Documentation ¶
Index ¶
- func DecodeSCEPResponse(ctx context.Context, r *http.Response) (interface{}, error)
- func EncodeSCEPRequest(ctx context.Context, r *http.Request, request interface{}) error
- func EndpointLoggingMiddleware(logger log.Logger) endpoint.Middleware
- func MakeHTTPHandler(e *Endpoints, svc Service, logger kitlog.Logger) http.Handler
- func MakeSCEPEndpoint(svc Service) endpoint.Endpoint
- type CSRSigner
- type CSRSignerFunc
- type Client
- type Creater
- type Endpoints
- func (e *Endpoints) GetCACaps(ctx context.Context) ([]byte, error)
- func (e *Endpoints) GetCACert(ctx context.Context, message string) ([]byte, int, error)
- func (e *Endpoints) GetNextCACert(ctx context.Context) ([]byte, error)
- func (e *Endpoints) PKIOperation(ctx context.Context, msg []byte) ([]byte, error)
- func (e *Endpoints) Supports(cap string) bool
- func (e *Endpoints) WithAddProxy(ctx context.Context, url string)
- type SCEPRequest
- type SCEPResponse
- type Service
- func Create(serverType string, crt *x509.Certificate, key *rsa.PrivateKey, ...) (Service, error)
- func NewLoggingService(logger log.Logger, s Service) Service
- func NewProxyService(crt *x509.Certificate, key *rsa.PrivateKey, signer CSRSigner, ...) (Service, error)
- func NewService(crt *x509.Certificate, key *rsa.PrivateKey, signer CSRSigner, ...) (Service, error)
- type ServiceOption
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func DecodeSCEPResponse ¶
DecodeSCEPResponse decodes a SCEP response
func EncodeSCEPRequest ¶
EncodeSCEPRequest encodes a SCEP HTTP Request. Used by the client.
func EndpointLoggingMiddleware ¶
func EndpointLoggingMiddleware(logger log.Logger) endpoint.Middleware
EndpointLoggingMiddleware returns an endpoint middleware that logs the duration of each invocation, and the resulting error, if any.
func MakeHTTPHandler ¶
func MakeSCEPEndpoint ¶
Types ¶
type CSRSigner ¶
type CSRSigner interface {
SignCSR(*scep.CSRReqMessage) (*x509.Certificate, error)
}
CSRSigner is a handler for CSR signing by the CA/RA
SignCSR should take the CSR in the CSRReqMessage and return a Certificate signed by the CA.
type CSRSignerFunc ¶
type CSRSignerFunc func(*scep.CSRReqMessage) (*x509.Certificate, error)
CSRSignerFunc is an adapter for CSR signing by the CA/RA
func ChallengeMiddleware ¶
func ChallengeMiddleware(challenge string, next CSRSigner) CSRSignerFunc
ChallengeMiddleware wraps next in a CSRSigner that validates the challenge from the CSR
func (CSRSignerFunc) SignCSR ¶
func (f CSRSignerFunc) SignCSR(m *scep.CSRReqMessage) (*x509.Certificate, error)
SignCSR calls f(m)
type Creater ¶
type Creater func(*x509.Certificate, *rsa.PrivateKey, CSRSigner, ...ServiceOption) (Service, error)
Creater function
type Endpoints ¶
type Endpoints struct { GetEndpoint endpoint.Endpoint PostEndpoint endpoint.Endpoint // contains filtered or unexported fields }
func MakeClientEndpoints ¶
MakeClientEndpoints returns an Endpoints struct where each endpoint invokes the corresponding method on the remote instance, via a transport/http.Client. Useful in a SCEP client.
func MakeServerEndpoints ¶
func (*Endpoints) GetNextCACert ¶
func (*Endpoints) PKIOperation ¶
type SCEPRequest ¶
SCEPRequest is a SCEP server request.
type SCEPResponse ¶
type SCEPResponse struct { CACertNum int Data []byte Err error // contains filtered or unexported fields }
SCEPResponse is a SCEP server response. Business errors will be encoded as a CertRep message with pkiStatus FAILURE and a failInfo attribute.
type Service ¶
type Service interface { // GetCACaps returns a list of options // which are supported by the server. GetCACaps(ctx context.Context) ([]byte, error) // GetCACert returns CA certificate or // a CA certificate chain with intermediates // in a PKCS#7 Degenerate Certificates format // message is an optional string for the CA GetCACert(ctx context.Context, message string) ([]byte, int, error) // PKIOperation handles incoming SCEP messages such as PKCSReq and // sends back a CertRep PKIMessag. PKIOperation(ctx context.Context, msg []byte) ([]byte, error) // GetNextCACert returns a replacement certificate or certificate chain // when the old one expires. The response format is a PKCS#7 Degenerate // Certificates type. GetNextCACert(ctx context.Context) ([]byte, error) // Set the URL to proxy to WithAddProxy(ctx context.Context, url string) }
Service is the interface for all supported SCEP server operations.
func Create ¶
func Create(serverType string, crt *x509.Certificate, key *rsa.PrivateKey, signer CSRSigner, opts ...ServiceOption) (Service, error)
Create function
func NewLoggingService ¶
NewLoggingService creates adds logging to the SCEP service
func NewProxyService ¶
func NewProxyService(crt *x509.Certificate, key *rsa.PrivateKey, signer CSRSigner, opts ...ServiceOption) (Service, error)
NewProxyService creates a new scep proxy service
func NewService ¶
func NewService(crt *x509.Certificate, key *rsa.PrivateKey, signer CSRSigner, opts ...ServiceOption) (Service, error)
NewService creates a new scep service
type ServiceOption ¶
type ServiceOption func(*service) error
ServiceOption is a server configuration option
func WithAddlCA ¶
func WithAddlCA(ca *x509.Certificate) ServiceOption
WithAddlCA appends an additional certificate to the slice of CA certs
func WithLogger ¶
func WithLogger(logger log.Logger) ServiceOption
WithLogger configures a logger for the SCEP Service. By default, a no-op logger is used.