certificate

package
v4.16.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Nov 16, 2021 License: Apache-2.0 Imports: 17 Imported by: 6

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func AllSupportedKeySizes 

func AllSupportedKeySizes() []int

func GenerateECDSAPrivateKey 

func GenerateECDSAPrivateKey(curve EllipticCurve) (*ecdsa.PrivateKey, error)

GenerateECDSAPrivateKey generates a new ecdsa private key using the curve specified

func GenerateRSAPrivateKey 

func GenerateRSAPrivateKey(size int) (*rsa.PrivateKey, error)

GenerateRSAPrivateKey generates a new rsa private key using the size specified

func GenerateRequest 

func GenerateRequest(request *Request, privateKey crypto.Signer) error

GenerateRequest generates a certificate request Please use method Request.GenerateCSR() TODO: Remove usage from all libraries, deprecated

func GetCertificatePEMBlock 

func GetCertificatePEMBlock(cert []byte) *pem.Block

GetCertificatePEMBlock gets the certificate as a PEM data block

func GetCertificateRequestPEMBlock 

func GetCertificateRequestPEMBlock(request []byte) *pem.Block

GetCertificateRequestPEMBlock gets the certificate request as a PEM data block

func GetEncryptedPrivateKeyPEMBock 

func GetEncryptedPrivateKeyPEMBock(key crypto.Signer, password []byte) (*pem.Block, error)

GetEncryptedPrivateKeyPEMBock gets the private key as an encrypted PEM data block

func GetPrivateKeyPEMBock 

func GetPrivateKeyPEMBock(key crypto.Signer) (*pem.Block, error)

GetPrivateKeyPEMBock gets the private key as a PEM data block

func PublicKey 

func PublicKey(priv crypto.Signer) crypto.PublicKey

Types

type AccessControl added in v4.15.2 

type AccessControl struct {
	DefaultPrincipals []string
}

type CSrOriginOption 

type CSrOriginOption int
const (
	// LocalGeneratedCSR - this vcert library generates CSR internally based on Request data
	LocalGeneratedCSR CSrOriginOption = iota // local generation is default.
	// ServiceGeneratedCSR - server generate CSR internally based on zone configuration and data from Request
	ServiceGeneratedCSR
	// UserProvidedCSR - client provides CSR from external resource and vcert library just check and send this CSR to server
	UserProvidedCSR
)

type CertificateInfo 

type CertificateInfo struct {
	ID   string
	CN   string
	SANS struct {
		DNS, Email, IP, URI, UPN []string
	}
	Serial     string
	Thumbprint string
	ValidFrom  time.Time
	ValidTo    time.Time
}

type ChainOption 

type ChainOption int

ChainOption represents the options to be used with the certificate chain 

const (
	//ChainOptionRootLast specifies the root certificate should be in the last position of the chain
	ChainOptionRootLast ChainOption = iota
	//ChainOptionRootFirst specifies the root certificate should be in the first position of the chain
	ChainOptionRootFirst
	//ChainOptionIgnore specifies the chain should be ignored
	ChainOptionIgnore
)

func ChainOptionFromString 

func ChainOptionFromString(order string) ChainOption

ChainOptionFromString converts the string to the corresponding ChainOption

type CustomField 

type CustomField struct {
	Type  CustomFieldType
	Name  string
	Value string
}

CustomField can be used for adding additional information to certificate. For example: custom fields or Origin. By default it's custom field. For adding Origin set Type: CustomFieldOrigin For adding custom field with one name and few values give to request: 

request.CustomFields = []CustomField{
  {Name: "name1", Value: "value1"}
  {Name: "name1", Value: "value2"}
}

type CustomFieldType 

type CustomFieldType int
const (
	CustomFieldPlain CustomFieldType = 0 + iota
	CustomFieldOrigin
)

type EllipticCurve 

type EllipticCurve int

EllipticCurve represents the types of supported elliptic curves 

const (
	EllipticCurveNotSet EllipticCurve = iota
	// EllipticCurveP521 represents the P521 curve
	EllipticCurveP521
	// EllipticCurveP256 represents the P256 curve
	EllipticCurveP256
	// EllipticCurveP384 represents the P384 curve
	EllipticCurveP384
	EllipticCurveDefault = EllipticCurveP256
)

func AllSupportedCurves 

func AllSupportedCurves() []EllipticCurve

func (*EllipticCurve) Set 

func (ec *EllipticCurve) Set(value string) error

Set EllipticCurve value via a string

func (*EllipticCurve) String 

func (ec *EllipticCurve) String() string

type ImportRequest 

type ImportRequest struct {
	PolicyDN        string
	ObjectName      string
	CertificateData string
	PrivateKeyData  string
	Password        string
	Reconcile       bool
	CustomFields    []CustomField
}

type ImportResponse 

type ImportResponse struct {
	CertificateDN      string `json:",omitempty"`
	CertId             string `json:",omitempty"`
	CertificateVaultId int    `json:",omitempty"`
	Guid               string `json:",omitempty"`
	PrivateKeyVaultId  int    `json:",omitempty"`
}

type KeyType 

type KeyType int

KeyType represents the types of supported keys 

const (
	// KeyTypeRSA represents a key type of RSA
	KeyTypeRSA KeyType = iota
	// KeyTypeECDSA represents a key type of ECDSA
	KeyTypeECDSA
)

func (*KeyType) Set 

func (kt *KeyType) Set(value string) error

Set the key type via a string

func (*KeyType) String 

func (kt *KeyType) String() string

func (*KeyType) X509Type 

func (kt *KeyType) X509Type() x509.PublicKeyAlgorithm

type Location 

type Location struct {
	Instance, Workload, TLSAddress string
	Replace                        bool
}

type PEMCollection 

type PEMCollection struct {
	Certificate string   `json:",omitempty"`
	PrivateKey  string   `json:",omitempty"`
	Chain       []string `json:",omitempty"`
	CSR         string   `json:",omitempty"`
}

PEMCollection represents a collection of PEM data

func NewPEMCollection 

func NewPEMCollection(certificate *x509.Certificate, privateKey crypto.Signer, privateKeyPassword []byte) (*PEMCollection, error)

NewPEMCollection creates a PEMCollection based on the data being passed in

func PEMCollectionFromBytes 

func PEMCollectionFromBytes(certBytes []byte, chainOrder ChainOption) (*PEMCollection, error)

PEMCollectionFromBytes creates a PEMCollection based on the data passed in

func (*PEMCollection) AddChainElement 

func (col *PEMCollection) AddChainElement(certificate *x509.Certificate) error

AddChainElement adds a chain element to the collection

func (*PEMCollection) AddPrivateKey 

func (col *PEMCollection) AddPrivateKey(privateKey crypto.Signer, privateKeyPassword []byte) error

AddPrivateKey adds a Private Key to the PEMCollection. Note that the collection can only contain one private key

func (*PEMCollection) ToTLSCertificate 

func (col *PEMCollection) ToTLSCertificate() tls.Certificate

type ProcessingDetails added in v4.15.2 

type ProcessingDetails struct {
	Status            string `json:"Status,omitempty"`
	StatusDescription string `json:"StatusDescription,omitempty"`
}

type RenewalRequest 

type RenewalRequest struct {
	CertificateDN      string // these fields are for certificate lookup on remote
	Thumbprint         string
	CertificateRequest *Request // here CSR should be filled
}

type Request 

type Request struct {
	CADN               string
	Subject            pkix.Name
	DNSNames           []string
	OmitSANs           bool
	EmailAddresses     []string
	IPAddresses        []net.IP
	URIs               []*url.URL
	UPNs               []string
	Attributes         []pkix.AttributeTypeAndValueSET
	SignatureAlgorithm x509.SignatureAlgorithm
	FriendlyName       string
	KeyType            KeyType
	KeyLength          int
	KeyCurve           EllipticCurve

	PrivateKey crypto.Signer
	CsrOrigin  CSrOriginOption
	PickupID   string
	//Cloud Certificate ID
	CertID          string
	ChainOption     ChainOption
	KeyPassword     string
	FetchPrivateKey bool
	/*	Thumbprint is here because *Request is used in RetrieveCertificate().
		Code should be refactored so that RetrieveCertificate() uses some abstract search object, instead of *Request{PickupID} */
	Thumbprint    string
	Timeout       time.Duration
	CustomFields  []CustomField
	Location      *Location
	ValidityHours int
	IssuerHint    string
	// contains filtered or unexported fields
}

Request contains data needed to generate a certificate request CSR is a PEM-encoded Certificate Signing Request

func NewRequest 

func NewRequest(cert *x509.Certificate) *Request

NewRequest duplicates new Request object based on issued certificate

func (*Request) CheckCertificate 

func (request *Request) CheckCertificate(certPEM string) error

CheckCertificate validate that certificate returned by server matches data in request object. It can be used for control server.

func (*Request) GenerateCSR 

func (request *Request) GenerateCSR() error

GenerateCSR creates CSR for sending to server based on data from Request fields. It rewrites CSR field if it`s already filled.

func (*Request) GeneratePrivateKey 

func (request *Request) GeneratePrivateKey() error

GeneratePrivateKey creates private key (if it doesn`t already exist) based on request.KeyType, request.KeyLength and request.KeyCurve fileds

func (Request) GetCSR 

func (request Request) GetCSR() []byte

GetCSR returns CSR in PEM format

func (*Request) SetCSR 

func (request *Request) SetCSR(csr []byte) error

SetCSR sets CSR from PEM or DER format

type RevocationRequest 

type RevocationRequest struct {
	CertificateDN string
	Thumbprint    string
	Reason        string
	Comments      string
	Disable       bool
}

type SshCaTemplateRequest added in v4.15.2 

type SshCaTemplateRequest struct {
	Template string
	Guid     string
}

type SshCertRequest added in v4.15.0 

type SshCertRequest struct {
	Template             string
	PolicyDN             string
	ObjectName           string
	DestinationAddresses []string
	KeyId                string
	Principals           []string
	ValidityPeriod       string
	PublicKeyData        string
	Extensions           []string
	ForceCommand         string
	SourceAddresses      []string

