api

package
v0.0.0-...-f9ba299 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jul 11, 2014 License: BSD-2-Clause Imports: 11 Imported by: 0

Documentation

Overview

Package api implements an HTTP-based API and server for CF-SSL.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func CSRValidate

func CSRValidate(req *csr.CertificateRequest) error

CSRValidate contains the default validation logic for certificate requests to the API server. This follows the Baseline Requirements for the Issuance and Management of Publicly-Trusted Certificates, v.1.1.6, from the CA/Browser Forum (https://cabforum.org). Specifically, section 10.2.3 ("Information Requirements"), states:

"Applicant information MUST include, but not be limited to, at least one Fully-Qualified Domain Name or IP address to be included in the Certificate’s SubjectAltName extension."

func NewBundleHandler

func NewBundleHandler(caBundleFile, intBundleFile string) (http.Handler, error)

func NewCertGeneratorHandler

func NewCertGeneratorHandler(validator Validator, caFile, caKeyFile string) (http.Handler, error)

NewGeneratorHandler builds a new GeneratorHandler from the validation function provided.

func NewGeneratorHandler

func NewGeneratorHandler(validator Validator) (http.Handler, error)

NewGeneratorHandler builds a new GeneratorHandler from the validation function provided.

func NewInitCAHandler

func NewInitCAHandler() http.Handler

NewInitCAHandler returns a new http.Handler that handles request to initialize a CA.

func NewRemoteCertGenerator

func NewRemoteCertGenerator(validator Validator, remote string) (http.Handler, error)

func NewSignHandler

func NewSignHandler(caFile, cakeyFile string) (http.Handler, error)

NewSignHandler generates a new SignHandler using the certificate authority private key and certficate to sign certificates.

Types

type BundlerHandler

type BundlerHandler struct {
	// contains filtered or unexported fields
}

BundlerHandler accepts requests for either remote or uploaded certificates to be bundled, and returns a certificate bundle (or error).

func (*BundlerHandler) Handle

type CertGeneratorHandler

type CertGeneratorHandler struct {
	// contains filtered or unexported fields
}

A CertGeneratorHandler accepts JSON-encoded certificate requests and returns a new private key and signed certificate; it handles sending the CSR to the server.

func (*CertGeneratorHandler) Handle

Handle responds to requests for the CA to generate a new private key and certificate on behalf of the client. The format for these requests is documented in the API documentation.

type CertRequest

type CertRequest struct {
	Key string `json:"key"`
	CSR string `json:"csr"`
}

A CertRequest stores a PEM-encoded private key and corresponding CSR; this is returned from the CSR generation endpoint.

type GeneratorHandler

type GeneratorHandler struct {
	// contains filtered or unexported fields
}

A GeneratorHandler accepts JSON-encoded certificate requests and returns a new private key and certificate request.

func (*GeneratorHandler) Handle

Handle responds to requests for the CA to generate a new private key and certificate request on behalf of the client. The format for these requests is documented in the API documentation.

type Handler

type Handler interface {
	Handle(w http.ResponseWriter, r *http.Request) error
}

Handler is an interface providing a generic mechanism for handling HTTP requests.

type HandlerFunc

type HandlerFunc func(http.ResponseWriter, *http.Request) error

Similar to http.HandlerFunc, HandlerFunc type is an adapter to allow the use of ordinary functions as Handlers. If f is a function with the appropriate signature, HandlerFunc(f) is a Handler object that calls f.

func (HandlerFunc) Handle

func (f HandlerFunc) Handle(w http.ResponseWriter, r *http.Request) error

Handle calls f(w, r)

type HttpHandler

type HttpHandler struct {
	Handler        // CFSSL handler
	Method  string // The assoicated HTTP method
}

HttpHandler is a wrapper that encapsulates Handler interface as http.Handler. HttpHandler also enforces that the Handler only responds to requests with registered HTTP method.

func (HttpHandler) ServeHTTP

func (h HttpHandler) ServeHTTP(w http.ResponseWriter, r *http.Request)

ServeHTTP encapsulates the call to underlying Handler to handle the request and return the response with proper HTTP status code

type NewCA

type NewCA struct {
	Key  string `json:"private_key"`
	Cert string `json:"certificate"`
}

A NewCA contains a private key and certificate suitable for serving as the root key for a new certificate authority.

type RemoteCertGeneratorHandler

type RemoteCertGeneratorHandler struct {
	// contains filtered or unexported fields
}

func (*RemoteCertGeneratorHandler) Handle

type Response

type Response struct {
	Success  bool              `json:"success"`
	Result   interface{}       `json:"result"`
	Errors   []ResponseMessage `json:"errors"`
	Messages []ResponseMessage `json:"messages"`
}

Response implements the CloudFlare standard for API responses. CFSSL does not currently use the messages field, but it is provided for compatability.

type ResponseMessage

type ResponseMessage struct {
	Code    int    `json:"int"`
	Message string `json:"message"`
}

ResponseMessage implements the standard for response errors and messages. A message has a code and a string message.

type SignHandler

type SignHandler struct {
	// contains filtered or unexported fields
}

A SignHandler accepts requests with a hostname and certficate parameter (which should be PEM-encoded) and returns a new signed certificate.

func (*SignHandler) Handle

func (h *SignHandler) Handle(w http.ResponseWriter, r *http.Request) error

Handle responds to requests for the CA to sign the certificate present in the "cert" parameter for the host named in the "hostname" parameter. The certificate should be PEM-encoded.

type Validator

type Validator func(*csr.CertificateRequest) error

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL