lib

Documentation

Index

• func BytesToX509Cert(bytes []byte) (*x509.Certificate, error)
• func GetCertID(bytes []byte) (string, string, error)
• type Client
  • func NewClient(config string) (*Client, error)
  • func (c *Client) Enroll(req *api.EnrollmentRequest) (*Identity, error)
  • func (c *Client) GenCSR(req *api.CSRInfo, id string) ([]byte, []byte, error)
  • func (c *Client) GetMyCertFile() string
  • func (c *Client) GetMyEnrollmentDir() string
  • func (c *Client) GetMyKeyFile() string
  • func (c *Client) LoadCSRInfo(path string) (*api.CSRInfo, error)
  • func (c *Client) LoadIdentity(keyFile, certFile string) (*Identity, error)
  • func (c *Client) LoadMyIdentity() (*Identity, error)
  • func (c *Client) NewIdentity(key, cert []byte) (*Identity, error)
  • func (c *Client) NewPost(endpoint string, reqBody []byte) (*http.Request, error)
  • func (c *Client) SendPost(req *http.Request) (interface{}, error)
  • func (c *Client) StoreMyIdentity(key, cert []byte) error
• type Identity
  • func (i *Identity) GetECert() *Signer
  • func (i *Identity) GetName() string
  • func (i *Identity) GetTCertBatch(req *api.GetTCertBatchRequest) ([]*Signer, error)
  • func (i *Identity) Post(endpoint string, reqBody []byte) (interface{}, error)
  • func (i *Identity) Reenroll(req *api.ReenrollmentRequest) (*Identity, error)
  • func (i *Identity) Register(req *api.RegistrationRequest) (*api.RegistrationResponse, error)
  • func (i *Identity) Revoke(req *api.RevocationRequest) error
  • func (i *Identity) RevokeSelf() error
  • func (i *Identity) Store() error
• type Signer
  • func (s *Signer) RevokeSelf() error

Functions

func BytesToX509Cert

func BytesToX509Cert(bytes []byte) (*x509.Certificate, error)

BytesToX509Cert converts bytes (PEM or DER) to an X509 certificate

func GetCertID

func GetCertID(bytes []byte) (string, string, error)

GetCertID returns both the serial number and AKI (Authority Key ID) for the certificate

Types

type Client

type Client struct {
	// ServerURL is the URL of the server
	ServerURL string `json:"serverURL,omitempty"`
	// HomeDir is the home directory
	HomeDir string `json:"homeDir,omitempty"`
}

Client is the COP client object

func NewClient

func NewClient(config string) (*Client, error)

NewClient is the constructor for the COP client API

func (*Client) Enroll

func (c *Client) Enroll(req *api.EnrollmentRequest) (*Identity, error)

Enroll enrolls a new identity @param req The enrollment request

func (*Client) GenCSR

func (c *Client) GenCSR(req *api.CSRInfo, id string) ([]byte, []byte, error)

GenCSR generates a CSR (Certificate Signing Request)

func (*Client) GetMyCertFile

func (c *Client) GetMyCertFile() string

GetMyCertFile returns the path to this identity's certificate file

func (*Client) GetMyEnrollmentDir

func (c *Client) GetMyEnrollmentDir() string

GetMyEnrollmentDir returns the path to this identity's enrollment directory

func (*Client) GetMyKeyFile

func (c *Client) GetMyKeyFile() string

GetMyKeyFile returns the path to this identity's key file

func (*Client) LoadCSRInfo

func (c *Client) LoadCSRInfo(path string) (*api.CSRInfo, error)

LoadCSRInfo reads CSR (Certificate Signing Request) from a file @parameter path The path to the file contains CSR info in JSON format

func (*Client) LoadIdentity

func (c *Client) LoadIdentity(keyFile, certFile string) (*Identity, error)

LoadIdentity loads an identity from disk

func (*Client) LoadMyIdentity

func (c *Client) LoadMyIdentity() (*Identity, error)

LoadMyIdentity loads the client's identity from disk

func (*Client) NewIdentity

func (c *Client) NewIdentity(key, cert []byte) (*Identity, error)

NewIdentity creates a new identity

func (*Client) NewPost

func (c *Client) NewPost(endpoint string, reqBody []byte) (*http.Request, error)

NewPost create a new post request

func (*Client) SendPost

func (c *Client) SendPost(req *http.Request) (interface{}, error)

SendPost sends a request to the LDAP server and returns a response

func (*Client) StoreMyIdentity

func (c *Client) StoreMyIdentity(key, cert []byte) error

StoreMyIdentity stores my identity to disk

type Identity

type Identity struct {
	// contains filtered or unexported fields
}

Identity is COP's implementation of an identity

func (*Identity) GetECert

func (i *Identity) GetECert() *Signer

GetECert returns the enrollment certificate signer for this identity

func (*Identity) GetName

func (i *Identity) GetName() string

GetName returns the identity name

func (*Identity) GetTCertBatch

func (i *Identity) GetTCertBatch(req *api.GetTCertBatchRequest) ([]*Signer, error)

GetTCertBatch returns a batch of TCerts for this identity

func (*Identity) Post

func (i *Identity) Post(endpoint string, reqBody []byte) (interface{}, error)

Post sends arbtrary request body (reqBody) to an endpoint. This adds an authorization header which contains the signature of this identity over the body and non-signature part of the authorization header. The return value is the body of the response.

func (*Identity) Reenroll

func (i *Identity) Reenroll(req *api.ReenrollmentRequest) (*Identity, error)

Reenroll reenrolls an existing Identity and returns a new Identity @param req The reenrollment request

func (*Identity) Register

func (i *Identity) Register(req *api.RegistrationRequest) (*api.RegistrationResponse, error)

Register registers a new identity @param req The registration request

func (*Identity) Revoke

func (i *Identity) Revoke(req *api.RevocationRequest) error

Revoke the identity associated with 'id'

func (*Identity) RevokeSelf

func (i *Identity) RevokeSelf() error

RevokeSelf revokes the current identity and all certificates

func (*Identity) Store

func (i *Identity) Store() error

Store writes my identity info to disk

type Signer

type Signer struct {
	// contains filtered or unexported fields
}

Signer represents a signer Each identity may have multiple signers, currently one ecert and multiple tcerts

func (*Signer) RevokeSelf

func (s *Signer) RevokeSelf() error

RevokeSelf revokes only the certificate associated with this signer