cert_authority

Documentation

Index

• func NewCertAuthority(certStorage storage.CertStorage) *_CertAuthority
• func ValidateAddCertificateSigningRequestRequest(req AddCertificateSigningRequestRequest) error
• func ValidateAddRootCertificateRequest(req AddRootCertificateRequest) error
• func ValidateCreateCACertificateSigningRequestRequest(req CreateCACertificateSigningRequestRequest) error
• func ValidateIssueCertificateRequest(req IssueCertificateRequest) error
• func ValidateListCertificatesRequest(req storage.ListCertificatesRequest) error
• func ValidateRejectCertificateSigningRequestRequest(req RejectCertificateSigningRequestRequest) error
• func ValidateRespondCACertificateSigningRequestRequest(req RespondCACertificateSigningRequestRequest) error
• func ValidateRevokeCACertificateRequest(req RevokeCACertificateRequest) error
• func ValidateRevokeCertificateRequest(req RevokeCertificateRequest) error
• type AddCertificateSigningRequestRequest
• type AddRootCertificateRequest
• type CertAuthority
• type CreateCACertificateSigningRequestRequest
• type IssueCertificateRequest
• type RejectCertificateSigningRequestRequest
• type RespondCACertificateSigningRequestRequest
• type RevokeCACertificateRequest
• type RevokeCertificateRequest

Functions

func NewCertAuthority

func NewCertAuthority(certStorage storage.CertStorage) *_CertAuthority

func ValidateAddCertificateSigningRequestRequest

func ValidateAddCertificateSigningRequestRequest(req AddCertificateSigningRequestRequest) error

func ValidateAddRootCertificateRequest

func ValidateAddRootCertificateRequest(req AddRootCertificateRequest) error

func ValidateCreateCACertificateSigningRequestRequest

func ValidateCreateCACertificateSigningRequestRequest(req CreateCACertificateSigningRequestRequest) error

func ValidateIssueCertificateRequest

func ValidateIssueCertificateRequest(req IssueCertificateRequest) error

func ValidateListCertificatesRequest

func ValidateListCertificatesRequest(req storage.ListCertificatesRequest) error

func ValidateRejectCertificateSigningRequestRequest

func ValidateRejectCertificateSigningRequestRequest(req RejectCertificateSigningRequestRequest) error

func ValidateRespondCACertificateSigningRequestRequest

func ValidateRespondCACertificateSigningRequestRequest(req RespondCACertificateSigningRequestRequest) error

func ValidateRevokeCACertificateRequest

func ValidateRevokeCACertificateRequest(req RevokeCACertificateRequest) error

func ValidateRevokeCertificateRequest

func ValidateRevokeCertificateRequest(req RevokeCertificateRequest) error

Types

type AddCertificateSigningRequestRequest

type AddCertificateSigningRequestRequest struct {
	Requester          string         `json:"requester"`            // Who makes the request.
	CertType           model.CertType `json:"cert_type"`            // Type of the certificate.
	CertSigningRequest string         `json:"cert_signing_request"` // PEM encoded certificate signing request (CSR).
}

type AddRootCertificateRequest

type AddRootCertificateRequest struct {
	Requester string `json:"requester"` // Who makes the request.
	Cert      string `json:"cert"`      // PEM encoded certificate. It may contains multiple certificates. The first certificate is root certificate for the server. Others are intermediate certificates of the root certificate.
}

type CertAuthority

type CertAuthority interface {
	ListCertificate(ctx context.Context, req storage.ListCertificatesRequest) (storage.ListCertificatesResponse, error)

	// AddCertificate adds a root certificate into the system.
	AddRootCertificate(ctx context.Context, ts int64, req AddRootCertificateRequest) (model.Cert, error)

	// Revoke a root certificate.
	RevokeRootCertificate(ctx context.Context, ts int64, req RevokeCertificateRequest) (model.Cert, error)

	// CA Certificate Signing Request (CSR) operations.
	// CrateCACertificateSigningRequest creates a CSR for the CA certificate of the cert server.
	CreateCACertificateSigningRequest(ctx context.Context, ts int64, req CreateCACertificateSigningRequestRequest) (model.Cert, error)
	// RespondCACertificateSigningRequest responds to a CSR for the CA certificate of the cert server. The response is the CA certificate.
	// The certificate will be used in issuing certificates for business units or immediate CAs.
	RespondCACertificateSigningRequest(ctx context.Context, ts int64, req RespondCACertificateSigningRequestRequest) (model.Cert, error)
	// RevokeCACertificate revokes a CA certificate with a CRL signed with the issuer's private key and certificate.
	RevokeCACertificate(ctx context.Context, ts int64, req RevokeCACertificateRequest) (model.Cert, error)

	// Certificate Signing Request (CSR) operations.
	AddCertificateSigningRequest(ctx context.Context, ts int64, req AddCertificateSigningRequestRequest) (model.Cert, error)
	IssueCertificate(ctx context.Context, ts int64, req IssueCertificateRequest) (model.Cert, error)
	RejectCertificateSigningRequest(ctx context.Context, ts int64, req RejectCertificateSigningRequestRequest) (model.Cert, error)
	RevokeCertificate(ctx context.Context, ts int64, req RevokeCertificateRequest) (model.Cert, error)
}

type CreateCACertificateSigningRequestRequest

type CreateCACertificateSigningRequestRequest struct {
	Requester string `json:"requester"` // Who makes the request.

	PrivateKeyOption eblpkix.PrivateKeyOption `json:"private_key_option"` // Option of the private key.

	// Subject of the certificate.
	Country            []string `json:"country"`             // Countries of the organization.
	Organization       []string `json:"organization"`        // Organizations of the certificate.
	OrganizationalUnit []string `json:"organizational_unit"` // Organizational units of the certificate.
	CommonName         string   `json:"common_name"`         // Common name of the certificate.
}

type IssueCertificateRequest

type IssueCertificateRequest struct {
	Requester string         `json:"requester"`  // Who makes the request.
	CACertID  string         `json:"ca_cert_id"` // ID of the CA certificate.
	CertID    string         `json:"cert_id"`    // ID of the certificate to be issued.
	CertType  model.CertType `json:"cert_type"`  // Type of the certificate. It can be only third_party_ca or business_unit.
	NotBefore int64          `json:"not_before"` // Unix Time (in second) when the certificate becomes valid.
	NotAfter  int64          `json:"not_after"`  // Unix Time (in second) when the certificate becomes invalid.
}

type RejectCertificateSigningRequestRequest

type RejectCertificateSigningRequestRequest struct {
	Requester string         `json:"requester"` // Who makes the request.
	CertID    string         `json:"cert_id"`   // ID of the certificate to be rejected.
	CertType  model.CertType `json:"cert_type"` // Type of the certificate. It can be only third_party_ca or business_unit.
	Reason    string         `json:"reason"`    // Reason of the rejection.
}

type RespondCACertificateSigningRequestRequest

type RespondCACertificateSigningRequestRequest struct {
	Requester string `json:"requester"` // Who makes the request.
	CertID    string `json:"cert_id"`   // ID of the certificate to be responded.
	Cert      string `json:"cert"`      // PEM encoded certificate. It may contains multiple certificates. The first certificate is the leaf certificate. Others are intermediate certificates.
}

type RevokeCACertificateRequest

type RevokeCACertificateRequest struct {
	Requester string `json:"requester"` // Who makes the request.
	CertID    string `json:"cert_id"`   // ID of the certificate to be revoked.
	CRL       string `json:"crl"`       // PEM encoded CRL.
}

type RevokeCertificateRequest

type RevokeCertificateRequest struct {
	Requester string `json:"requester"` // Who makes the request.
	CertID    string `json:"cert_id"`   // ID of the certificate to be revoked.
}