server

package
v0.0.0-...-9c6c125 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 18, 2017 License: Apache-2.0 Imports: 53 Imported by: 2

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var InitServerCommand = &cli.Command{UsageText: initUsageText, Flags: initFlags, Main: initMain}

InitServerCommand assembles the definition of Command 'genkey -initca CSRJSON'

View Source 
var StartCommand = &cli.Command{UsageText: serverUsageText, Flags: serverFlags, Main: startMain}

StartCommand assembles the definition of Command 'cop server start'

View Source 
var (

	// V1APIPrefix is the prefix of all CFSSL V1 API Endpoints.
	V1APIPrefix = "/api/v1/cfssl/"
)

Functions

func Command 

func Command() error

Command defines the server-related commands and calls cli.Start to process args

func InitCertificateAccessor 

func InitCertificateAccessor(db *sqlx.DB) certdb.Accessor

InitCertificateAccessor extends CFSSL database APIs for Certificates table

func InitUserRegistry 

func InitUserRegistry(cfg *Config) error

InitUserRegistry is the factory method for the user registry. If LDAP is configured, then LDAP is used for the user registry; otherwise, the CFSSL DB which is used for the certificates table is used.

func NewAuthWrapper 

func NewAuthWrapper(path string, handler http.Handler, err error) (string, http.Handler, error)

NewAuthWrapper is auth wrapper constructor Only the "sign" and "enroll" URIs use basic auth for the enrollment secret The others require a token

func NewEnrollHandler 

func NewEnrollHandler() (h http.Handler, err error)

NewEnrollHandler is the constructor for the enroll handler

func NewReenrollHandler 

func NewReenrollHandler() (h http.Handler, err error)

NewReenrollHandler is the constructor for the reenroll handler

func NewRegisterHandler 

func NewRegisterHandler() (h http.Handler, err error)

NewRegisterHandler is constructor for register handler

func NewRevokeHandler 

func NewRevokeHandler() (h http.Handler, err error)

NewRevokeHandler is constructor for revoke handler

func NewTCertHandler 

func NewTCertHandler() (h http.Handler, err error)

NewTCertHandler is constructor for tcert handler

func SignerFromConfigAndDB 

func SignerFromConfigAndDB(c cli.Config, db *sqlx.DB) (signer.Signer, error)

SignerFromConfigAndDB takes the Config and creates the appropriate signer.Signer object with a specified db

func Start 

func Start(dir string, cfg string)

Start will start server THIS IS ONLY USED FOR TEST CASE EXECUTION

Types

type Accessor 

type Accessor struct {
	// contains filtered or unexported fields
}

Accessor implements db.Accessor interface.

func NewDBAccessor 

func NewDBAccessor() *Accessor

NewDBAccessor is a constructor for the database API

func (*Accessor) DeleteGroup 

func (d *Accessor) DeleteGroup(name string) error

DeleteGroup deletes group from database

func (*Accessor) DeleteUser 

func (d *Accessor) DeleteUser(id string) error

DeleteUser deletes user from database

func (*Accessor) GetGroup 

func (d *Accessor) GetGroup(name string) (spi.Group, error)

GetGroup gets group from database

func (*Accessor) GetRootGroup 

func (d *Accessor) GetRootGroup() (spi.Group, error)

GetRootGroup gets root group from database

func (*Accessor) GetUser 

func (d *Accessor) GetUser(id string, attrs []string) (spi.User, error)

GetUser gets user from database

func (*Accessor) GetUserInfo 

func (d *Accessor) GetUserInfo(id string) (spi.UserInfo, error)

GetUserInfo gets user information from database

func (*Accessor) InsertGroup 

func (d *Accessor) InsertGroup(name string, parentID string) error

InsertGroup inserts group into database

func (*Accessor) InsertUser 

func (d *Accessor) InsertUser(user spi.UserInfo) error

InsertUser inserts user into database

func (*Accessor) SetDB 

func (d *Accessor) SetDB(db *sqlx.DB)

SetDB changes the underlying sql.DB object Accessor is manipulating.

func (*Accessor) UpdateUser 

func (d *Accessor) UpdateUser(user spi.UserInfo) error

UpdateUser updates user in database

type Bootstrap 

type Bootstrap struct {
}

Bootstrap is used for bootstrapping database

func BootstrapDB 

func BootstrapDB() *Bootstrap

BootstrapDB is a constructor to bootstrap the database at server startup

func (*Bootstrap) PopulateGroupsTable 

func (b *Bootstrap) PopulateGroupsTable()

PopulateGroupsTable populates affiliation groups table based on the groups defined in the server configuration file

func (*Bootstrap) PopulateUsersTable 

func (b *Bootstrap) PopulateUsersTable() error

PopulateUsersTable populates the user table with the users defined in the server configuration file

type CertDBAccessor 

type CertDBAccessor struct {
	// contains filtered or unexported fields
}

CertDBAccessor implements certdb.Accessor interface.

func NewCertDBAccessor 

func NewCertDBAccessor(db *sqlx.DB) *CertDBAccessor

NewCertDBAccessor returns a new Accessor.

func (*CertDBAccessor) GetCertificate 

func (d *CertDBAccessor) GetCertificate(serial, aki string) (crs []certdb.CertificateRecord, err error)

GetCertificate gets a CertificateRecord indexed by serial.

func (*CertDBAccessor) GetCertificatesByID 

func (d *CertDBAccessor) GetCertificatesByID(id string) (crs []CertRecord, err error)

GetCertificatesByID gets a CertificateRecord indexed by id.

func (*CertDBAccessor) GetOCSP 

func (d *CertDBAccessor) GetOCSP(serial, aki string) (ors []certdb.OCSPRecord, err error)

GetOCSP retrieves a certdb.OCSPRecord from db by serial.

func (*CertDBAccessor) GetUnexpiredCertificates 

func (d *CertDBAccessor) GetUnexpiredCertificates() (crs []certdb.CertificateRecord, err error)

GetUnexpiredCertificates gets all unexpired certificate from db.

func (*CertDBAccessor) GetUnexpiredOCSPs 

func (d *CertDBAccessor) GetUnexpiredOCSPs() (ors []certdb.OCSPRecord, err error)

GetUnexpiredOCSPs retrieves all unexpired certdb.OCSPRecord from db.

func (*CertDBAccessor) InsertCertificate 

func (d *CertDBAccessor) InsertCertificate(cr certdb.CertificateRecord) error

InsertCertificate puts a CertificateRecord into db.

func (*CertDBAccessor) InsertOCSP 

func (d *CertDBAccessor) InsertOCSP(rr certdb.OCSPRecord) error

InsertOCSP puts a new certdb.OCSPRecord into the db.

func (*CertDBAccessor) RevokeCertificate 

func (d *CertDBAccessor) RevokeCertificate(serial, aki string, reasonCode int) error

RevokeCertificate updates a certificate with a given serial number and marks it revoked.

func (*CertDBAccessor) RevokeCertificatesByID 

func (d *CertDBAccessor) RevokeCertificatesByID(id string, reasonCode int) (crs []CertRecord, err error)

RevokeCertificatesByID updates all certificates for a given ID and marks them revoked.

func (*CertDBAccessor) SetDB 

func (d *CertDBAccessor) SetDB(db *sqlx.DB)

SetDB changes the underlying sql.DB object Accessor is manipulating.

func (*CertDBAccessor) UpdateOCSP 

func (d *CertDBAccessor) UpdateOCSP(serial, aki, body string, expiry time.Time) error

UpdateOCSP updates a ocsp response record with a given serial number.

func (*CertDBAccessor) UpsertOCSP 

func (d *CertDBAccessor) UpsertOCSP(serial, aki, body string, expiry time.Time) error

UpsertOCSP update a ocsp response record with a given serial number, or insert the record if it doesn't yet exist in the db

type CertRecord 

type CertRecord struct {
	ID string `db:"id"`
	certdb.CertificateRecord
}

CertRecord extends CFSSL CertificateRecord by adding an enrollment ID to the record

type Config 

type Config struct {
	Debug          bool             `json:"debug,omitempty"`
	Authentication bool             `json:"authentication,omitempty"`
	Users          map[string]*User `json:"users,omitempty"`
	DBdriver       string           `json:"driver"`
	DataSource     string           `json:"data_source"`
	UsrReg         UserReg          `json:"user_registry"`
	LDAP           *ldap.Config     `json:"ldap,omitempty"`
	CAFile         string           `json:"ca_cert"`
	KeyFile        string           `json:"ca_key"`
	TLSConf        TLSConfig        `json:"tls,omitempty"`
	TLSDisable     bool             `json:"tls_disable,omitempty"`
}

Config is COP config structure 

var CFG *Config

CFG is the COP-specific config

type DBUser 

type DBUser struct {
	spi.UserInfo
	// contains filtered or unexported fields
}

DBUser is the databases representation of a user

func (*DBUser) GetAffiliationPath 

func (u *DBUser) GetAffiliationPath() []string

GetAffiliationPath returns the complete path for the user's affiliation.

func (*DBUser) GetAttribute 

func (u *DBUser) GetAttribute(name string) string

GetAttribute returns the value for an attribute name

func (*DBUser) GetName 

func (u *DBUser) GetName() string

GetName returns the enrollment ID of the user

func (*DBUser) Login 

func (u *DBUser) Login(pass string) error

Login the user with a password

type GroupRecord 

type GroupRecord struct {
	Name     string `db:"name"`
	ParentID string `db:"parent_id"`
	Prekey   string `db:"prekey"`
}

GroupRecord defines the properties of a group

type Register 

type Register struct {
	// contains filtered or unexported fields
}

Register for registering a user

func NewRegisterUser 

func NewRegisterUser() *Register

NewRegisterUser is a constructor

func (*Register) RegisterUser 

func (r *Register) RegisterUser(id string, userType string, group string, attributes []api.Attribute, registrar string, opt ...string) (string, error)

RegisterUser will register a user

type Server 

type Server struct {
}

Server ...

func (*Server) CreateHome 

func (s *Server) CreateHome() (string, error)

CreateHome will create a home directory if it does not exist

type TLSConfig 

type TLSConfig struct {
	TLSCertFile     string              `json:"tls_cert,omitempty"`
	TLSKeyFile      string              `json:"tls_key,omitempty"`
	MutualTLSCAFile string              `json:"mutual_tls_ca,omitempty"`
	DBClient        tls.ClientTLSConfig `json:"db_client,omitempty"`
}

TLSConfig defines the files needed for a TLS connection

type User 

type User struct {
	Pass       string          `json:"pass"` // enrollment secret
	Type       string          `json:"type"`
	Group      string          `json:"group"`
	Attributes []api.Attribute `json:"attrs,omitempty"`
}

User information

type UserRecord 

type UserRecord struct {
	Name           string `db:"id"`
	Pass           string `db:"token"`
	Type           string `db:"type"`
	Group          string `db:"user_group"`
	Attributes     string `db:"attributes"`
	State          int    `db:"state"`
	MaxEnrollments int    `db:"max_enrollments"`
}

UserRecord defines the properties of a user

type UserReg 

type UserReg struct {
	MaxEnrollments int `json:"max_enrollments"`
}

UserReg defines the user registry properties

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.