Documentation
¶
Index ¶
- Constants
- func AllSupportedKeySizes() []int
- func GenerateECDSAPrivateKey(curve EllipticCurve) (crypto.Signer, error)
- func GenerateED25519PrivateKey() (crypto.Signer, error)
- func GenerateRSAPrivateKey(size int) (*rsa.PrivateKey, error)
- func GenerateRequest(request *Request, privateKey crypto.Signer) errordeprecated
- func GetCertificatePEMBlock(cert []byte) *pem.Block
- func GetCertificateRequestPEMBlock(request []byte) *pem.Block
- func GetEncryptedPrivateKeyPEMBock(key crypto.Signer, password []byte, format ...string) (*pem.Block, error)
- func GetPrivateKeyPEMBock(key crypto.Signer, format ...string) (*pem.Block, error)
- func PublicKey(priv crypto.Signer) crypto.PublicKey
- type AccessControl
- type CSrOriginOption
- type CertSeachInfo
- type CertSearchResponse
- type CertificateInfo
- type CertificateMetaData
- type ChainOption
- type CustomField
- type CustomFieldDetails
- type CustomFieldType
- type EllipticCurve
- type ImportRequest
- type ImportResponse
- type KeyType
- type Location
- type PEMCollection
- type ProcessingDetails
- type RenewalRequest
- type Request
- type RetireRequest
- type RevocationRequest
- type Sans
- type SearchRequest
- type SshAvaliableTemplate
- type SshCaTemplateRequest
- type SshCertRequest
- type SshCertificateDetails
- type SshCertificateObject
- type SshConfig
- type SshTppCaTemplateRequest
- type SshTppCaTemplateResponse
- type TPPSshCertRequest
- type TppSshCertOperationResponse
- type TppSshCertResponseInfo
- type TppSshCertRetrieveRequest
Constants ¶
View Source
const ( // LocalGeneratedCSR - this vcert library generates CSR internally based on Request data LocalGeneratedCSR CSrOriginOption = iota // local generation is default. // ServiceGeneratedCSR - server generate CSR internally based on zone configuration and data from Request ServiceGeneratedCSR // UserProvidedCSR - client provides CSR from external resource and vcert library just check and send this CSR to server UserProvidedCSR UnknownCSR // StrLocalGeneratedCSR is the string representations of the LocalGeneratedCSR constant StrLocalGeneratedCSR = "local" // StrServiceGeneratedCSR is the string representations of the ServiceGeneratedCSR constant StrServiceGeneratedCSR = "service" // StrUserProvidedCSR is the string representations of the UserProvidedCSR constant StrUserProvidedCSR = "file" )
View Source
const (
DefaultRSAlength int = 2048
)
Variables ¶
This section is empty.
Functions ¶
func AllSupportedKeySizes ¶
func AllSupportedKeySizes() []int
func GenerateECDSAPrivateKey ¶
func GenerateECDSAPrivateKey(curve EllipticCurve) (crypto.Signer, error)
GenerateECDSAPrivateKey generates a new ecdsa private key using the curve specified
func GenerateRSAPrivateKey ¶
func GenerateRSAPrivateKey(size int) (*rsa.PrivateKey, error)
GenerateRSAPrivateKey generates a new rsa private key using the size specified
func GenerateRequest
deprecated
func GetCertificatePEMBlock ¶
GetCertificatePEMBlock gets the certificate as a PEM data block
func GetCertificateRequestPEMBlock ¶
GetCertificateRequestPEMBlock gets the certificate request as a PEM data block
func GetEncryptedPrivateKeyPEMBock ¶
func GetEncryptedPrivateKeyPEMBock(key crypto.Signer, password []byte, format ...string) (*pem.Block, error)
GetEncryptedPrivateKeyPEMBock gets the private key as an encrypted PEM data block
func GetPrivateKeyPEMBock ¶
GetPrivateKeyPEMBock gets the private key as a PEM data block
Types ¶
type AccessControl ¶
type AccessControl struct {
DefaultPrincipals []string
}
type CSrOriginOption ¶
type CSrOriginOption int
func ParseCSROrigin ¶
func ParseCSROrigin(value string) CSrOriginOption
ParseCSROrigin returns a CSrOriginOption from a valid string representation
func (CSrOriginOption) MarshalYAML ¶
func (csr CSrOriginOption) MarshalYAML() (interface{}, error)
MarshalYAML customizes the behavior of ChainOption when being marshaled into a YAML document. The returned value is marshaled in place of the original value implementing Marshaller
func (*CSrOriginOption) String ¶
func (csr *CSrOriginOption) String() string
String returns a string representation of this object
func (*CSrOriginOption) UnmarshalYAML ¶
func (csr *CSrOriginOption) UnmarshalYAML(value *yaml.Node) error
UnmarshalYAML customizes the behavior when being unmarshalled from a YAML document
type CertSeachInfo ¶
type CertSearchResponse ¶
type CertSearchResponse struct {
Certificates []CertSeachInfo `json:"Certificates"`
Count int `json:"TotalCount"`
}
type CertificateInfo ¶
type CertificateInfo struct {
ID string `json:",omitempty"`
CN string
SANS Sans
Serial string
Thumbprint string
ValidFrom time.Time
ValidTo time.Time
}
func FindNewestCertificateWithSans ¶
func FindNewestCertificateWithSans(certificates []*CertificateInfo, sans_ *Sans) (*CertificateInfo, error)
FindNewestCertificateWithSans finds a certificate from a list of certificates whose Sans.DNS matches and is the newest
type CertificateMetaData ¶
type CertificateMetaData struct {
Approver []string `json:"Approver"`
CreatedOn string `json:"CreatedOn"`
CertificateAuthorityDN string `json:"CertificateAuthorityDN"`
Contact []string `json:"Contact"`
CreatedBy []string `json:"CreatedBy"`
CertificateDetails struct {
AIACAIssuerURL []string `json:"AIACAIssuerURL"`
AIAKeyIdentifier string `json:"AIAKeyIdentifier"`
C string `json:"C"`
CDPURI string `json:"CDPURI"`
CN string `json:"CN"`
EnhancedKeyUsage string `json:"EnhancedKeyUsage"`
Issuer string `json:"Issuer"`
KeyAlgorithm string `json:"KeyAlgorithm"`
KeySize int `json:"KeySize"`
KeyUsage string `json:"KeyUsage"`
L string `json:"L"`
O string `json:"O"`
OU []string `json:"OU"`
PublicKeyHash string `json:"PublicKeyHash"`
S string `json:"S"`
SKIKeyIdentifier string `json:"SKIKeyIdentifier"`
Serial string `json:"Serial"`
SignatureAlgorithm string `json:"SignatureAlgorithm"`
SignatureAlgorithmOID string `json:"SignatureAlgorithmOID"`
StoreAdded time.Time `json:"StoreAdded"`
Subject string `json:"Subject"`
TemplateMajorVersion string `json:"TemplateMajorVersion"`
TemplateMinorVersion string `json:"TemplateMinorVersion"`
TemplateName string `json:"TemplateName"`
TemplateOID string `json:"TemplateOID"`
Thumbprint string `json:"Thumbprint"`
ValidFrom time.Time `json:"ValidFrom"`
ValidTo time.Time `json:"ValidTo"`
} `json:"CertificateDetails"`
RenewalDetails struct {
City string `json:"City"`
Country string `json:"Country"`
KeySize int `json:"KeySize"`
Organization string `json:"Organization"`
OrganizationalUnit []string `json:"OrganizationalUnit"`
State string `json:"State"`
Subject string `json:"Subject"`
} `json:"RenewalDetails"`
ValidationDetails struct {
LastValidationStateUpdate time.Time `json:"LastValidationStateUpdate"`
NetworkValidationDisabled bool `json:"NetworkValidationDisabled"`
ValidationDisabled bool `json:"ValidationDisabled"`
} `json:"ValidationDetails"`
CustomFields []CustomFieldDetails `json:"CustomFields"`
DN string `json:"DN"`
Guid string `json:"Guid"`
ManagementType string `json:"ManagementType"`
Name string `json:"Name"`
Origin string `json:"Origin"`
ParentDn string `json:"ParentDn"`
SchemaClass string `json:"SchemaClass"`
}
type ChainOption ¶
type ChainOption int
ChainOption represents the options to be used with the certificate chain
const ( //ChainOptionRootLast specifies the root certificate should be in the last position of the chain ChainOptionRootLast ChainOption = iota //ChainOptionRootFirst specifies the root certificate should be in the first position of the chain ChainOptionRootFirst //ChainOptionIgnore specifies the chain should be ignored ChainOptionIgnore )
func ChainOptionFromString ¶
func ChainOptionFromString(order string) ChainOption
ChainOptionFromString converts the string to the corresponding ChainOption
func (ChainOption) MarshalYAML ¶
func (co ChainOption) MarshalYAML() (interface{}, error)
MarshalYAML customizes the behavior of ChainOption when being marshaled into a YAML document. The returned value is marshaled in place of the original value implementing Marshaller
func (*ChainOption) String ¶
func (co *ChainOption) String() string
String returns a string representation of this object
func (*ChainOption) UnmarshalYAML ¶
func (co *ChainOption) UnmarshalYAML(value *yaml.Node) error
UnmarshalYAML customizes the behavior when being unmarshalled from a YAML document
type CustomField ¶
type CustomField struct {
Type CustomFieldType `yaml:"-"`
Name string `yaml:"name"`
Value string `yaml:"value"`
}
CustomField can be used for adding additional information to certificate. For example: custom fields or Origin. By default, Type is CustomFieldPlain. For adding Origin set Type: CustomFieldOrigin For adding multiple values to a single custom field:
request.CustomFields = []CustomField{
{Name: "name1", Value: "value1"}
{Name: "name1", Value: "value2"}
}
type CustomFieldDetails ¶
type CustomFieldType ¶
type CustomFieldType int
const ( CustomFieldPlain CustomFieldType = 0 + iota CustomFieldOrigin CustomFieldUnknown )
func (CustomFieldType) MarshalYAML ¶
func (cft CustomFieldType) MarshalYAML() (interface{}, error)
MarshalYAML customizes the behavior of ChainOption when being marshaled into a YAML document. The returned value is marshaled in place of the original value implementing Marshaller
func (*CustomFieldType) String ¶
func (cft *CustomFieldType) String() string
String returns a string representation of this object
type EllipticCurve ¶
type EllipticCurve int
EllipticCurve represents the types of supported elliptic curves
const ( // EllipticCurveNotSet represents a value not set EllipticCurveNotSet EllipticCurve = iota // EllipticCurveP521 represents the P521 curve EllipticCurveP521 // EllipticCurveP256 represents the P256 curve EllipticCurveP256 // EllipticCurveP384 represents the P384 curve EllipticCurveP384 // EllipticCurveED25519 represents the ED25519 curve EllipticCurveED25519 // EllipticCurveDefault represents the default curve value EllipticCurveDefault = EllipticCurveP256 )
func AllSupportedCurves ¶
func AllSupportedCurves() []EllipticCurve
func (EllipticCurve) MarshalYAML ¶
func (ec EllipticCurve) MarshalYAML() (interface{}, error)
MarshalYAML customizes the behavior of ChainOption when being marshaled into a YAML document. The returned value is marshaled in place of the original value implementing Marshaller
func (*EllipticCurve) Set ¶
func (ec *EllipticCurve) Set(value string) error
Set EllipticCurve value via a string
func (*EllipticCurve) String ¶
func (ec *EllipticCurve) String() string
func (*EllipticCurve) UnmarshalYAML ¶
func (ec *EllipticCurve) UnmarshalYAML(value *yaml.Node) error
UnmarshalYAML customizes the behavior when being unmarshalled from a YAML document
type ImportRequest ¶
type ImportResponse ¶
type KeyType ¶
type KeyType int
KeyType represents the types of supported keys
func (KeyType) MarshalYAML ¶
MarshalYAML customizes the behavior of ChainOption when being marshaled into a YAML document. The returned value is marshaled in place of the original value implementing Marshaller
func (*KeyType) UnmarshalYAML ¶
UnmarshalYAML customizes the behavior when being unmarshalled from a YAML document
func (*KeyType) X509Type ¶
func (kt *KeyType) X509Type() x509.PublicKeyAlgorithm
type Location ¶
type Location struct {
Instance string `yaml:"instance,omitempty"`
Workload string `yaml:"workload,omitempty"`
TLSAddress string `yaml:"tlsAddress,omitempty"`
Replace bool `yaml:"replace,omitempty"`
Zone string `yaml:"zone,omitempty"`
}
Location represents a Device that needs enrollment or provisioning
type PEMCollection ¶
type PEMCollection struct {
Certificate string `json:",omitempty"`
PrivateKey string `json:",omitempty"`
Chain []string `json:",omitempty"`
CSR string `json:",omitempty"`
}
PEMCollection represents a collection of PEM data
func NewPEMCollection ¶
func NewPEMCollection(certificate *x509.Certificate, privateKey crypto.Signer, privateKeyPassword []byte, format ...string) (*PEMCollection, error)
NewPEMCollection creates a PEMCollection based on the data being passed in
func PEMCollectionFromBytes ¶
func PEMCollectionFromBytes(certBytes []byte, chainOrder ChainOption) (*PEMCollection, error)
PEMCollectionFromBytes creates a PEMCollection based on the data passed in
func (*PEMCollection) AddChainElement ¶
func (col *PEMCollection) AddChainElement(certificate *x509.Certificate) error
AddChainElement adds a chain element to the collection
func (*PEMCollection) AddPrivateKey ¶
func (col *PEMCollection) AddPrivateKey(privateKey crypto.Signer, privateKeyPassword []byte, format ...string) error
AddPrivateKey adds a Private Key to the PEMCollection. Note that the collection can only contain one private key
func (*PEMCollection) ToTLSCertificate ¶
func (col *PEMCollection) ToTLSCertificate() tls.Certificate
type ProcessingDetails ¶
type RenewalRequest ¶
type Request ¶
type Request struct {
CADN string
Subject pkix.Name
DNSNames []string
OmitSANs bool
EmailAddresses []string
IPAddresses []net.IP
URIs []*url.URL
UPNs []string
Attributes []pkix.AttributeTypeAndValueSET
SignatureAlgorithm x509.SignatureAlgorithm
FriendlyName string
KeyType KeyType
KeyLength int
KeyCurve EllipticCurve
PrivateKey crypto.Signer
CsrOrigin CSrOriginOption
PickupID string
//Cloud Certificate ID
CertID string
ChainOption ChainOption
KeyPassword string
FetchPrivateKey bool
/* Thumbprint is here because *Request is used in RetrieveCertificate().
Code should be refactored so that RetrieveCertificate() uses some abstract search object, instead of *Request{PickupID} */
Thumbprint string
// Timeout usage:
// TPP (a.k.a TLSPDC): we use it in order to set WorkToDoTimeout, that overrides TPP default timeout waiting time for the CA to finish
// if the value is more than the maximum value, TPP will automatically set the maximum value supported (as of the moment of this
// commit, 120 seconds).
// Cloud (a.k.a VaaS a.k.a TLSPC) : We use this timeout in our RetrieveCertificate function which handles a retry logic
// TPP SSH feature: We override the http client default timeout to perform http requests.
// Firefly: not usage at all
//
// Note:
// In VCert CLI we have hardcoded 180 seconds for retrieve certificate operation. For VaaS it will set retry logic for
// 180 seconds and TPP will override CA timeout as the hardcoded value
Timeout time.Duration
CustomFields []CustomField
Location *Location
ValidityDuration *time.Duration
ValidityPeriod string //represents the validity of the certificate expressed as an ISO 8601 duration
IssuerHint util.IssuerHint
// Contacts allows you to configure email addresses to send notifications
// about the certificate. This field is TPP-specific.
//
// Note: the user who receives the notification isn't automatically given
// access to that certificate. Access is configured at the policy folder
// level; if the user doesn't permissions on that folder, they will not be
// able to see the certificate's status in TPP or remediate the problem
// through the TPP UI.
//
// When an email is used by multiple TPP identities, the first identity
// found is picked arbitrarily.
//
// The scope `configuration` is required. Since Contacts works by searching
// the emails in the same LDAP or AD as the user attached to the token, you
// must check that you are using a user in that same identity provider.
// Contacts doesn't work with the local TPP identities. Using Contacts
// requires adding `mail` to the list of fields searched when performing a
// user search, which can be configured in the Venafi Configuration Console
// by RDP'ing into the TPP VM. This configuration cannot be performed
// directly in the TPP UI.
Contacts []string
// Deprecated: use ValidityDuration instead, this field is ignored if ValidityDuration is set
ValidityHours int
// contains filtered or unexported fields
}
Request contains data needed to generate a certificate request CSR is a PEM-encoded Certificate Signing Request
func NewRequest ¶
func NewRequest(cert *x509.Certificate) *Request
NewRequest duplicates new Request object based on issued certificate
func (*Request) CheckCertificate ¶
CheckCertificate validate that certificate returned by server matches data in request object. It can be used for control server.
func (*Request) GenerateCSR ¶
GenerateCSR creates CSR for sending to server based on data from Request fields. It rewrites CSR field if it`s already filled.
func (*Request) GeneratePrivateKey ¶
GeneratePrivateKey creates private key (if it doesn`t already exist) based on request.KeyType, request.KeyLength and request.KeyCurve fileds
type RetireRequest ¶
type RevocationRequest ¶
type SearchRequest ¶
type SearchRequest []string
type SshAvaliableTemplate ¶
type SshCaTemplateRequest ¶
type SshCertRequest ¶
type SshCertRequest struct {
Template string
PolicyDN string
ObjectName string
DestinationAddresses []string
KeyId string
Principals []string
ValidityPeriod string
PublicKeyData string
Extensions []string
ForceCommand string
SourceAddresses []string
PickupID string
Guid string
IncludePrivateKeyData bool
PrivateKeyPassphrase string
PrivateKeyFormat string
IncludeCertificateDetails bool
Timeout time.Duration
}
SshCertRequest This request is a standard one, it will hold data for tpp request and in the future it will hold VaS data.
type SshCertificateDetails ¶
type SshCertificateDetails struct {
KeyType string `json:"KeyType,omitempty"`
CertificateType string `json:"CertificateType,omitempty"`
CertificateFingerprintSHA256 string `json:"CertificateFingerprintSHA256,omitempty"`
CAFingerprintSHA256 string `json:"CAFingerprintSHA256,omitempty"`
KeyID string `json:"KeyID,omitempty"`
SerialNumber string `json:"SerialNumber,omitempty"`
Principals []string `json:"Principals,omitempty"`
ValidFrom int64 `json:"ValidFrom,omitempty"`
ValidTo int64 `json:"ValidTo,omitempty"`
ForceCommand string `json:"ForceCommand,omitempty"`
SourceAddresses []string `json:"SourceAddresses,omitempty"`
PublicKeyFingerprintSHA256 string `json:"PublicKeyFingerprintSHA256,omitempty"`
Extensions map[string]interface{} `json:"Extensions,omitempty"`
}
type SshCertificateObject ¶
type SshCertificateObject struct {
Guid string
DN string
CAGuid string
CADN string
CertificateData string
PrivateKeyData string
PublicKeyData string
CertificateDetails SshCertificateDetails
ProcessingDetails ProcessingDetails
}
type SshTppCaTemplateRequest ¶
type SshTppCaTemplateResponse ¶
type SshTppCaTemplateResponse struct {
AccessControl AccessControl
Response TppSshCertResponseInfo `json:"Response,omitempty"`
}
type TPPSshCertRequest ¶
type TPPSshCertRequest struct {
CADN string `json:"CADN,omitempty"`
PolicyDN string `json:"PolicyDN,omitempty"`
ObjectName string `json:"ObjectName,omitempty"`
DestinationAddresses []string `json:"DestinationAddresses,omitempty"`
KeyId string `json:"KeyId,omitempty"`
Principals []string `json:"Principals,omitempty"`
ValidityPeriod string `json:"ValidityPeriod,omitempty"`
PublicKeyData string `json:"PublicKeyData,omitempty"`
Extensions map[string]interface{} `json:"Extensions,omitempty"`
ForceCommand string `json:"ForceCommand,omitempty"`
SourceAddresses []string `json:"SourceAddresses,omitempty"`
IncludePrivateKeyData bool `json:"IncludePrivateKeyData,omitempty"`
PrivateKeyPassphrase string `json:"PrivateKeyPassphrase,omitempty"`
IncludeCertificateDetails bool `json:"IncludeCertificateDetails,omitempty"`
ProcessingTimeout string `json:"ProcessingTimeout,omitempty"`
}
type TppSshCertOperationResponse ¶
type TppSshCertOperationResponse struct {
ProcessingDetails ProcessingDetails
Guid string
DN string
CertificateData string
PrivateKeyData string
PublicKeyData string
CAGuid string
CADN string
CertificateDetails SshCertificateDetails
Response TppSshCertResponseInfo
}
type TppSshCertResponseInfo ¶
Source Files
Click to show internal directories.
Click to hide internal directories.