Documentation
¶
Overview ¶
Package api implements an HTTP-based API and server for CF-SSL.
Index ¶
- func CSRValidate(req *csr.CertificateRequest) error
- func NewBundleHandler(caBundleFile, intBundleFile string) (http.Handler, error)
- func NewCertGeneratorHandler(validator Validator, caFile, caKeyFile string) (http.Handler, error)
- func NewGeneratorHandler(validator Validator) (http.Handler, error)
- func NewInitCAHandler() http.Handler
- func NewRemoteCertGenerator(validator Validator, remote string) (http.Handler, error)
- func NewSignHandler(caFile, cakeyFile string) (http.Handler, error)
- type BundlerHandler
- type CertGeneratorHandler
- type CertRequest
- type GeneratorHandler
- type Handler
- type HandlerFunc
- type HttpHandler
- type NewCA
- type RemoteCertGeneratorHandler
- type Response
- type ResponseMessage
- type SignHandler
- type Validator
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func CSRValidate ¶
func CSRValidate(req *csr.CertificateRequest) error
CSRValidate contains the default validation logic for certificate requests to the API server. This follows the Baseline Requirements for the Issuance and Management of Publicly-Trusted Certificates, v.1.1.6, from the CA/Browser Forum (https://cabforum.org). Specifically, section 10.2.3 ("Information Requirements"), states:
"Applicant information MUST include, but not be limited to, at least one Fully-Qualified Domain Name or IP address to be included in the Certificate’s SubjectAltName extension."
func NewBundleHandler ¶
func NewCertGeneratorHandler ¶
NewGeneratorHandler builds a new GeneratorHandler from the validation function provided.
func NewGeneratorHandler ¶
NewGeneratorHandler builds a new GeneratorHandler from the validation function provided.
func NewInitCAHandler ¶
NewInitCAHandler returns a new http.Handler that handles request to initialize a CA.
func NewRemoteCertGenerator ¶
Types ¶
type BundlerHandler ¶
type BundlerHandler struct {
// contains filtered or unexported fields
}
BundlerHandler accepts requests for either remote or uploaded certificates to be bundled, and returns a certificate bundle (or error).
func (*BundlerHandler) Handle ¶
func (h *BundlerHandler) Handle(w http.ResponseWriter, r *http.Request) error
type CertGeneratorHandler ¶
type CertGeneratorHandler struct {
// contains filtered or unexported fields
}
A CertGeneratorHandler accepts JSON-encoded certificate requests and returns a new private key and signed certificate; it handles sending the CSR to the server.
func (*CertGeneratorHandler) Handle ¶
func (cg *CertGeneratorHandler) Handle(w http.ResponseWriter, r *http.Request) error
Handle responds to requests for the CA to generate a new private key and certificate on behalf of the client. The format for these requests is documented in the API documentation.
type CertRequest ¶
A CertRequest stores a PEM-encoded private key and corresponding CSR; this is returned from the CSR generation endpoint.
type GeneratorHandler ¶
type GeneratorHandler struct {
// contains filtered or unexported fields
}
A GeneratorHandler accepts JSON-encoded certificate requests and returns a new private key and certificate request.
func (*GeneratorHandler) Handle ¶
func (g *GeneratorHandler) Handle(w http.ResponseWriter, r *http.Request) error
Handle responds to requests for the CA to generate a new private key and certificate request on behalf of the client. The format for these requests is documented in the API documentation.
type Handler ¶
type Handler interface {
Handle(w http.ResponseWriter, r *http.Request) error
}
Handler is an interface providing a generic mechanism for handling HTTP requests.
type HandlerFunc ¶
type HandlerFunc func(http.ResponseWriter, *http.Request) error
Similar to http.HandlerFunc, HandlerFunc type is an adapter to allow the use of ordinary functions as Handlers. If f is a function with the appropriate signature, HandlerFunc(f) is a Handler object that calls f.
func (HandlerFunc) Handle ¶
func (f HandlerFunc) Handle(w http.ResponseWriter, r *http.Request) error
Handle calls f(w, r)
type HttpHandler ¶
HttpHandler is a wrapper that encapsulates Handler interface as http.Handler. HttpHandler also enforces that the Handler only responds to requests with registered HTTP method.
func (HttpHandler) ServeHTTP ¶
func (h HttpHandler) ServeHTTP(w http.ResponseWriter, r *http.Request)
ServeHTTP encapsulates the call to underlying Handler to handle the request and return the response with proper HTTP status code
type NewCA ¶
A NewCA contains a private key and certificate suitable for serving as the root key for a new certificate authority.
type RemoteCertGeneratorHandler ¶
type RemoteCertGeneratorHandler struct {
// contains filtered or unexported fields
}
func (*RemoteCertGeneratorHandler) Handle ¶
func (rcg *RemoteCertGeneratorHandler) Handle(w http.ResponseWriter, r *http.Request) error
type Response ¶
type Response struct {
Success bool `json:"success"`
Result interface{} `json:"result"`
Errors []ResponseMessage `json:"errors"`
Messages []ResponseMessage `json:"messages"`
}
Response implements the CloudFlare standard for API responses. CFSSL does not currently use the messages field, but it is provided for compatability.
type ResponseMessage ¶
ResponseMessage implements the standard for response errors and messages. A message has a code and a string message.
type SignHandler ¶
type SignHandler struct {
// contains filtered or unexported fields
}
A SignHandler accepts requests with a hostname and certficate parameter (which should be PEM-encoded) and returns a new signed certificate.
func (*SignHandler) Handle ¶
func (h *SignHandler) Handle(w http.ResponseWriter, r *http.Request) error
Handle responds to requests for the CA to sign the certificate present in the "cert" parameter for the host named in the "hostname" parameter. The certificate should be PEM-encoded.
type Validator ¶
type Validator func(*csr.CertificateRequest) error
Source Files
Directories