server

package
v0.0.0-...-9c6c125 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jan 18, 2017 License: Apache-2.0 Imports: 53 Imported by: 2

Documentation

Index

Constants

This section is empty.

Variables

View Source
var InitServerCommand = &cli.Command{UsageText: initUsageText, Flags: initFlags, Main: initMain}

InitServerCommand assembles the definition of Command 'genkey -initca CSRJSON'

View Source
var StartCommand = &cli.Command{UsageText: serverUsageText, Flags: serverFlags, Main: startMain}

StartCommand assembles the definition of Command 'cop server start'

View Source
var (

	// V1APIPrefix is the prefix of all CFSSL V1 API Endpoints.
	V1APIPrefix = "/api/v1/cfssl/"
)

Functions

func Command

func Command() error

Command defines the server-related commands and calls cli.Start to process args

func InitCertificateAccessor

func InitCertificateAccessor(db *sqlx.DB) certdb.Accessor

InitCertificateAccessor extends CFSSL database APIs for Certificates table

func InitUserRegistry

func InitUserRegistry(cfg *Config) error

InitUserRegistry is the factory method for the user registry. If LDAP is configured, then LDAP is used for the user registry; otherwise, the CFSSL DB which is used for the certificates table is used.

func NewAuthWrapper

func NewAuthWrapper(path string, handler http.Handler, err error) (string, http.Handler, error)

NewAuthWrapper is auth wrapper constructor Only the "sign" and "enroll" URIs use basic auth for the enrollment secret The others require a token

func NewEnrollHandler

func NewEnrollHandler() (h http.Handler, err error)

NewEnrollHandler is the constructor for the enroll handler

func NewReenrollHandler

func NewReenrollHandler() (h http.Handler, err error)

NewReenrollHandler is the constructor for the reenroll handler

func NewRegisterHandler

func NewRegisterHandler() (h http.Handler, err error)

NewRegisterHandler is constructor for register handler

func NewRevokeHandler

func NewRevokeHandler() (h http.Handler, err error)

NewRevokeHandler is constructor for revoke handler

func NewTCertHandler

func NewTCertHandler() (h http.Handler, err error)

NewTCertHandler is constructor for tcert handler

func SignerFromConfigAndDB

func SignerFromConfigAndDB(c cli.Config, db *sqlx.DB) (signer.Signer, error)

SignerFromConfigAndDB takes the Config and creates the appropriate signer.Signer object with a specified db

func Start

func Start(dir string, cfg string)

Start will start server THIS IS ONLY USED FOR TEST CASE EXECUTION

Types

type Accessor

type Accessor struct {
	// contains filtered or unexported fields
}

Accessor implements db.Accessor interface.

func NewDBAccessor

func NewDBAccessor() *Accessor

NewDBAccessor is a constructor for the database API

func (*Accessor) DeleteGroup

func (d *Accessor) DeleteGroup(name string) error

DeleteGroup deletes group from database

func (*Accessor) DeleteUser

func (d *Accessor) DeleteUser(id string) error

DeleteUser deletes user from database

func (*Accessor) GetGroup

func (d *Accessor) GetGroup(name string) (spi.Group, error)

GetGroup gets group from database

func (*Accessor) GetRootGroup

func (d *Accessor) GetRootGroup() (spi.Group, error)

GetRootGroup gets root group from database

func (*Accessor) GetUser

func (d *Accessor) GetUser(id string, attrs []string) (spi.User, error)

GetUser gets user from database

func (*Accessor) GetUserInfo

func (d *Accessor) GetUserInfo(id string) (spi.UserInfo, error)

GetUserInfo gets user information from database

func (*Accessor) InsertGroup

func (d *Accessor) InsertGroup(name string, parentID string) error

InsertGroup inserts group into database

func (*Accessor) InsertUser

func (d *Accessor) InsertUser(user spi.UserInfo) error

InsertUser inserts user into database

func (*Accessor) SetDB

func (d *Accessor) SetDB(db *sqlx.DB)

SetDB changes the underlying sql.DB object Accessor is manipulating.

func (*Accessor) UpdateUser

func (d *Accessor) UpdateUser(user spi.UserInfo) error

UpdateUser updates user in database

type Bootstrap

type Bootstrap struct {
}

Bootstrap is used for bootstrapping database

func BootstrapDB

func BootstrapDB() *Bootstrap

BootstrapDB is a constructor to bootstrap the database at server startup

func (*Bootstrap) PopulateGroupsTable

func (b *Bootstrap) PopulateGroupsTable()

PopulateGroupsTable populates affiliation groups table based on the groups defined in the server configuration file

func (*Bootstrap) PopulateUsersTable

func (b *Bootstrap) PopulateUsersTable() error

PopulateUsersTable populates the user table with the users defined in the server configuration file

type CertDBAccessor

type CertDBAccessor struct {
	// contains filtered or unexported fields
}

CertDBAccessor implements certdb.Accessor interface.

func NewCertDBAccessor

func NewCertDBAccessor(db *sqlx.DB) *CertDBAccessor

NewCertDBAccessor returns a new Accessor.

func (*CertDBAccessor) GetCertificate

func (d *CertDBAccessor) GetCertificate(serial, aki string) (crs []certdb.CertificateRecord, err error)

GetCertificate gets a CertificateRecord indexed by serial.

func (*CertDBAccessor) GetCertificatesByID

func (d *CertDBAccessor) GetCertificatesByID(id string) (crs []CertRecord, err error)

GetCertificatesByID gets a CertificateRecord indexed by id.

func (*CertDBAccessor) GetOCSP

func (d *CertDBAccessor) GetOCSP(serial, aki string) (ors []certdb.OCSPRecord, err error)

GetOCSP retrieves a certdb.OCSPRecord from db by serial.

func (*CertDBAccessor) GetUnexpiredCertificates

func (d *CertDBAccessor) GetUnexpiredCertificates() (crs []certdb.CertificateRecord, err error)

GetUnexpiredCertificates gets all unexpired certificate from db.

func (*CertDBAccessor) GetUnexpiredOCSPs

func (d *CertDBAccessor) GetUnexpiredOCSPs() (ors []certdb.OCSPRecord, err error)

GetUnexpiredOCSPs retrieves all unexpired certdb.OCSPRecord from db.

func (*CertDBAccessor) InsertCertificate

func (d *CertDBAccessor) InsertCertificate(cr certdb.CertificateRecord) error

InsertCertificate puts a CertificateRecord into db.

func (*CertDBAccessor) InsertOCSP

func (d *CertDBAccessor) InsertOCSP(rr certdb.OCSPRecord) error

InsertOCSP puts a new certdb.OCSPRecord into the db.

func (*CertDBAccessor) RevokeCertificate

func (d *CertDBAccessor) RevokeCertificate(serial, aki string, reasonCode int) error

RevokeCertificate updates a certificate with a given serial number and marks it revoked.

func (*CertDBAccessor) RevokeCertificatesByID

func (d *CertDBAccessor) RevokeCertificatesByID(id string, reasonCode int) (crs []CertRecord, err error)

RevokeCertificatesByID updates all certificates for a given ID and marks them revoked.

func (*CertDBAccessor) SetDB

func (d *CertDBAccessor) SetDB(db *sqlx.DB)

SetDB changes the underlying sql.DB object Accessor is manipulating.

func (*CertDBAccessor) UpdateOCSP

func (d *CertDBAccessor) UpdateOCSP(serial, aki, body string, expiry time.Time) error

UpdateOCSP updates a ocsp response record with a given serial number.

func (*CertDBAccessor) UpsertOCSP

func (d *CertDBAccessor) UpsertOCSP(serial, aki, body string, expiry time.Time) error

UpsertOCSP update a ocsp response record with a given serial number, or insert the record if it doesn't yet exist in the db

type CertRecord

type CertRecord struct {
	ID string `db:"id"`
	certdb.CertificateRecord
}

CertRecord extends CFSSL CertificateRecord by adding an enrollment ID to the record

type Config

type Config struct {
	Debug          bool             `json:"debug,omitempty"`
	Authentication bool             `json:"authentication,omitempty"`
	Users          map[string]*User `json:"users,omitempty"`
	DBdriver       string           `json:"driver"`
	DataSource     string           `json:"data_source"`
	UsrReg         UserReg          `json:"user_registry"`
	LDAP           *ldap.Config     `json:"ldap,omitempty"`
	CAFile         string           `json:"ca_cert"`
	KeyFile        string           `json:"ca_key"`
	TLSConf        TLSConfig        `json:"tls,omitempty"`
	TLSDisable     bool             `json:"tls_disable,omitempty"`
}

Config is COP config structure

var CFG *Config

CFG is the COP-specific config

type DBUser

type DBUser struct {
	spi.UserInfo
	// contains filtered or unexported fields
}

DBUser is the databases representation of a user

func (*DBUser) GetAffiliationPath

func (u *DBUser) GetAffiliationPath() []string

GetAffiliationPath returns the complete path for the user's affiliation.

func (*DBUser) GetAttribute

func (u *DBUser) GetAttribute(name string) string

GetAttribute returns the value for an attribute name

func (*DBUser) GetName

func (u *DBUser) GetName() string

GetName returns the enrollment ID of the user

func (*DBUser) Login

func (u *DBUser) Login(pass string) error

Login the user with a password

type GroupRecord

type GroupRecord struct {
	Name     string `db:"name"`
	ParentID string `db:"parent_id"`
	Prekey   string `db:"prekey"`
}

GroupRecord defines the properties of a group

type Register

type Register struct {
	// contains filtered or unexported fields
}

Register for registering a user

func NewRegisterUser

func NewRegisterUser() *Register

NewRegisterUser is a constructor

func (*Register) RegisterUser

func (r *Register) RegisterUser(id string, userType string, group string, attributes []api.Attribute, registrar string, opt ...string) (string, error)

RegisterUser will register a user

type Server

type Server struct {
}

Server ...

func (*Server) CreateHome

func (s *Server) CreateHome() (string, error)

CreateHome will create a home directory if it does not exist

type TLSConfig

type TLSConfig struct {
	TLSCertFile     string              `json:"tls_cert,omitempty"`
	TLSKeyFile      string              `json:"tls_key,omitempty"`
	MutualTLSCAFile string              `json:"mutual_tls_ca,omitempty"`
	DBClient        tls.ClientTLSConfig `json:"db_client,omitempty"`
}

TLSConfig defines the files needed for a TLS connection

type User

type User struct {
	Pass       string          `json:"pass"` // enrollment secret
	Type       string          `json:"type"`
	Group      string          `json:"group"`
	Attributes []api.Attribute `json:"attrs,omitempty"`
}

User information

type UserRecord

type UserRecord struct {
	Name           string `db:"id"`
	Pass           string `db:"token"`
	Type           string `db:"type"`
	Group          string `db:"user_group"`
	Attributes     string `db:"attributes"`
	State          int    `db:"state"`
	MaxEnrollments int    `db:"max_enrollments"`
}

UserRecord defines the properties of a user

type UserReg

type UserReg struct {
	MaxEnrollments int `json:"max_enrollments"`
}

UserReg defines the user registry properties

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL