreTypes

type StoreTypes struct {
	StoreTypeId int       `json:"StoreTypeId"`
	Alias       *string   `json:"Alias,omitempty"`
	Overwrite   *bool     `json:"Overwrite,omitempty"`
	Properties  *[]string `json:"Properties,omitempty"`
}

StoreTypes holds necessary store type metadata for creating and deploying certificates.

type StringTuple

type StringTuple struct {
	Elem1 string `json:"elem1,omitempty"`
	Elem2 string `json:"elem2,omitempty"`
}

StringTuple is a struct holding two string elements used by the Keyfactor Go Client library for data types requiring a tuple of strings

type SubjectAltNameElements

type SubjectAltNameElements struct {
	Id        int    `json:"Id"`
	Value     string `json:"Value"`
	Type      int    `json:"Type"`
	ValueHash string `json:"ValueHash"`
}

SubjectAltNameElements contains detailed information on the SANs attached to a certificate, and is returned inside the GetCertificateContext method

type TemplateEnrollmentFields

type TemplateEnrollmentFields struct {
	Id       int
	Name     string
	Options  []string
	DataType int
}

type TemplateMetadataFields

type TemplateMetadataFields struct {
	Id           int
	DefaultValue string
	MetadataId   int
	Validation   string
	Enrollment   int
	Message      string
	Options      string
}

type TemplateRegex

type TemplateRegex struct {
	TemplateId  int
	SubjectPart string
	RegEx       string
	Error       string
}

type TerraformLogger

type TerraformLogger struct {
	// contains filtered or unexported fields
}

TerraformLogger wraps the tflog logging to handle Go's log messages with log level mapping.

func (*TerraformLogger) Write

func (w *TerraformLogger) Write(p []byte) (n int, err error)

Write implements the io.Writer interface to redirect Go logs to tflog with log levels.

type UpdateMetadataArgs

type UpdateMetadataArgs struct {
	CertID              int                    `json:"Id"`
	CertificateMetadata []StringTuple          `json:"-"`
	Metadata            map[string]interface{} `json:"Metadata"`
	CollectionId        int                    `json:"CollectionId"`
}

UpdateMetadataArgs holds the function arguments used for calling the UpdateMetadata method.

type UpdateSecurityRoleArg

type UpdateSecurityRoleArg struct {
	Id int `json:"Id,omitempty"`
	CreateSecurityRoleArg
}

UpdateSecurityRoleArg holds the function arguments used for calling the UpdateSecurityRole method.

type UpdateSecurityRoleResponse

type UpdateSecurityRoleResponse struct {
	CreateSecurityRoleResponse
}

UpdateSecurityRoleResponse holds the response elements returned by the UpdateSecurityRole method

type UpdateStoreFctArgs

type UpdateStoreFctArgs struct {
	Id                      string  `json:"Id,omitempty"`
	ContainerId             *int    `json:"ContainerId,omitempty"`
	ClientMachine           string  `json:"ClientMachine"`
	StorePath               string  `json:"StorePath"`
	CertStoreInventoryJobId *string `json:"CertStoreInventoryJobId,omitempty"`
	CertStoreType           int     `json:"CertStoreType"`
	Approved                *bool   `json:"Approved,omitempty"`
	CreateIfMissing         *bool   `json:"CreateIfMissing,omitempty"`
	// String JSON name-value pairs; this field is not recommended. Instead, please use Properties. This field is
	// automatically populated by the CreateStore method. However, if configured, this field will be used.
	PropertiesString string `json:"Properties,omitempty"`
	// Mapped name-value pair field used to configure properties.
	Properties            map[string]interface{} `json:"-"`
	AgentId               string                 `json:"AgentId"`
	AgentAssigned         *bool                  `json:"AgentAssigned,omitempty"`
	ContainerName         *string                `json:"ContainerName,omitempty"`
	InventorySchedule     *InventorySchedule     `json:"InventorySchedule,omitempty"`
	ReEnrollmentStatus    *ReEnrollmnentConfig   `json:"ReEnrollmentStatus,omitempty"`
	SetNewPasswordAllowed *bool                  `json:"SetNewPasswordAllowed,omitempty"`
	Password              *StorePasswordConfig   `json:"Password"`
}

UpdateStoreFctArgs holds the function arguments used for calling the UpdateStore method.

type UpdateStoreResponse

type UpdateStoreResponse struct{ CreateStoreResponse }

UpdateStoreResponse contains the response elements returned from the UpdateStore method.

type UpdateTemplateArg

type UpdateTemplateArg struct {
	Id                     int                         `json:"Id,omitempty"`
	CommonName             string                      `json:"CommonName,omitempty"`
	TemplateName           string                      `json:"TemplateName,omitempty"`
	Oid                    string                      `json:"Oid,omitempty"`
	KeySize                string                      `json:"KeySize,omitempty"`
	KeyType                *string                     `json:"KeyType,omitempty"`
	ForestRoot             string                      `json:"ForestRoot,omitempty"`
	FriendlyName           *string                     `json:"FriendlyName,omitempty"`
	KeyRetention           *string                     `json:"KeyRetention,omitempty"`
	KeyRetentionDays       *int                        `json:"KeyRetentionDays,omitempty"`
	KeyArchival            *bool                       `json:"KeyArchival,omitempty"`
	EnrollmentFields       *[]TemplateEnrollmentFields `json:"EnrollmentFields,omitempty"`
	MetadataFields         *[]TemplateMetadataFields   `json:"MetadataFields,omitempty"`
	AllowedEnrollmentTypes *int                        `json:"AllowedEnrollmentTypes,omitempty"`
	TemplateRegexes        *[]TemplateRegex            `json:"TemplateRegexes,omitempty"`
	UseAllowedRequesters   *bool                       `json:"UseAllowedRequesters,omitempty"`
	AllowedRequesters      *[]string                   `json:"AllowedRequesters,omitempty"`
	RFCEnforcement         *bool                       `json:"RFCEnforcement,omitempty"`
	RequiresApproval       *bool                       `json:"RequiresApproval,omitempty"`
	KeyUsage               *bool                       `json:"KeyUsage,omitempty"`
}

type UpdateTemplateResponse

type UpdateTemplateResponse struct{ GetTemplateResponse }

type WorkflowActionResponse

type WorkflowActionResponse struct {
	Failures []struct {
		CARowId            int    `json:"CARowId"`
		CARequestId        string `json:"CARequestId"`
		CAHost             string `json:"CAHost"`
		CALogicalName      string `json:"CALogicalName"`
		KeyfactorRequestId int    `json:"KeyfactorRequestId"`
		Comment            string `json:"Comment"`
	} `json:"Failures"`
	Denials []struct {
		CARowId            int    `json:"CARowId"`
		CARequestId        string `json:"CARequestId"`
		CAHost             string `json:"CAHost"`
		CALogicalName      string `json:"CALogicalName"`
		KeyfactorRequestId int    `json:"KeyfactorRequestId"`
		Comment            string `json:"Comment"`
	} `json:"Denials"`
	Successes []struct {
		CARowId            int    `json:"CARowId"`
		CARequestId        string `json:"CARequestId"`
		CAHost             string `json:"CAHost"`
		CALogicalName      string `json:"CALogicalName"`
		KeyfactorRequestId int    `json:"KeyfactorRequestId"`
		Comment            string `json:"Comment"`
	} `json:"Successes"`
}

type WorkflowCertificate

type WorkflowCertificate struct {
	Id                   int               `json:"Id"`
	CARequestId          string            `json:"CARequestId"`
	CommonName           string            `json:"CommonName"`
	DistinguishedName    string            `json:"DistinguishedName"`
	SubmissionDate       time.Time         `json:"SubmissionDate"`
	CertificateAuthority string            `json:"CertificateAuthority"`
	Template             string            `json:"Template"`
	Requester            string            `json:"Requester"`
	State                int               `json:"State"`
	StateString          string            `json:"StateString"`
	Metadata             map[string]string `json:"Metadata"`
}

type WorkflowDenyCertificateRequest

type WorkflowDenyCertificateRequest struct {
	Comment               string `json:"Comment"`
	CertificateRequestIds []int  `json:"CertificateRequestIds"`
}

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL