certificate

package
v4.17.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Feb 23, 2022 License: Apache-2.0 Imports: 19 Imported by: 6

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func AllSupportedKeySizes

func AllSupportedKeySizes() []int

func GenerateECDSAPrivateKey

func GenerateECDSAPrivateKey(curve EllipticCurve) (*ecdsa.PrivateKey, error)

GenerateECDSAPrivateKey generates a new ecdsa private key using the curve specified

func GenerateRSAPrivateKey

func GenerateRSAPrivateKey(size int) (*rsa.PrivateKey, error)

GenerateRSAPrivateKey generates a new rsa private key using the size specified

func GenerateRequest

func GenerateRequest(request *Request, privateKey crypto.Signer) error

GenerateRequest generates a certificate request Please use method Request.GenerateCSR() TODO: Remove usage from all libraries, deprecated

func GetCertificatePEMBlock

func GetCertificatePEMBlock(cert []byte) *pem.Block

GetCertificatePEMBlock gets the certificate as a PEM data block

func GetCertificateRequestPEMBlock

func GetCertificateRequestPEMBlock(request []byte) *pem.Block

GetCertificateRequestPEMBlock gets the certificate request as a PEM data block

func GetEncryptedPrivateKeyPEMBock

func GetEncryptedPrivateKeyPEMBock(key crypto.Signer, password []byte, format ...string) (*pem.Block, error)

GetEncryptedPrivateKeyPEMBock gets the private key as an encrypted PEM data block

func GetPrivateKeyPEMBock

func GetPrivateKeyPEMBock(key crypto.Signer, format ...string) (*pem.Block, error)

GetPrivateKeyPEMBock gets the private key as a PEM data block

func PublicKey

func PublicKey(priv crypto.Signer) crypto.PublicKey

Types

type AccessControl added in v4.15.2

type AccessControl struct {
	DefaultPrincipals []string
}

type CSrOriginOption

type CSrOriginOption int
const (
	// LocalGeneratedCSR - this vcert library generates CSR internally based on Request data
	LocalGeneratedCSR CSrOriginOption = iota // local generation is default.
	// ServiceGeneratedCSR - server generate CSR internally based on zone configuration and data from Request
	ServiceGeneratedCSR
	// UserProvidedCSR - client provides CSR from external resource and vcert library just check and send this CSR to server
	UserProvidedCSR
)

type CertSeachInfo added in v4.17.0

type CertSeachInfo struct {
	CertificateRequestId   string `json:"DN"`
	CertificateRequestGuid string `json:"Guid"`
}

type CertSearchResponse added in v4.17.0

type CertSearchResponse struct {
	Certificates []CertSeachInfo `json:"Certificates"`
	Count        int             `json:"TotalCount"`
}

type CertificateInfo

type CertificateInfo struct {
	ID   string
	CN   string
	SANS struct {
		DNS, Email, IP, URI, UPN []string
	}
	Serial     string
	Thumbprint string
	ValidFrom  time.Time
	ValidTo    time.Time
}

type CertificateMetaData added in v4.17.1

type CertificateMetaData struct {
	Approver               []string `json:"Approver"`
	CreatedOn              string   `json:"CreatedOn"`
	CertificateAuthorityDN string   `json:"CertificateAuthorityDN"`
	Contact                []string `json:"Contact"`
	CreatedBy              []string `json:"CreatedBy"`
	CertificateDetails     struct {
		AIACAIssuerURL        []string  `json:"AIACAIssuerURL"`
		AIAKeyIdentifier      string    `json:"AIAKeyIdentifier"`
		C                     string    `json:"C"`
		CDPURI                string    `json:"CDPURI"`
		CN                    string    `json:"CN"`
		EnhancedKeyUsage      string    `json:"EnhancedKeyUsage"`
		Issuer                string    `json:"Issuer"`
		KeyAlgorithm          string    `json:"KeyAlgorithm"`
		KeySize               int       `json:"KeySize"`
		KeyUsage              string    `json:"KeyUsage"`
		L                     string    `json:"L"`
		O                     string    `json:"O"`
		OU                    []string  `json:"OU"`
		PublicKeyHash         string    `json:"PublicKeyHash"`
		S                     string    `json:"S"`
		SKIKeyIdentifier      string    `json:"SKIKeyIdentifier"`
		Serial                string    `json:"Serial"`
		SignatureAlgorithm    string    `json:"SignatureAlgorithm"`
		SignatureAlgorithmOID string    `json:"SignatureAlgorithmOID"`
		StoreAdded            time.Time `json:"StoreAdded"`
		Subject               string    `json:"Subject"`
		TemplateMajorVersion  string    `json:"TemplateMajorVersion"`
		TemplateMinorVersion  string    `json:"TemplateMinorVersion"`
		TemplateName          string    `json:"TemplateName"`
		TemplateOID           string    `json:"TemplateOID"`
		Thumbprint            string    `json:"Thumbprint"`
		ValidFrom             time.Time `json:"ValidFrom"`
		ValidTo               time.Time `json:"ValidTo"`
	} `json:"CertificateDetails"`

	RenewalDetails struct {
		City               string   `json:"City"`
		Country            string   `json:"Country"`
		KeySize            int      `json:"KeySize"`
		Organization       string   `json:"Organization"`
		OrganizationalUnit []string `json:"OrganizationalUnit"`
		State              string   `json:"State"`
		Subject            string   `json:"Subject"`
	} `json:"RenewalDetails"`

	ValidationDetails struct {
		LastValidationStateUpdate time.Time `json:"LastValidationStateUpdate"`
		NetworkValidationDisabled bool      `json:"NetworkValidationDisabled"`
		ValidationDisabled        bool      `json:"ValidationDisabled"`
	} `json:"ValidationDetails"`

	CustomFields []CustomFieldDetails `json:"CustomFields"`

	DN             string `json:"DN"`
	Guid           string `json:"Guid"`
	ManagementType string `json:"ManagementType"`
	Name           string `json:"Name"`
	Origin         string `json:"Origin"`
	ParentDn       string `json:"ParentDn"`
	SchemaClass    string `json:"SchemaClass"`
}

type ChainOption

type ChainOption int

ChainOption represents the options to be used with the certificate chain

const (
	//ChainOptionRootLast specifies the root certificate should be in the last position of the chain
	ChainOptionRootLast ChainOption = iota
	//ChainOptionRootFirst specifies the root certificate should be in the first position of the chain
	ChainOptionRootFirst
	//ChainOptionIgnore specifies the chain should be ignored
	ChainOptionIgnore
)

func ChainOptionFromString

func ChainOptionFromString(order string) ChainOption

ChainOptionFromString converts the string to the corresponding ChainOption

type CustomField

type CustomField struct {
	Type  CustomFieldType
	Name  string
	Value string
}

CustomField can be used for adding additional information to certificate. For example: custom fields or Origin. By default it's custom field. For adding Origin set Type: CustomFieldOrigin For adding custom field with one name and few values give to request:

request.CustomFields = []CustomField{
  {Name: "name1", Value: "value1"}
  {Name: "name1", Value: "value2"}
}

type CustomFieldDetails added in v4.17.1

type CustomFieldDetails struct {
	Name  string   `json:"Name"`
	Type  string   `json:"Type"`
	Value []string `json:"Value"`
}

type CustomFieldType

type CustomFieldType int
const (
	CustomFieldPlain CustomFieldType = 0 + iota
	CustomFieldOrigin
)

type EllipticCurve

type EllipticCurve int

EllipticCurve represents the types of supported elliptic curves

const (
	EllipticCurveNotSet EllipticCurve = iota
	// EllipticCurveP521 represents the P521 curve
	EllipticCurveP521
	// EllipticCurveP256 represents the P256 curve
	EllipticCurveP256
	// EllipticCurveP384 represents the P384 curve
	EllipticCurveP384
	EllipticCurveDefault = EllipticCurveP256
)

func AllSupportedCurves

func AllSupportedCurves() []EllipticCurve

func (*EllipticCurve) Set

func (ec *EllipticCurve) Set(value string) error

Set EllipticCurve value via a string

func (*EllipticCurve) String

func (ec *EllipticCurve) String() string

type ImportRequest

type ImportRequest struct {
	PolicyDN        string
	ObjectName      string
	CertificateData string
	PrivateKeyData  string
	Password        string
	Reconcile       bool
	CustomFields    []CustomField
}

type ImportResponse

type ImportResponse struct {
	CertificateDN      string `json:",omitempty"`
	CertId             string `json:",omitempty"`
	CertificateVaultId int    `json:",omitempty"`
	Guid               string `json:",omitempty"`
	PrivateKeyVaultId  int    `json:",omitempty"`
}

type KeyType

type KeyType int

KeyType represents the types of supported keys

const (
	// KeyTypeRSA represents a key type of RSA
	KeyTypeRSA KeyType = iota
	// KeyTypeECDSA represents a key type of ECDSA
	KeyTypeECDSA
)

func (*KeyType) Set

func (kt *KeyType) Set(value string) error

Set the key type via a string

func (*KeyType) String

func (kt *KeyType) String() string

func (*KeyType) X509Type

func (kt *KeyType) X509Type() x509.PublicKeyAlgorithm

type Location

type Location struct {
	Instance, Workload, TLSAddress string
	Replace                        bool
}

type PEMCollection

type PEMCollection struct {
	Certificate string   `json:",omitempty"`
	PrivateKey  string   `json:",omitempty"`
	Chain       []string `json:",omitempty"`
	CSR         string   `json:",omitempty"`
}

PEMCollection represents a collection of PEM data

func NewPEMCollection

func NewPEMCollection(certificate *x509.Certificate, privateKey crypto.Signer, privateKeyPassword []byte, format ...string) (*PEMCollection, error)

NewPEMCollection creates a PEMCollection based on the data being passed in

func PEMCollectionFromBytes

func PEMCollectionFromBytes(certBytes []byte, chainOrder ChainOption) (*PEMCollection, error)

PEMCollectionFromBytes creates a PEMCollection based on the data passed in

func (*PEMCollection) AddChainElement

func (col *PEMCollection) AddChainElement(certificate *x509.Certificate) error

AddChainElement adds a chain element to the collection

func (*PEMCollection) AddPrivateKey

func (col *PEMCollection) AddPrivateKey(privateKey crypto.Signer, privateKeyPassword []byte, format ...string) error

AddPrivateKey adds a Private Key to the PEMCollection. Note that the collection can only contain one private key

func (*PEMCollection) ToTLSCertificate

func (col *PEMCollection) ToTLSCertificate() tls.Certificate

type ProcessingDetails added in v4.15.2

type ProcessingDetails struct {
	Status            string `json:"Status,omitempty"`
	StatusDescription string `json:"StatusDescription,omitempty"`
}

type RenewalRequest

type RenewalRequest struct {
	CertificateDN      string // these fields are for certificate lookup on remote
	Thumbprint         string
	CertificateRequest *Request // here CSR should be filled
}

type Request

type Request struct {
	CADN               string
	Subject            pkix.Name
	DNSNames           []string
	OmitSANs           bool
	EmailAddresses     []string
	IPAddresses        []net.IP
	URIs               []*url.URL
	UPNs               []string
	Attributes         []pkix.AttributeTypeAndValueSET
	SignatureAlgorithm x509.SignatureAlgorithm
	FriendlyName       string
	KeyType            KeyType
	KeyLength          int
	KeyCurve           EllipticCurve

	PrivateKey crypto.Signer
	CsrOrigin  CSrOriginOption
	PickupID   string
	//Cloud Certificate ID
	CertID          string
	ChainOption     ChainOption
	KeyPassword     string
	FetchPrivateKey bool
	/*	Thumbprint is here because *Request is used in RetrieveCertificate().
		Code should be refactored so that RetrieveCertificate() uses some abstract search object, instead of *Request{PickupID} */
	Thumbprint    string
	Timeout       time.Duration
	CustomFields  []CustomField
	Location      *Location
	ValidityHours int
	IssuerHint    string
	// contains filtered or unexported fields
}

Request contains data needed to generate a certificate request CSR is a PEM-encoded Certificate Signing Request

func NewRequest

func NewRequest(cert *x509.Certificate) *Request

NewRequest duplicates new Request object based on issued certificate

func (*Request) CheckCertificate

func (request *Request) CheckCertificate(certPEM string) error

CheckCertificate validate that certificate returned by server matches data in request object. It can be used for control server.

func (*Request) GenerateCSR

func (request *Request) GenerateCSR() error

GenerateCSR creates CSR for sending to server based on data from Request fields. It rewrites CSR field if it`s already filled.

func (*Request) GeneratePrivateKey

func (request *Request) GeneratePrivateKey() error

GeneratePrivateKey creates private key (if it doesn`t already exist) based on request.KeyType, request.KeyLength and request.KeyCurve fileds

func (Request) GetCSR

func (request Request) GetCSR() []byte

GetCSR returns CSR in PEM format

func (*Request) SetCSR

func (request *Request) SetCSR(csr []byte) error

SetCSR sets CSR from PEM or DER format

type RevocationRequest

type RevocationRequest struct {
	CertificateDN string
	Thumbprint    string
	Reason        string
	Comments      string
	Disable       bool
}

type SearchRequest added in v4.17.0

type SearchRequest []string

type SshAvaliableTemplate added in v4.17.1

type SshAvaliableTemplate struct {
	DN   string `json:"DN,omitempty"`
	Guid string `json:"Guid,omitempty"`
}

type SshCaTemplateRequest added in v4.15.2

type SshCaTemplateRequest struct {
	Template string
	Guid     string
}

type SshCertRequest added in v4.15.0

type SshCertRequest struct {
	Template             string
	PolicyDN             string
	ObjectName           string
	DestinationAddresses []string
	KeyId                string
	Principals           []string
	ValidityPeriod       string
	PublicKeyData        string
	Extensions           []string
	ForceCommand         string
	SourceAddresses      []string

