scepserver

package
v0.0.0-...-c46c623 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Sep 16, 2024 License: MIT Imports: 23 Imported by: 1

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func DecodeSCEPResponse

func DecodeSCEPResponse(ctx context.Context, r *http.Response) (interface{}, error)

DecodeSCEPResponse decodes a SCEP response

func EncodeSCEPRequest

func EncodeSCEPRequest(ctx context.Context, r *http.Request, request interface{}) error

EncodeSCEPRequest encodes a SCEP HTTP Request. Used by the client.

func EndpointLoggingMiddleware

func EndpointLoggingMiddleware(logger log.Logger) endpoint.Middleware

EndpointLoggingMiddleware returns an endpoint middleware that logs the duration of each invocation, and the resulting error, if any.

func MakeHTTPHandler

func MakeHTTPHandler(e *Endpoints, svc Service, logger kitlog.Logger) http.Handler

func MakeSCEPEndpoint

func MakeSCEPEndpoint(svc Service) endpoint.Endpoint

Types

type CSRSigner

type CSRSigner interface {
	SignCSR(*scep.CSRReqMessage) (*x509.Certificate, error)
}

CSRSigner is a handler for CSR signing by the CA/RA

SignCSR should take the CSR in the CSRReqMessage and return a Certificate signed by the CA.

type CSRSignerFunc

type CSRSignerFunc func(*scep.CSRReqMessage) (*x509.Certificate, error)

CSRSignerFunc is an adapter for CSR signing by the CA/RA

func ChallengeMiddleware

func ChallengeMiddleware(challenge string, next CSRSigner) CSRSignerFunc

ChallengeMiddleware wraps next in a CSRSigner that validates the challenge from the CSR

func NopCSRSigner

func NopCSRSigner() CSRSignerFunc

NopCSRSigner does nothing

func (CSRSignerFunc) SignCSR

SignCSR calls f(m)

type Client

type Client interface {
	Service
	Supports(cap string) bool
}

Client is a SCEP Client

func NewClient

func NewClient(
	serverURL string,
	logger log.Logger,
) (Client, error)

New creates a SCEP Client.

type Creater

Creater function

type Endpoints

type Endpoints struct {
	GetEndpoint  endpoint.Endpoint
	PostEndpoint endpoint.Endpoint
	// contains filtered or unexported fields
}

func MakeClientEndpoints

func MakeClientEndpoints(instance string) (*Endpoints, error)

MakeClientEndpoints returns an Endpoints struct where each endpoint invokes the corresponding method on the remote instance, via a transport/http.Client. Useful in a SCEP client.

func MakeServerEndpoints

func MakeServerEndpoints(svc Service) *Endpoints

func (*Endpoints) GetCACaps

func (e *Endpoints) GetCACaps(ctx context.Context) ([]byte, error)

func (*Endpoints) GetCACert

func (e *Endpoints) GetCACert(ctx context.Context, message string) ([]byte, int, error)

func (*Endpoints) GetNextCACert

func (e *Endpoints) GetNextCACert(ctx context.Context) ([]byte, error)

func (*Endpoints) PKIOperation

func (e *Endpoints) PKIOperation(ctx context.Context, msg []byte) ([]byte, error)

func (*Endpoints) Supports

func (e *Endpoints) Supports(cap string) bool

func (*Endpoints) WithAddProxy

func (e *Endpoints) WithAddProxy(ctx context.Context, url string)

type SCEPRequest

type SCEPRequest struct {
	Operation string
	Message   []byte
}

SCEPRequest is a SCEP server request.

type SCEPResponse

type SCEPResponse struct {
	CACertNum int
	Data      []byte
	Err       error
	// contains filtered or unexported fields
}

SCEPResponse is a SCEP server response. Business errors will be encoded as a CertRep message with pkiStatus FAILURE and a failInfo attribute.

type Service

type Service interface {
	// GetCACaps returns a list of options
	// which are supported by the server.
	GetCACaps(ctx context.Context) ([]byte, error)

	// GetCACert returns CA certificate or
	// a CA certificate chain with intermediates
	// in a PKCS#7 Degenerate Certificates format
	// message is an optional string for the CA
	GetCACert(ctx context.Context, message string) ([]byte, int, error)

	// PKIOperation handles incoming SCEP messages such as PKCSReq and
	// sends back a CertRep PKIMessag.
	PKIOperation(ctx context.Context, msg []byte) ([]byte, error)

	// GetNextCACert returns a replacement certificate or certificate chain
	// when the old one expires. The response format is a PKCS#7 Degenerate
	// Certificates type.
	GetNextCACert(ctx context.Context) ([]byte, error)

	// Set the URL to proxy to
	WithAddProxy(ctx context.Context, url string)
}

Service is the interface for all supported SCEP server operations.

func Create

func Create(serverType string, crt *x509.Certificate, key *rsa.PrivateKey, signer CSRSigner, opts ...ServiceOption) (Service, error)

Create function

func NewLoggingService

func NewLoggingService(logger log.Logger, s Service) Service

NewLoggingService creates adds logging to the SCEP service

func NewProxyService

func NewProxyService(crt *x509.Certificate, key *rsa.PrivateKey, signer CSRSigner, opts ...ServiceOption) (Service, error)

NewProxyService creates a new scep proxy service

func NewService

func NewService(crt *x509.Certificate, key *rsa.PrivateKey, signer CSRSigner, opts ...ServiceOption) (Service, error)

NewService creates a new scep service

type ServiceOption

type ServiceOption func(*service) error

ServiceOption is a server configuration option

func WithAddlCA

func WithAddlCA(ca *x509.Certificate) ServiceOption

WithAddlCA appends an additional certificate to the slice of CA certs

func WithLogger

func WithLogger(logger log.Logger) ServiceOption

WithLogger configures a logger for the SCEP Service. By default, a no-op logger is used.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL