Documentation ¶
Index ¶
- Constants
- Variables
- type AWSInstanceIdentityDocument
- type Algorithm
- type AsymmetricKey
- type CertificateAuthority
- type CertificateMetadata
- type CertificateParameters
- type CertificateRequest
- type ContextKey
- type DeviceEnrollmentRequest
- type DeviceEnrollmentResponse
- type DistinguishedName
- type EC2InstanceMetadata
- type EndpointCertificateIssueRequest
- type Extensions
- type Node
- type NodeAttestation
- type Output
- type ProvisionerAccountPayload
- type ServiceAccountPayload
- type SignatureAlgorithm
- type SignedCertificate
- type SigningRequest
Constants ¶
View Source
const ( // Context Metadata ServiceAuthenticationContextKey ContextKey = iota ProvisionerAuthenticationContextKey ContextKey = iota UserAuthenticationContextKey ContextKey = iota EnrollmentAuthenticationContextKey ContextKey = iota // User Permissions ADMIN = "ADMIN" PRIVILEGED = "PRIVILEGED" READ = "READ" )
Variables ¶
View Source
var Attestation = Node{
AWS_IID: "AWS_IID",
}
View Source
var CertificateRequestExtension = map[string]Extensions{ "EndEntityClientAuthCertificate": { KeyUsage: x509.KeyUsageDigitalSignature | x509.KeyUsageKeyEncipherment, ExtendedKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth}, TemplateArn: "arn:aws:acm-pca:::template/EndEntityClientAuthCertificate/V1", }, "EndEntityServerAuthCertificate": { KeyUsage: x509.KeyUsageDigitalSignature | x509.KeyUsageKeyEncipherment, ExtendedKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth}, TemplateArn: "arn:aws:acm-pca:::template/EndEntityServerAuthCertificate/V1", }, "CodeSigningCertificate": { KeyUsage: x509.KeyUsageDigitalSignature, ExtendedKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageCodeSigning}, TemplateArn: "arn:aws:acm-pca:::template/CodeSigningCertificate/V1", }, }
View Source
var PublicKeyAlgorithms = map[string]Algorithm{ "RSA": { Algorithm: x509.RSA, KeySize: map[int]any{ 2048: true, 4096: true, }, Signature: map[string]bool{ "SHA256WITHRSA": true, "SHA384WITHRSA": true, "SHA512WITHRSA": true, }, SigningAlgorithm: map[x509.SignatureAlgorithm]bool{ x509.SHA256WithRSA: true, x509.SHA384WithRSA: true, x509.SHA512WithRSA: true, }, }, "ECDSA": { Algorithm: x509.ECDSA, KeySize: map[int]any{ 256: elliptic.P256(), 384: elliptic.P384(), 521: elliptic.P521(), }, Signature: map[string]bool{ "SHA256WITHECDSA": true, "SHA384WITHECDSA": true, "SHA512WITHECDSA": true, }, SigningAlgorithm: map[x509.SignatureAlgorithm]bool{ x509.ECDSAWithSHA256: true, x509.ECDSAWithSHA384: true, x509.ECDSAWithSHA512: true, }, }, "Ed25519": { Algorithm: x509.Ed25519, KeySize: map[int]any{ 256: true, }, }, }
View Source
var SubordinatePath string
View Source
var ValidNodeAttestation = map[string]bool{ "None": false, "AWS": true, }
View Source
var ValidSignatures = map[string]SignatureAlgorithm{ "SHA256WITHECDSA": { Common: x509.ECDSAWithSHA256, PCA: types.SigningAlgorithmSha256withecdsa, }, "SHA384WITHECDSA": { Common: x509.ECDSAWithSHA384, PCA: types.SigningAlgorithmSha384withecdsa, }, "SHA512WITHECDSA": { Common: x509.ECDSAWithSHA512, PCA: types.SigningAlgorithmSha512withecdsa, }, "SHA256WITHRSA": { Common: x509.SHA256WithRSA, PCA: types.SigningAlgorithmSha256withrsa, }, "SHA384WITHRSA": { Common: x509.SHA384WithRSA, PCA: types.SigningAlgorithmSha384withrsa, }, "SHA512WITHRSA": { Common: x509.SHA512WithRSA, PCA: types.SigningAlgorithmSha512withrsa, }, }
Functions ¶
This section is empty.
Types ¶
type AWSInstanceIdentityDocument ¶
type AWSInstanceIdentityDocument struct { RoleArn string `json:"instance_profile_arn,omitempty"` AssumeRole string `json:"assume_role,omitempty"` SecurityGroups []string `json:"security_groups,omitempty"` Region string `json:"region,omitempty"` InstanceID string `json:"instance_id,omitempty"` ImageID string `json:"image_id,omitempty"` InstanceTags map[string]string `json:"instance_tags,omitempty"` }
type Algorithm ¶
type Algorithm struct { Algorithm x509.PublicKeyAlgorithm KeySize map[int]any Signature map[string]bool SigningAlgorithm map[x509.SignatureAlgorithm]bool }
type AsymmetricKey ¶
type CertificateAuthority ¶
type CertificateAuthority struct { Certificate *x509.Certificate AsymmetricKey *AsymmetricKey SerialNumber string CertificateAuthorityArn string }
type CertificateMetadata ¶
type CertificateParameters ¶
type CertificateRequest ¶
type CertificateRequest struct { CommonName string SubjectAlternateNames []string DistinguishedName DistinguishedName SigningAlgorithm x509.SignatureAlgorithm PublicKeyAlgorithm x509.PublicKeyAlgorithm KeySize int Output Output }
type ContextKey ¶
type ContextKey int
type DeviceEnrollmentRequest ¶
type DistinguishedName ¶
type EC2InstanceMetadata ¶
type EndpointCertificateIssueRequest ¶
type EndpointCertificateIssueRequest struct { }
type Extensions ¶
type Extensions struct { KeyUsage x509.KeyUsage ExtendedKeyUsage []x509.ExtKeyUsage TemplateArn string }
type NodeAttestation ¶
type NodeAttestation struct {
AWSInstanceIdentityDocument AWSInstanceIdentityDocument `json:"aws_iid"`
}
type ProvisionerAccountPayload ¶
type ProvisionerAccountPayload struct { ClientId uuid.UUID `json:"client_id"` ProvisionerAccount string `json:"provisioner_account"` Environments []string `json:"environments"` ValidSubjectAlternateNames []string `json:"subject_alternate_names"` MaxCertificateValidity uint32 `json:"max_certificate_validity"` ExtendedKeys []string `json:"certificate_request_extension"` RegularExpression string `json:"regular_expression"` }
type ServiceAccountPayload ¶
type ServiceAccountPayload struct { ServiceID uuid.UUID `json:"service_id"` ServiceAccount string `json:"service_account"` Environment string `json:"environment"` ValidSubjectAlternateName []string `json:"subject_alternate_name"` ValidCertificateAuthorities []string `json:"certificate_authorities"` CertificateValidity int16 `json:"certificate_validity"` SubordinateCa string `json:"subordinate_ca"` ExtendedKey string `json:"certificate_request_extension"` SANRegularExpression string `json:"regular_expression"` }
type SignatureAlgorithm ¶
type SignatureAlgorithm struct { Common x509.SignatureAlgorithm PCA types.SigningAlgorithm }
type SignedCertificate ¶
Click to show internal directories.
Click to hide internal directories.