	PickupID                  string
	Guid                      string
	IncludePrivateKeyData     bool
	PrivateKeyPassphrase      string
	PrivateKeyFormat          string
	IncludeCertificateDetails bool

	Timeout time.Duration
}

This request is a standard one, it will hold data for tpp request and in the future it will hold VaS data.

type SshCertRetrieveDetails added in v4.15.0 

type SshCertRetrieveDetails struct {
	Guid               string
	DN                 string
	CAGuid             string
	CADN               string
	CertificateData    string
	PrivateKeyData     string
	PublicKeyData      string
	CertificateDetails SshCertificateDetails
}

type SshCertificateDetails added in v4.15.0 

type SshCertificateDetails struct {
	KeyType                      string                 `json:"KeyType,omitempty"`
	CertificateType              string                 `json:"CertificateType,omitempty"`
	CertificateFingerprintSHA256 string                 `json:"CertificateFingerprintSHA256,omitempty"`
	CAFingerprintSHA256          string                 `json:"CAFingerprintSHA256,omitempty"`
	KeyID                        string                 `json:"KeyID,omitempty"`
	SerialNumber                 string                 `json:"SerialNumber,omitempty"`
	Principals                   []string               `json:"Principals,omitempty"`
	ValidFrom                    int64                  `json:"ValidFrom,omitempty"`
	ValidTo                      int64                  `json:"ValidTo,omitempty"`
	ForceCommand                 string                 `json:"ForceCommand,omitempty"`
	SourceAddresses              []string               `json:"SourceAddresses,omitempty"`
	PublicKeyFingerprintSHA256   string                 `json:"PublicKeyFingerprintSHA256,omitempty"`
	Extensions                   map[string]interface{} `json:"Extensions,omitempty"`
}

type SshConfig added in v4.15.2 

type SshConfig struct {
	CaPublicKey string
	Principals  []string
}

type SshTppCaTemplateRequest added in v4.15.2 

type SshTppCaTemplateRequest struct {
	DN   string `json:"DN,omitempty"`
	Guid string `json:"Guid,omitempty"`
}

type SshTppCaTemplateResponse added in v4.15.2 

type SshTppCaTemplateResponse struct {
	AccessControl AccessControl
	Response      TppSshCertResponseInfo `json:"Response,omitempty"`
}

type TPPSshCertRequest added in v4.15.0 

type TPPSshCertRequest struct {
	CADN                 string                 `json:"CADN,omitempty"`
	PolicyDN             string                 `json:"PolicyDN,omitempty"`
	ObjectName           string                 `json:"ObjectName,omitempty"`
	DestinationAddresses []string               `json:"DestinationAddresses,omitempty"`
	KeyId                string                 `json:"KeyId,omitempty"`
	Principals           []string               `json:"Principals,omitempty"`
	ValidityPeriod       string                 `json:"ValidityPeriod,omitempty"`
	PublicKeyData        string                 `json:"PublicKeyData,omitempty"`
	Extensions           map[string]interface{} `json:"Extensions,omitempty"`
	ForceCommand         string                 `json:"ForceCommand,omitempty"`
	SourceAddresses      []string               `json:"SourceAddresses,omitempty"`
}

type TppSshCertRequestResponse added in v4.15.0 

type TppSshCertRequestResponse struct {
	DN                string
	Guid              string
	ProcessingDetails ProcessingDetails
	Response          TppSshCertResponseInfo `json:"Response,omitempty"`
}

type TppSshCertResponseInfo added in v4.15.0 

type TppSshCertResponseInfo struct {
	ErrorCode    int
	ErrorMessage string
	Success      bool
}

type TppSshCertRetrieveRequest added in v4.15.0 

type TppSshCertRetrieveRequest struct {
	Guid                      string
	DN                        string
	IncludePrivateKeyData     bool
	PrivateKeyPassphrase      string
	PrivateKeyFormat          string
	IncludeCertificateDetails bool
}

type TppSshCertRetrieveResponse added in v4.15.0 

type TppSshCertRetrieveResponse struct {
	ProcessingDetails  ProcessingDetails
	Guid               string
	DN                 string
	CertificateData    string
	PrivateKeyData     string
	PublicKeyData      string
	CAGuid             string
	CADN               string
	CertificateDetails SshCertificateDetails
	Response           TppSshCertResponseInfo
}

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.