scepserver

package
v0.1.4 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Oct 21, 2024 License: MIT Imports: 28 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func DecodeSCEPResponse

func DecodeSCEPResponse(ctx context.Context, r *http.Response) (interface{}, error)

DecodeSCEPResponse decodes a SCEP response

func EncodeSCEPRequest

func EncodeSCEPRequest(ctx context.Context, r *http.Request, request interface{}) error

EncodeSCEPRequest encodes a SCEP HTTP Request. Used by the client.

func EndpointLoggingMiddleware

func EndpointLoggingMiddleware(logger log.Logger) endpoint.Middleware

EndpointLoggingMiddleware returns an endpoint middleware that logs the duration of each invocation, and the resulting error, if any.

func MakeHTTPHandler

func MakeHTTPHandler(depot *mysql.MySQLDepot, e *Endpoints, svc Service, logger kitlog.Logger) http.Handler

func MakeSCEPEndpoint

func MakeSCEPEndpoint(svc Service, depotPath string) endpoint.Endpoint

Types

type CSRSigner

type CSRSigner interface {
	SignCSR(*scep.CSRReqMessage) (*x509.Certificate, error)
}

CSRSigner is a handler for CSR signing by the CA/RA

SignCSR should take the CSR in the CSRReqMessage and return a Certificate signed by the CA.

type CSRSignerContext

type CSRSignerContext interface {
	SignCSRContext(context.Context, *scep.CSRReqMessage) (*x509.Certificate, error)
}

CSRSignerContext is a handler for signing CSRs by a CA/RA.

SignCSRContext should take the CSR in the CSRReqMessage and return a Certificate signed by the CA.

type CSRSignerContextFunc

type CSRSignerContextFunc func(context.Context, *scep.CSRReqMessage) (*x509.Certificate, error)

CSRSignerContextFunc is an adapter for CSR signing by the CA/RA.

func MySQLChallengeMiddleWare added in v0.1.0

func MySQLChallengeMiddleWare(depot *mysql.MySQLDepot, next CSRSignerContext) CSRSignerContextFunc

IDMChallengeMiddleware

func NopCSRSigner

func NopCSRSigner() CSRSignerContextFunc

NopCSRSigner does nothing.

func SignCSRAdapter

func SignCSRAdapter(next CSRSigner) CSRSignerContextFunc

SignCSRAdapter adapts a next (i.e. no context) to a context signer.

func StaticChallengeMiddleware

func StaticChallengeMiddleware(challenge string, next CSRSignerContext) CSRSignerContextFunc

StaticChallengeMiddleware wraps next and validates the challenge from the CSR.

func (CSRSignerContextFunc) SignCSRContext

SignCSR calls f(ctx, m).

type CSRSignerFunc

type CSRSignerFunc func(*scep.CSRReqMessage) (*x509.Certificate, error)

CSRSignerFunc is an adapter for CSR signing by the CA/RA.

func (CSRSignerFunc) SignCSR

SignCSR calls f(m).

type Endpoints

type Endpoints struct {
	GetEndpoint  endpoint.Endpoint
	PostEndpoint endpoint.Endpoint
	// contains filtered or unexported fields
}

func MakeClientEndpoints

func MakeClientEndpoints(instance string) (*Endpoints, error)

MakeClientEndpoints returns an Endpoints struct where each endpoint invokes the corresponding method on the remote instance, via a transport/http.Client. Useful in a SCEP client.

func MakeServerEndpoints

func MakeServerEndpoints(svc Service, depotPath string) *Endpoints

func (*Endpoints) GetCACaps

func (e *Endpoints) GetCACaps(ctx context.Context) ([]byte, error)

func (*Endpoints) GetCACert

func (e *Endpoints) GetCACert(ctx context.Context, message string) ([]byte, int, error)

func (*Endpoints) GetCRL

func (e *Endpoints) GetCRL(ctx context.Context, depotPath string, message string) ([]byte, error)

func (*Endpoints) GetNextCACert

func (e *Endpoints) GetNextCACert(ctx context.Context) ([]byte, error)

func (*Endpoints) PKIOperation

func (e *Endpoints) PKIOperation(ctx context.Context, msg []byte) ([]byte, error)

func (*Endpoints) Supports

func (e *Endpoints) Supports(cap string) bool

type SCEPRequest

type SCEPRequest struct {
	Operation string
	Message   []byte
}

SCEPRequest is a SCEP server request.

type SCEPResponse

type SCEPResponse struct {
	CACertNum int
	Data      []byte
	Err       error
	// contains filtered or unexported fields
}

SCEPResponse is a SCEP server response. Business errors will be encoded as a CertRep message with pkiStatus FAILURE and a failInfo attribute.

type Service

type Service interface {
	// GetCACaps returns a list of options
	// which are supported by the server.
	GetCACaps(ctx context.Context) ([]byte, error)

	// GetCACert returns CA certificate or
	// a CA certificate chain with intermediates
	// in a PKCS#7 Degenerate Certificates format
	// message is an optional string for the CA
	GetCACert(ctx context.Context, message string) ([]byte, int, error)

	// PKIOperation handles incoming SCEP messages such as PKCSReq and
	// sends back a CertRep PKIMessag.
	PKIOperation(ctx context.Context, msg []byte) ([]byte, error)

	// GetNextCACert returns a replacement certificate or certificate chain
	// when the old one expires. The response format is a PKCS#7 Degenerate
	// Certificates type.
	GetNextCACert(ctx context.Context) ([]byte, error)

	GetCRL(ctx context.Context, depotPath string, message string) ([]byte, error)
}

Service is the interface for all supported SCEP server operations.

func NewLoggingService

func NewLoggingService(logger log.Logger, s Service) Service

NewLoggingService creates adds logging to the SCEP service

func NewService

func NewService(crt *x509.Certificate, key *rsa.PrivateKey, signer CSRSignerContext, opts ...ServiceOption) (Service, error)

NewService creates a new scep service

type ServiceOption

type ServiceOption func(*service) error

ServiceOption is a server configuration option

func WithAddlCA

func WithAddlCA(ca *x509.Certificate) ServiceOption

WithAddlCA appends an additional certificate to the slice of CA certs

func WithLogger

func WithLogger(logger log.Logger) ServiceOption

WithLogger configures a logger for the SCEP Service. By default, a no-op logger is used.

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL