Documentation ¶
Index ¶
- Constants
- Variables
- type AWSInstanceIdentityDocument
- type Algorithm
- type AsymmetricKey
- type CertificateAuthority
- type CertificateMetadata
- type CertificateParameters
- type CertificateRequest
- type DeviceEnrollmentRequest
- type DeviceEnrollmentResponse
- type DistinguishedName
- type EC2InstanceMetadata
- type EndpointCertificateIssueRequest
- type Extensions
- type Node
- type NodeAttestation
- type Output
- type ServiceAccount
- type SignatureAlgorithm
- type SigningRequest
Constants ¶
View Source
const ( // Context Metadata AuthorizationPayloadKey = "authorization_payload" LoggingContextKey = "request_header_context" ClientAuthorizationPayload = "client_authorization_payload" EnrollmentAuthorizationPayload = "enrollment_authorization_payload" )
Variables ¶
View Source
var Attestation = Node{
AWS_IID: "AWS_IID",
}
View Source
var CertificateRequestExtension = map[string]Extensions{ "EndEntityClientAuthCertificate": { KeyUsage: x509.KeyUsageDigitalSignature | x509.KeyUsageKeyEncipherment, ExtendedKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth}, TemplateArn: "arn:aws:acm-pca:::template/EndEntityClientAuthCertificate/V1", }, "EndEntityServerAuthCertificate": { KeyUsage: x509.KeyUsageDigitalSignature | x509.KeyUsageKeyEncipherment, ExtendedKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth}, TemplateArn: "arn:aws:acm-pca:::template/EndEntityServerAuthCertificate/V1", }, "CodeSigningCertificate": { KeyUsage: x509.KeyUsageDigitalSignature, ExtendedKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageCodeSigning}, TemplateArn: "arn:aws:acm-pca:::template/CodeSigningCertificate/V1", }, }
View Source
var SubordinatePath string
View Source
var ValidAlgorithms = map[string]Algorithm{ "RSA": { Algorithm: x509.RSA, KeySize: map[int]bool{ 2048: true, 4096: true, }, Signature: map[string]bool{ "SHA256WITHRSA": true, "SHA384WITHRSA": true, "SHA512WITHRSA": true, }, }, "ECDSA": { Algorithm: x509.ECDSA, KeySize: map[int]bool{ 256: true, 384: true, 521: true, }, Signature: map[string]bool{ "SHA256WITHECDSA": true, "SHA384WITHECDSA": true, "SHA512WITHECDSA": true, }, }, }
View Source
var ValidNodeAttestation = map[string]bool{ "None": false, "AWS": true, }
View Source
var ValidSignatures = map[string]SignatureAlgorithm{ "SHA256WITHECDSA": { Common: x509.ECDSAWithSHA256, PCA: types.SigningAlgorithmSha256withecdsa, }, "SHA384WITHECDSA": { Common: x509.ECDSAWithSHA384, PCA: types.SigningAlgorithmSha384withecdsa, }, "SHA512WITHECDSA": { Common: x509.ECDSAWithSHA512, PCA: types.SigningAlgorithmSha512withecdsa, }, "SHA256WITHRSA": { Common: x509.SHA256WithRSA, PCA: types.SigningAlgorithmSha256withrsa, }, "SHA384WITHRSA": { Common: x509.SHA384WithRSA, PCA: types.SigningAlgorithmSha384withrsa, }, "SHA512WITHRSA": { Common: x509.SHA512WithRSA, PCA: types.SigningAlgorithmSha512withrsa, }, }
Functions ¶
This section is empty.
Types ¶
type AWSInstanceIdentityDocument ¶
type AWSInstanceIdentityDocument struct { RoleArn string `json:"instance_profile_arn,omitempty"` AssumeRole string `json:"assume_role,omitempty"` SecurityGroups []string `json:"security_groups,omitempty"` Region string `json:"region,omitempty"` InstanceID string `json:"instance_id,omitempty"` ImageID string `json:"image_id,omitempty"` InstanceTags map[string]string `json:"instance_tags,omitempty"` }
type AsymmetricKey ¶
type CertificateAuthority ¶
type CertificateAuthority struct { Certificate *x509.Certificate AsymmetricKey *AsymmetricKey SerialNumber string CertificateAuthorityArn string }
type CertificateMetadata ¶
type CertificateParameters ¶
type CertificateRequest ¶
type CertificateRequest struct { CommonName string SubjectAlternateNames []string DistinguishedName DistinguishedName SigningAlgorithm x509.SignatureAlgorithm PublicKeyAlgorithm x509.PublicKeyAlgorithm KeySize int Output Output }
type DeviceEnrollmentRequest ¶
type DistinguishedName ¶
type EC2InstanceMetadata ¶
type EndpointCertificateIssueRequest ¶
type EndpointCertificateIssueRequest struct { }
type Extensions ¶
type Extensions struct { KeyUsage x509.KeyUsage ExtendedKeyUsage []x509.ExtKeyUsage TemplateArn string }
type NodeAttestation ¶
type NodeAttestation struct {
AWSInstanceIdentityDocument AWSInstanceIdentityDocument `json:"aws_iid"`
}
type ServiceAccount ¶
type ServiceAccount struct { ClientID uuid.UUID `json:"client_id"` ApiToken string `json:"api_token,omitempty" ` ServiceAccount string `json:"service_account"` Environment string `json:"environment,omitempty"` Team string `json:"team"` Email string `json:"email"` SANRegularExpression string `json:"regular_expression,omitempty"` ValidSubjectAlternateName []string `json:"valid_subject_alternate_name"` ValidCertificateAuthorities []string `json:"valid_certificate_authorities"` CertificateValidity int16 `json:"certificate_validity"` ExtendedKey string `json:"extended_key"` NodeAttestation NodeAttestation `json:"node_attestation"` CreatedAt time.Time `json:"created_at"` CreatedBy uuid.UUID `json:"created_by"` }
type SignatureAlgorithm ¶
type SignatureAlgorithm struct { Common x509.SignatureAlgorithm PCA types.SigningAlgorithm }
Click to show internal directories.
Click to hide internal directories.