types

package

v0.0.3-beta Latest Latest Go to latest Published: Oct 18, 2023 License: Apache-2.0 Imports: 7 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/coinbase/baseca

Documentation ¶

Constants ¶

View Source

const (
	// Context Metadata
	ServiceAuthenticationContextKey     ContextKey = iota
	ProvisionerAuthenticationContextKey ContextKey = iota
	UserAuthenticationContextKey        ContextKey = iota
	EnrollmentAuthenticationContextKey  ContextKey = iota

	// User Permissions
	ADMIN      = "ADMIN"
	PRIVILEGED = "PRIVILEGED"
	READ       = "READ"
)

Variables ¶

View Source

var Attestation = Node{
	AWS_IID: "AWS_IID",
}

View Source

var CertificateRequestExtension = map[string]Extensions{
	"EndEntityClientAuthCertificate": {
		KeyUsage:         x509.KeyUsageDigitalSignature | x509.KeyUsageKeyEncipherment,
		ExtendedKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth},
		TemplateArn:      "arn:aws:acm-pca:::template/EndEntityClientAuthCertificate/V1",
	},
	"EndEntityServerAuthCertificate": {
		KeyUsage:         x509.KeyUsageDigitalSignature | x509.KeyUsageKeyEncipherment,
		ExtendedKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth},
		TemplateArn:      "arn:aws:acm-pca:::template/EndEntityServerAuthCertificate/V1",
	},
	"CodeSigningCertificate": {
		KeyUsage:         x509.KeyUsageDigitalSignature,
		ExtendedKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageCodeSigning},
		TemplateArn:      "arn:aws:acm-pca:::template/CodeSigningCertificate/V1",
	},
}

View Source

var PublicKeyAlgorithms = map[string]Algorithm{
	"RSA": {
		Algorithm: x509.RSA,
		KeySize: map[int]any{
			2048: true,
			4096: true,
		},
		Signature: map[string]bool{
			"SHA256WITHRSA": true,
			"SHA384WITHRSA": true,
			"SHA512WITHRSA": true,
		},
		SigningAlgorithm: map[x509.SignatureAlgorithm]bool{
			x509.SHA256WithRSA: true,
			x509.SHA384WithRSA: true,
			x509.SHA512WithRSA: true,
		},
	},
	"ECDSA": {
		Algorithm: x509.ECDSA,
		KeySize: map[int]any{
			256: elliptic.P256(),
			384: elliptic.P384(),
			521: elliptic.P521(),
		},
		Signature: map[string]bool{
			"SHA256WITHECDSA": true,
			"SHA384WITHECDSA": true,
			"SHA512WITHECDSA": true,
		},
		SigningAlgorithm: map[x509.SignatureAlgorithm]bool{
			x509.ECDSAWithSHA256: true,
			x509.ECDSAWithSHA384: true,
			x509.ECDSAWithSHA512: true,
		},
	},

	"Ed25519": {
		Algorithm: x509.Ed25519,
		KeySize: map[int]any{
			256: true,
		},
	},
}

View Source

var SubordinatePath string

View Source

var ValidNodeAttestation = map[string]bool{
	"None": false,
	"AWS":  true,
}

View Source

var ValidSignatures = map[string]SignatureAlgorithm{
	"SHA256WITHECDSA": {
		Common: x509.ECDSAWithSHA256,
		PCA:    types.SigningAlgorithmSha256withecdsa,
	},
	"SHA384WITHECDSA": {
		Common: x509.ECDSAWithSHA384,
		PCA:    types.SigningAlgorithmSha384withecdsa,
	},
	"SHA512WITHECDSA": {
		Common: x509.ECDSAWithSHA512,
		PCA:    types.SigningAlgorithmSha512withecdsa,
	},
	"SHA256WITHRSA": {
		Common: x509.SHA256WithRSA,
		PCA:    types.SigningAlgorithmSha256withrsa,
	},
	"SHA384WITHRSA": {
		Common: x509.SHA384WithRSA,
		PCA:    types.SigningAlgorithmSha384withrsa,
	},
	"SHA512WITHRSA": {
		Common: x509.SHA512WithRSA,
		PCA:    types.SigningAlgorithmSha512withrsa,
	},
}

Functions ¶

This section is empty.

Types ¶

type AWSInstanceIdentityDocument ¶

type AWSInstanceIdentityDocument struct {
	RoleArn        string            `json:"instance_profile_arn,omitempty"`
	AssumeRole     string            `json:"assume_role,omitempty"`
	SecurityGroups []string          `json:"security_groups,omitempty"`
	Region         string            `json:"region,omitempty"`
	InstanceID     string            `json:"instance_id,omitempty"`
	ImageID        string            `json:"image_id,omitempty"`
	InstanceTags   map[string]string `json:"instance_tags,omitempty"`
}

type Algorithm ¶

type Algorithm struct {
	Algorithm        x509.PublicKeyAlgorithm
	KeySize          map[int]any
	Signature        map[string]bool
	SigningAlgorithm map[x509.SignatureAlgorithm]bool
}

type AsymmetricKey ¶

type AsymmetricKey interface {
	KeyPair() any
	Sign(data []byte) ([]byte, error)
}

type CertificateAuthority ¶

type CertificateAuthority struct {
	Certificate             *x509.Certificate
	AsymmetricKey           *AsymmetricKey
	SerialNumber            string
	CertificateAuthorityArn string
}

type CertificateMetadata ¶

type CertificateMetadata struct {
	SerialNumber            string
	CommonName              string
	SubjectAlternativeName  []string
	ExpirationDate          time.Time
	IssuedDate              time.Time
	CaSerialNumber          string
	CertificateAuthorityArn string
	Revoked                 bool
	RevokedBy               string
	RevokeDate              time.Time
}

type CertificateParameters ¶

type CertificateParameters struct {
	Region     string
	CaArn      string
	AssumeRole bool
	RoleArn    string
	Validity   int
	RootCa     bool
}

type CertificateRequest ¶

type CertificateRequest struct {
	CommonName            string
	SubjectAlternateNames []string
	DistinguishedName     DistinguishedName
	SigningAlgorithm      x509.SignatureAlgorithm
	PublicKeyAlgorithm    x509.PublicKeyAlgorithm
	KeySize               int
	Output                Output
}

type ContextKey ¶

type ContextKey int

type DeviceEnrollmentRequest ¶

type DeviceEnrollmentRequest struct {
	SerialNumber string `json:"serial_number" binding:"required"`
	Environment  string `json:"environment" binding:"required,ca_environment"`
}

type DeviceEnrollmentResponse ¶

type DeviceEnrollmentResponse struct {
	SerialNumber string `json:"serial_number"`
	Credentials  string `json:"credentials"`
}

type DistinguishedName ¶

type DistinguishedName struct {
	Country            []string
	Province           []string
	Locality           []string
	Organization       []string
	OrganizationalUnit []string
}

type EC2InstanceMetadata ¶

type EC2InstanceMetadata struct {
	InstanceIdentityDocument  []byte `json:"instance_identity_document"`
	InstanceIdentitySignature []byte `json:"instance_identity_signature"`
}

type EndpointCertificateIssueRequest ¶

type EndpointCertificateIssueRequest struct {
}

type Extensions ¶

type Extensions struct {
	KeyUsage         x509.KeyUsage
	ExtendedKeyUsage []x509.ExtKeyUsage
	TemplateArn      string
}

type Node ¶

type Node struct {
	AWS_IID string
}

type NodeAttestation ¶

type NodeAttestation struct {
	AWSInstanceIdentityDocument AWSInstanceIdentityDocument `json:"aws_iid"`
}

type Output ¶

type Output struct {
	CertificateSigningRequest string
	Certificate               string
	CertificateChain          string
	PrivateKey                string
}

type ProvisionerAccountPayload ¶

type ProvisionerAccountPayload struct {
	ClientId                   uuid.UUID `json:"client_id"`
	ProvisionerAccount         string    `json:"provisioner_account"`
	Environments               []string  `json:"environments"`
	ValidSubjectAlternateNames []string  `json:"subject_alternate_names"`
	MaxCertificateValidity     uint32    `json:"max_certificate_validity"`
	ExtendedKeys               []string  `json:"certificate_request_extension"`
	RegularExpression          string    `json:"regular_expression"`
}

type ServiceAccountPayload ¶

type ServiceAccountPayload struct {
	ServiceID                   uuid.UUID `json:"service_id"`
	ServiceAccount              string    `json:"service_account"`
	Environment                 string    `json:"environment"`
	ValidSubjectAlternateName   []string  `json:"subject_alternate_name"`
	ValidCertificateAuthorities []string  `json:"certificate_authorities"`
	CertificateValidity         int16     `json:"certificate_validity"`
	SubordinateCa               string    `json:"subordinate_ca"`
	ExtendedKey                 string    `json:"certificate_request_extension"`
	SANRegularExpression        string    `json:"regular_expression"`
}

type SignatureAlgorithm ¶

type SignatureAlgorithm struct {
	Common x509.SignatureAlgorithm
	PCA    types.SigningAlgorithm
}

type SignedCertificate ¶

type SignedCertificate struct {
	CertificatePath                  string
	IntermediateCertificateChainPath string
	RootCertificateChainPath         string
}

type SigningRequest ¶

type SigningRequest struct {
	CSR        *bytes.Buffer
	PrivateKey *pem.Block
}

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL

Documentation ¶

Index ¶

Constants ¶

Variables ¶

Functions ¶

Types ¶

type AWSInstanceIdentityDocument ¶

type Algorithm ¶

type AsymmetricKey ¶

type CertificateAuthority ¶

type CertificateMetadata ¶

type CertificateParameters ¶

type CertificateRequest ¶

type ContextKey ¶

type DeviceEnrollmentRequest ¶

type DeviceEnrollmentResponse ¶

type DistinguishedName ¶

type EC2InstanceMetadata ¶

type EndpointCertificateIssueRequest ¶

type Extensions ¶

type Node ¶

type NodeAttestation ¶

type Output ¶

type ProvisionerAccountPayload ¶

type ServiceAccountPayload ¶

type SignatureAlgorithm ¶

type SignedCertificate ¶

type SigningRequest ¶

Source Files ¶