	PickupID                  string
	Guid                      string
	IncludePrivateKeyData     bool
	PrivateKeyPassphrase      string
	PrivateKeyFormat          string
	IncludeCertificateDetails bool

	Timeout time.Duration
}

SshCertRequest This request is a standard one, it will hold data for tpp request and in the future it will hold VaS data.

type SshCertificateDetails added in v4.15.0

type SshCertificateDetails struct {
	KeyType                      string                 `json:"KeyType,omitempty"`
	CertificateType              string                 `json:"CertificateType,omitempty"`
	CertificateFingerprintSHA256 string                 `json:"CertificateFingerprintSHA256,omitempty"`
	CAFingerprintSHA256          string                 `json:"CAFingerprintSHA256,omitempty"`
	KeyID                        string                 `json:"KeyID,omitempty"`
	SerialNumber                 string                 `json:"SerialNumber,omitempty"`
	Principals                   []string               `json:"Principals,omitempty"`
	ValidFrom                    int64                  `json:"ValidFrom,omitempty"`
	ValidTo                      int64                  `json:"ValidTo,omitempty"`
	ForceCommand                 string                 `json:"ForceCommand,omitempty"`
	SourceAddresses              []string               `json:"SourceAddresses,omitempty"`
	PublicKeyFingerprintSHA256   string                 `json:"PublicKeyFingerprintSHA256,omitempty"`
	Extensions                   map[string]interface{} `json:"Extensions,omitempty"`
}

type SshCertificateObject added in v4.16.1

type SshCertificateObject struct {
	Guid               string
	DN                 string
	CAGuid             string
	CADN               string
	CertificateData    string
	PrivateKeyData     string
	PublicKeyData      string
	CertificateDetails SshCertificateDetails
	ProcessingDetails  ProcessingDetails
}

type SshConfig added in v4.15.2

type SshConfig struct {
	CaPublicKey string
	Principals  []string
}

type SshTppCaTemplateRequest added in v4.15.2

type SshTppCaTemplateRequest struct {
	DN   string `json:"DN,omitempty"`
	Guid string `json:"Guid,omitempty"`
}

type SshTppCaTemplateResponse added in v4.15.2

type SshTppCaTemplateResponse struct {
	AccessControl AccessControl
	Response      TppSshCertResponseInfo `json:"Response,omitempty"`
}

type TPPSshCertRequest added in v4.15.0

type TPPSshCertRequest struct {
	CADN                      string                 `json:"CADN,omitempty"`
	PolicyDN                  string                 `json:"PolicyDN,omitempty"`
	ObjectName                string                 `json:"ObjectName,omitempty"`
	DestinationAddresses      []string               `json:"DestinationAddresses,omitempty"`
	KeyId                     string                 `json:"KeyId,omitempty"`
	Principals                []string               `json:"Principals,omitempty"`
	ValidityPeriod            string                 `json:"ValidityPeriod,omitempty"`
	PublicKeyData             string                 `json:"PublicKeyData,omitempty"`
	Extensions                map[string]interface{} `json:"Extensions,omitempty"`
	ForceCommand              string                 `json:"ForceCommand,omitempty"`
	SourceAddresses           []string               `json:"SourceAddresses,omitempty"`
	IncludePrivateKeyData     bool                   `json:"IncludePrivateKeyData,omitempty"`
	PrivateKeyPassphrase      string                 `json:"PrivateKeyPassphrase,omitempty"`
	IncludeCertificateDetails bool                   `json:"IncludeCertificateDetails,omitempty"`
	ProcessingTimeout         string                 `json:"ProcessingTimeout,omitempty"`
}

type TppSshCertOperationResponse added in v4.16.1

type TppSshCertOperationResponse struct {
	ProcessingDetails  ProcessingDetails
	Guid               string
	DN                 string
	CertificateData    string
	PrivateKeyData     string
	PublicKeyData      string
	CAGuid             string
	CADN               string
	CertificateDetails SshCertificateDetails
	Response           TppSshCertResponseInfo
}

type TppSshCertResponseInfo added in v4.15.0

type TppSshCertResponseInfo struct {
	ErrorCode    int
	ErrorMessage string
	Success      bool
}

type TppSshCertRetrieveRequest added in v4.15.0

type TppSshCertRetrieveRequest struct {
	Guid                      string
	DN                        string
	IncludePrivateKeyData     bool
	PrivateKeyPassphrase      string
	PrivateKeyFormat          string
	IncludeCertificateDetails bool
}

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL