tpp

package

v5.7.2 Latest Latest Go to latest Published: Nov 12, 2024 License: Apache-2.0 Imports: 26 Imported by: 4

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/Venafi/vcert

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
Variables
func GetAvailableSshTemplates(c *Connector) ([]certificate.SshAvaliableTemplate, error)
func IsCertNotFound(err error) bool
func NewAuthenticationError(b []byte) error
func NewResponseError(b []byte) error
func ParseCertificateSearchResponse(httpStatusCode int, body []byte) (searchResult *certificate.CertSearchResponse, err error)
func PolicyExist(policyName string, c *Connector) (bool, error)
func RequestSshCertificate(c *Connector, req *certificate.SshCertRequest) (*certificate.SshCertificateObject, error)
func RetrieveSshCaPrincipals(c *Connector, ca *certificate.SshCaTemplateRequest) ([]string, error)
func RetrieveSshCertificate(c *Connector, req *certificate.SshCertRequest) (*certificate.SshCertificateObject, error)
func RetrieveSshConfig(c *Connector, ca *certificate.SshCaTemplateRequest) (*certificate.SshConfig, error)
type BrowseIdentitiesRequest
type BrowseIdentitiesResponse
type CertificateDetailsResponse
type CertificateSearchInfo
type CertificateSearchResponse
type ConfigReadDNRequest
type ConfigReadDNResponse
type Connector
- func NewConnector(url string, zone string, verbose bool, trust *x509.CertPool) (*Connector, error)
- func (c *Connector) Authenticate(auth *endpoint.Authentication) (err error)
- func (c *Connector) GenerateRequest(config *endpoint.ZoneConfiguration, req *certificate.Request) (err error)
- func (c *Connector) GetPolicy(name string) (*policy.PolicySpecification, error)
- func (c *Connector) GetRefreshToken(auth *endpoint.Authentication) (resp OauthGetRefreshTokenResponse, err error)
- func (c *Connector) GetType() endpoint.ConnectorType
- func (c *Connector) GetZonesByParent(parent string) ([]string, error)
- func (c *Connector) ImportCertificate(req *certificate.ImportRequest) (*certificate.ImportResponse, error)
- func (c *Connector) IsCSRServiceGenerated(req *certificate.Request) (bool, error)
- func (c *Connector) ListCertificates(filter endpoint.Filter) ([]certificate.CertificateInfo, error)
- func (c *Connector) Ping() (err error)
- func (c *Connector) ProvisionCertificate(_ *domain.ProvisioningRequest, _ *domain.ProvisioningOptions) (*domain.ProvisioningMetadata, error)
- func (c *Connector) ReadPolicyConfiguration() (policy *endpoint.Policy, err error)
- func (c *Connector) ReadZoneConfiguration() (config *endpoint.ZoneConfiguration, err error)
- func (c *Connector) RefreshAccessToken(auth *endpoint.Authentication) (resp OauthRefreshAccessTokenResponse, err error)
- func (c *Connector) RenewCertificate(renewReq *certificate.RenewalRequest) (requestID string, err error)
- func (c *Connector) RequestCertificate(req *certificate.Request) (requestID string, err error)
- func (c *Connector) RequestSSHCertificate(req *certificate.SshCertRequest) (response *certificate.SshCertificateObject, err error)
- func (c *Connector) ResetCertificate(req *certificate.Request, restart bool) (err error)
- func (c *Connector) RetireCertificate(req *certificate.RetireRequest) (err error)
- func (c *Connector) RetrieveAvailableSSHTemplates() (response []certificate.SshAvaliableTemplate, err error)
- func (c *Connector) RetrieveCertificate(req *certificate.Request) (certificates *certificate.PEMCollection, err error)
- func (c *Connector) RetrieveCertificateMetaData(dn string) (*certificate.CertificateMetaData, error)
- func (c *Connector) RetrieveSSHCertificate(req *certificate.SshCertRequest) (response *certificate.SshCertificateObject, err error)
- func (c *Connector) RetrieveSshConfig(ca *certificate.SshCaTemplateRequest) (*certificate.SshConfig, error)
- func (c *Connector) RetrieveSystemVersion() (string, error)
- func (c *Connector) RevokeAccessToken(auth *endpoint.Authentication) (err error)
- func (c *Connector) RevokeCertificate(revReq *certificate.RevocationRequest) (err error)
- func (c *Connector) SearchCertificate(zone string, cn string, sans *certificate.Sans, certMinTimeLeft time.Duration) (certificateInfo *certificate.CertificateInfo, err error)
- func (c *Connector) SearchCertificates(req *certificate.SearchRequest) (*certificate.CertSearchResponse, error)
- func (c *Connector) SetHTTPClient(client *http.Client)
- func (c *Connector) SetPolicy(name string, ps *policy.PolicySpecification) (string, error)
- func (c *Connector) SetUserAgent(userAgent string)
- func (c *Connector) SetZone(z string)
- func (c *Connector) SupportSynchronousRequestCertificate() bool
- func (c *Connector) SynchronousRequestCertificate(_ *certificate.Request) (certificates *certificate.PEMCollection, err error)
- func (c *Connector) VerifyAccessToken(auth *endpoint.Authentication) (resp OauthVerifyTokenResponse, err error)
- func (c *Connector) WriteLog(logReq *endpoint.LogRequest) error
type DNToGUIDRequest
type DNToGUIDResponse
type ErrCertNotFound
- func (e *ErrCertNotFound) Error() string
- func (e *ErrCertNotFound) Unwrap() error
type IdentityEntry
type IdentityInformation
type IdentitySelfResponse
type LogPostResponse
type OauthGetRefreshTokenResponse
type OauthRefreshAccessTokenResponse
type OauthVerifyTokenResponse
type RevocationReason
type SearchRequest
type ValidateIdentityRequest
type ValidateIdentityResponse

Constants ¶

View Source

const (
	SSHCaRootPath = util.PathSeparator + "VED" + util.PathSeparator + "Certificate Authority" + util.PathSeparator + "SSH" + util.PathSeparator + "Templates"
)

Variables ¶

View Source

var RevocationReasonsMap = map[string]RevocationReason{
	"":                       0,
	"none":                   0,
	"key-compromise":         1,
	"ca-compromise":          2,
	"affiliation-changed":    3,
	"superseded":             4,
	"cessation-of-operation": 5,
}

RevocationReasonsMap maps *certificate.RevocationRequest.Reason to TPP-specific webSDK codes

Functions ¶

func GetAvailableSshTemplates ¶

func GetAvailableSshTemplates(c *Connector) ([]certificate.SshAvaliableTemplate, error)

func IsCertNotFound ¶

func IsCertNotFound(err error) bool

func NewAuthenticationError ¶

func NewAuthenticationError(b []byte) error

func NewResponseError ¶

func NewResponseError(b []byte) error

func ParseCertificateSearchResponse ¶

func ParseCertificateSearchResponse(httpStatusCode int, body []byte) (searchResult *certificate.CertSearchResponse, err error)

func PolicyExist ¶

func PolicyExist(policyName string, c *Connector) (bool, error)

func RequestSshCertificate ¶

func RequestSshCertificate(c *Connector, req *certificate.SshCertRequest) (*certificate.SshCertificateObject, error)

func RetrieveSshCaPrincipals ¶

func RetrieveSshCaPrincipals(c *Connector, ca *certificate.SshCaTemplateRequest) ([]string, error)

func RetrieveSshCertificate ¶

func RetrieveSshCertificate(c *Connector, req *certificate.SshCertRequest) (*certificate.SshCertificateObject, error)

func RetrieveSshConfig ¶

func RetrieveSshConfig(c *Connector, ca *certificate.SshCaTemplateRequest) (*certificate.SshConfig, error)

Types ¶

type BrowseIdentitiesRequest ¶ added in v5.4.0

type BrowseIdentitiesRequest struct {
	Filter       string
	Limit        int
	IdentityType int
}

type BrowseIdentitiesResponse ¶ added in v5.4.0

type BrowseIdentitiesResponse struct {
	Identities []IdentityEntry
}

type CertificateDetailsResponse ¶

type CertificateDetailsResponse struct {
	CustomFields []struct {
		Name  string
		Value []string
	}
	Consumers []string
	Disabled  bool `json:",omitempty"`
}

type CertificateSearchInfo ¶

type CertificateSearchInfo struct {
	CreatedOn   string
	DN          string
	Guid        string
	Name        string
	ParentDn    string
	SchemaClass string
	X509        certificate.CertificateInfo
}

type CertificateSearchResponse ¶

type CertificateSearchResponse struct {
	Certificates []CertificateSearchInfo `json:"Certificates"`
	Count        int                     `json:"TotalCount"`
}

type ConfigReadDNRequest ¶

type ConfigReadDNRequest struct {
	ObjectDN      string `json:",omitempty"`
	AttributeName string `json:",omitempty"`
}

type ConfigReadDNResponse ¶

type ConfigReadDNResponse struct {
	Result int      `json:",omitempty"`
	Values []string `json:",omitempty"`
}

type Connector ¶

type Connector struct {
	Identity identity
	// contains filtered or unexported fields
}

Connector contains the base data needed to communicate with a TPP Server

func NewConnector ¶

func NewConnector(url string, zone string, verbose bool, trust *x509.CertPool) (*Connector, error)

NewConnector creates a new TPP Connector object used to communicate with TPP

func (*Connector) Authenticate ¶

func (c *Connector) Authenticate(auth *endpoint.Authentication) (err error)

Authenticate authenticates the user to the TPP

func (*Connector) GenerateRequest ¶

func (c *Connector) GenerateRequest(config *endpoint.ZoneConfiguration, req *certificate.Request) (err error)

GenerateRequest creates a new certificate request, based on the zone/policy configuration and the user data

func (*Connector) GetPolicy ¶

func (c *Connector) GetPolicy(name string) (*policy.PolicySpecification, error)

func (*Connector) GetRefreshToken ¶

func (c *Connector) GetRefreshToken(auth *endpoint.Authentication) (resp OauthGetRefreshTokenResponse, err error)

GetRefreshToken Get OAuth refresh and access token

func (*Connector) GetType ¶

func (c *Connector) GetType() endpoint.ConnectorType

func (*Connector) GetZonesByParent ¶

func (c *Connector) GetZonesByParent(parent string) ([]string, error)

GetZonesByParent returns a list of valid zones for a TPP parent folder specified by parent

func (*Connector) ImportCertificate ¶

func (c *Connector) ImportCertificate(req *certificate.ImportRequest) (*certificate.ImportResponse, error)

func (*Connector) IsCSRServiceGenerated ¶

func (c *Connector) IsCSRServiceGenerated(req *certificate.Request) (bool, error)

func (*Connector) ListCertificates ¶

func (c *Connector) ListCertificates(filter endpoint.Filter) ([]certificate.CertificateInfo, error)

func (*Connector) Ping ¶

func (c *Connector) Ping() (err error)

Ping attempts to connect to the TPP Server WebSDK API and returns an error if it cannot

func (*Connector) ProvisionCertificate ¶ added in v5.7.0

func (c *Connector) ProvisionCertificate(_ *domain.ProvisioningRequest, _ *domain.ProvisioningOptions) (*domain.ProvisioningMetadata, error)

func (*Connector) ReadPolicyConfiguration ¶

func (c *Connector) ReadPolicyConfiguration() (policy *endpoint.Policy, err error)

func (*Connector) ReadZoneConfiguration ¶

func (c *Connector) ReadZoneConfiguration() (config *endpoint.ZoneConfiguration, err error)

ReadZoneConfiguration reads the policy data from TPP to get locked and pre-configured values for certificate requests

func (*Connector) RefreshAccessToken ¶

func (c *Connector) RefreshAccessToken(auth *endpoint.Authentication) (resp OauthRefreshAccessTokenResponse, err error)

RefreshAccessToken Refresh OAuth access token

func (*Connector) RenewCertificate ¶

func (c *Connector) RenewCertificate(renewReq *certificate.RenewalRequest) (requestID string, err error)

RenewCertificate attempts to renew the certificate

func (*Connector) RequestCertificate ¶

func (c *Connector) RequestCertificate(req *certificate.Request) (requestID string, err error)

RequestCertificate submits the CSR to TPP returning the DN of the requested Certificate.

func (*Connector) RequestSSHCertificate ¶

func (c *Connector) RequestSSHCertificate(req *certificate.SshCertRequest) (response *certificate.SshCertificateObject, err error)

func (*Connector) ResetCertificate ¶

func (c *Connector) ResetCertificate(req *certificate.Request, restart bool) (err error)

This function is idempotent, i.e., it won't fail if there is nothing to be reset. It returns an error of type *ErrCertNotFound if the certificate is not found.

func (*Connector) RetireCertificate ¶

func (c *Connector) RetireCertificate(req *certificate.RetireRequest) (err error)

func (*Connector) RetrieveAvailableSSHTemplates ¶

func (c *Connector) RetrieveAvailableSSHTemplates() (response []certificate.SshAvaliableTemplate, err error)

func (*Connector) RetrieveCertificate ¶

func (c *Connector) RetrieveCertificate(req *certificate.Request) (certificates *certificate.PEMCollection, err error)

RetrieveCertificate attempts to retrieve the requested certificate

func (*Connector) RetrieveCertificateMetaData ¶

func (c *Connector) RetrieveCertificateMetaData(dn string) (*certificate.CertificateMetaData, error)

func (*Connector) RetrieveSSHCertificate ¶

func (c *Connector) RetrieveSSHCertificate(req *certificate.SshCertRequest) (response *certificate.SshCertificateObject, err error)

func (*Connector) RetrieveSshConfig ¶

func (c *Connector) RetrieveSshConfig(ca *certificate.SshCaTemplateRequest) (*certificate.SshConfig, error)

func (*Connector) RetrieveSystemVersion ¶

func (c *Connector) RetrieveSystemVersion() (string, error)

requestSystemVersion returns the TPP system version of the connector context

func (*Connector) RevokeAccessToken ¶

func (c *Connector) RevokeAccessToken(auth *endpoint.Authentication) (err error)

RevokeAccessToken - call to revoke token so that it can never be used again

func (*Connector) RevokeCertificate ¶

func (c *Connector) RevokeCertificate(revReq *certificate.RevocationRequest) (err error)

RevokeCertificate attempts to revoke the certificate

func (*Connector) SearchCertificate ¶

func (c *Connector) SearchCertificate(zone string, cn string, sans *certificate.Sans, certMinTimeLeft time.Duration) (certificateInfo *certificate.CertificateInfo, err error)

func (*Connector) SearchCertificates ¶

func (c *Connector) SearchCertificates(req *certificate.SearchRequest) (*certificate.CertSearchResponse, error)

func (*Connector) SetHTTPClient ¶

func (c *Connector) SetHTTPClient(client *http.Client)

func (*Connector) SetPolicy ¶

func (c *Connector) SetPolicy(name string, ps *policy.PolicySpecification) (string, error)

func (*Connector) SetUserAgent ¶ added in v5.6.1

func (c *Connector) SetUserAgent(userAgent string)

func (*Connector) SetZone ¶

func (c *Connector) SetZone(z string)

func (*Connector) SupportSynchronousRequestCertificate ¶ added in v5.1.0

func (c *Connector) SupportSynchronousRequestCertificate() bool

SupportSynchronousRequestCertificate returns if the connector support synchronous calls to request a certificate.

func (*Connector) SynchronousRequestCertificate ¶ added in v5.1.0

func (c *Connector) SynchronousRequestCertificate(_ *certificate.Request) (certificates *certificate.PEMCollection, err error)

SynchronousRequestCertificate It's not supported yet in TPP

func (*Connector) VerifyAccessToken ¶

func (c *Connector) VerifyAccessToken(auth *endpoint.Authentication) (resp OauthVerifyTokenResponse, err error)

VerifyAccessToken - call to check whether token is valid and, if so, return its properties

func (*Connector) WriteLog ¶

func (c *Connector) WriteLog(logReq *endpoint.LogRequest) error

type DNToGUIDRequest ¶

type DNToGUIDRequest struct {
	ObjectDN string `json:"ObjectDN"`
}

type DNToGUIDResponse ¶

type DNToGUIDResponse struct {
	ClassName        string `json:"ClassName"`
	GUID             string `json:"GUID"`
	HierarchicalGUID string `json:"HierarchicalGUID"`
	Result           int    `json:"Result"`
	Revision         int    `json:"Revision"`
}

type ErrCertNotFound ¶

type ErrCertNotFound struct {
	// contains filtered or unexported fields
}

func (*ErrCertNotFound) Error ¶

func (e *ErrCertNotFound) Error() string

func (*ErrCertNotFound) Unwrap ¶

func (e *ErrCertNotFound) Unwrap() error

type IdentityEntry ¶ added in v5.4.0

type IdentityEntry struct {
	FullName          string `json:",omitempty"`
	Name              string `json:",omitempty"`
	Prefix            string `json:",omitempty"`
	PrefixedName      string `json:",omitempty"`
	PrefixedUniversal string `json:",omitempty"`
	Type              int    `json:",omitempty"`
	Universal         string `json:",omitempty"`
}

type IdentityInformation ¶ added in v5.4.0

type IdentityInformation struct {
	PrefixedUniversal string
}

type IdentitySelfResponse ¶ added in v5.4.0

type IdentitySelfResponse struct {
	Identities []IdentityEntry
}

type LogPostResponse ¶

type LogPostResponse struct {
	LogResult int `json:"LogResult"`
}

type OauthGetRefreshTokenResponse ¶

type OauthGetRefreshTokenResponse struct {
	Access_token  string `json:"access_token,omitempty"`
	Expires       int    `json:"expires,omitempty"`
	ExpiresIn     int    `json:"expires_in,omitempty"` //Attribute added as it's used on vSSH
	Identity      string `json:"identity,omitempty"`
	Refresh_token string `json:"refresh_token,omitempty"`
	Refresh_until int    `json:"refresh_until,omitempty"`
	Scope         string `json:"scope,omitempty"`
	Token_type    string `json:"token_type,omitempty"`
}

type OauthRefreshAccessTokenResponse ¶

type OauthRefreshAccessTokenResponse struct {
	Access_token  string `json:"access_token,omitempty"`
	Expires       int    `json:"expires,omitempty"`
	Identity      string `json:"identity,omitempty"`
	Refresh_token string `json:"refresh_token,omitempty"`
	Refresh_until int    `json:"refresh_until,omitempty"`
	Token_type    string `json:"token_type,omitempty"`
}

type OauthVerifyTokenResponse ¶

type OauthVerifyTokenResponse struct {
	AccessIssuedOn string `json:"access_issued_on_ISO8601,omitempty"`
	ClientID       string `json:"application,omitempty"`
	Expires        string `json:"expires_ISO8601,omitempty"`
	GrantIssuedOn  string `json:"grant_issued_on_ISO8601,omitempty"`
	Identity       string `json:"identity,omitempty"`
	Scope          string `json:"scope,omitempty"`
	ValidFor       int    `json:"valid_for,omitempty"`
}

type RevocationReason ¶

type RevocationReason int

type SearchRequest ¶

type SearchRequest []string

type ValidateIdentityRequest ¶ added in v5.4.0

type ValidateIdentityRequest struct {
	ID IdentityInformation
}

type ValidateIdentityResponse ¶ added in v5.4.0

type ValidateIdentityResponse struct {
	ID IdentityEntry
}

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL