Documentation ¶
Index ¶
- func DecodeSCEPResponse(ctx context.Context, r *http.Response) (interface{}, error)
- func EncodeSCEPRequest(ctx context.Context, r *http.Request, request interface{}) error
- func EndpointLoggingMiddleware(logger log.Logger) endpoint.Middleware
- func MakeHTTPHandler(depot *mysql.MySQLDepot, e *Endpoints, svc Service, logger kitlog.Logger) http.Handler
- func MakeSCEPEndpoint(svc Service, depotPath string) endpoint.Endpoint
- type CSRSigner
- type CSRSignerContext
- type CSRSignerContextFunc
- type CSRSignerFunc
- type Endpoints
- func (e *Endpoints) GetCACaps(ctx context.Context) ([]byte, error)
- func (e *Endpoints) GetCACert(ctx context.Context, message string) ([]byte, int, error)
- func (e *Endpoints) GetCRL(ctx context.Context, depotPath string, message string) ([]byte, error)
- func (e *Endpoints) GetNextCACert(ctx context.Context) ([]byte, error)
- func (e *Endpoints) PKIOperation(ctx context.Context, msg []byte) ([]byte, error)
- func (e *Endpoints) Supports(cap string) bool
- type SCEPRequest
- type SCEPResponse
- type Service
- type ServiceOption
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func DecodeSCEPResponse ¶
DecodeSCEPResponse decodes a SCEP response
func EncodeSCEPRequest ¶
EncodeSCEPRequest encodes a SCEP HTTP Request. Used by the client.
func EndpointLoggingMiddleware ¶
func EndpointLoggingMiddleware(logger log.Logger) endpoint.Middleware
EndpointLoggingMiddleware returns an endpoint middleware that logs the duration of each invocation, and the resulting error, if any.
func MakeHTTPHandler ¶
Types ¶
type CSRSigner ¶
type CSRSigner interface {
SignCSR(*scep.CSRReqMessage) (*x509.Certificate, error)
}
CSRSigner is a handler for CSR signing by the CA/RA
SignCSR should take the CSR in the CSRReqMessage and return a Certificate signed by the CA.
type CSRSignerContext ¶
type CSRSignerContext interface {
SignCSRContext(context.Context, *scep.CSRReqMessage) (*x509.Certificate, error)
}
CSRSignerContext is a handler for signing CSRs by a CA/RA.
SignCSRContext should take the CSR in the CSRReqMessage and return a Certificate signed by the CA.
type CSRSignerContextFunc ¶
type CSRSignerContextFunc func(context.Context, *scep.CSRReqMessage) (*x509.Certificate, error)
CSRSignerContextFunc is an adapter for CSR signing by the CA/RA.
func MySQLChallengeMiddleWare ¶ added in v0.1.0
func MySQLChallengeMiddleWare(depot *mysql.MySQLDepot, next CSRSignerContext) CSRSignerContextFunc
IDMChallengeMiddleware
func SignCSRAdapter ¶
func SignCSRAdapter(next CSRSigner) CSRSignerContextFunc
SignCSRAdapter adapts a next (i.e. no context) to a context signer.
func StaticChallengeMiddleware ¶
func StaticChallengeMiddleware(challenge string, next CSRSignerContext) CSRSignerContextFunc
StaticChallengeMiddleware wraps next and validates the challenge from the CSR.
func (CSRSignerContextFunc) SignCSRContext ¶
func (f CSRSignerContextFunc) SignCSRContext(ctx context.Context, m *scep.CSRReqMessage) (*x509.Certificate, error)
SignCSR calls f(ctx, m).
type CSRSignerFunc ¶
type CSRSignerFunc func(*scep.CSRReqMessage) (*x509.Certificate, error)
CSRSignerFunc is an adapter for CSR signing by the CA/RA.
func (CSRSignerFunc) SignCSR ¶
func (f CSRSignerFunc) SignCSR(m *scep.CSRReqMessage) (*x509.Certificate, error)
SignCSR calls f(m).
type Endpoints ¶
type Endpoints struct { GetEndpoint endpoint.Endpoint PostEndpoint endpoint.Endpoint // contains filtered or unexported fields }
func MakeClientEndpoints ¶
MakeClientEndpoints returns an Endpoints struct where each endpoint invokes the corresponding method on the remote instance, via a transport/http.Client. Useful in a SCEP client.
func MakeServerEndpoints ¶
func (*Endpoints) GetNextCACert ¶
func (*Endpoints) PKIOperation ¶
type SCEPRequest ¶
SCEPRequest is a SCEP server request.
type SCEPResponse ¶
type SCEPResponse struct { CACertNum int Data []byte Err error // contains filtered or unexported fields }
SCEPResponse is a SCEP server response. Business errors will be encoded as a CertRep message with pkiStatus FAILURE and a failInfo attribute.
type Service ¶
type Service interface { // GetCACaps returns a list of options // which are supported by the server. GetCACaps(ctx context.Context) ([]byte, error) // GetCACert returns CA certificate or // a CA certificate chain with intermediates // in a PKCS#7 Degenerate Certificates format // message is an optional string for the CA GetCACert(ctx context.Context, message string) ([]byte, int, error) // PKIOperation handles incoming SCEP messages such as PKCSReq and // sends back a CertRep PKIMessag. PKIOperation(ctx context.Context, msg []byte) ([]byte, error) // GetNextCACert returns a replacement certificate or certificate chain // when the old one expires. The response format is a PKCS#7 Degenerate // Certificates type. GetNextCACert(ctx context.Context) ([]byte, error) GetCRL(ctx context.Context, depotPath string, message string) ([]byte, error) }
Service is the interface for all supported SCEP server operations.
func NewLoggingService ¶
NewLoggingService creates adds logging to the SCEP service
func NewService ¶
func NewService(crt *x509.Certificate, key *rsa.PrivateKey, signer CSRSignerContext, opts ...ServiceOption) (Service, error)
NewService creates a new scep service
type ServiceOption ¶
type ServiceOption func(*service) error
ServiceOption is a server configuration option
func WithAddlCA ¶
func WithAddlCA(ca *x509.Certificate) ServiceOption
WithAddlCA appends an additional certificate to the slice of CA certs
func WithLogger ¶
func WithLogger(logger log.Logger) ServiceOption
WithLogger configures a logger for the SCEP Service. By default, a no-op logger is used.