vice

package module
v0.0.0-...-e4ca123 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Aug 21, 2019 License: Apache-2.0 Imports: 21 Imported by: 1

README

go-vice

go-vice is a Golang binding for the Symantec Vice API.

Usage

import "github.com/sapcc/go-vice"

Create a new client, then use the exposed services to access the different parts of the API.

Authentication

The Vice API requires authentication via client certificates. Creating a client using such a keypair:

cert, err := tls.LoadX509KeyPair("symantec.pem", "symantec-key.pem")
viceClient := vice.New(cert)

Examples

Enrolling a New Certificate

In order to enroll for a new certificate, the API requires a CSR and RSA key. go-vice includes a few utility methods to easy this dance.

key, _ := rsa.GenerateKey(rand.Reader, 2048)
sans := []string{"vice.sap.com", "certificates.sap.com"}

csr := vice.CreateCSR(
  pkix.Name{
		CommonName:         "vice.sap.com",
		Country:            []string{"DE"},
		Province:           []string{"BERLIN"},
		Locality:           []string{"BERLIN"},
		Organization:       []string{"SAP SE"},
		OrganizationalUnit: []string{"Infrastructure Automation"},
	}, 
  "michael02.schmidt@sap.com", 
  sans, 
  key)

enrollment, err := viceClient.Certificates.Enroll(
  context.TODO(), 
  &vice.EnrollRequest{
    Challenge:          "Passwort1!",
    CertProductType:    vice.CertProductType.Server,
    FirstName:          "Michael",
    MiddleInitial:      "J",
    LastName:           "Schmidt",
    Email:              "michael.schmidt@email.com",
    CSR:                string(csr),
    ServerType:         vice.ServerType.OpenSSL,
    EmployeeId:         "d038720",
    SignatureAlgorithm: vice.SignatureAlgorithm.SHA256WithRSAEncryption,
    SubjectAltNames:    sans,
    ValidityPeriod:     vice.ValidityPeriod.OneYear,
  }
)

// With Auto-Approval turned on, the certificate is returned
certificate := enrollment.Certificate

// Otherwise, you can approve it with the returned transactionID
tid := enrollment.TransactionID
Approving a Certificate

Certificates requested via API can be auto-approved. Or using a manual approval step:

approval, err := viceClient.Certificates.Approve(
  context.TODO(), 
  &vice.ApprovalRequest{
    TransactionID: enrollment.TransactionID
  }
)

certificate := approval.Certificate
Picking up a Certificate

You can pick up issues certificates at a later time. Given you still know the TransactionID.

pickup, err := viceClient.Certificates.Pickup(
  context.TODO(), 
  &vice.PickupRequest{
    TransactionID: tid
  }
)

certificate := pickup.Certificate
Renewing a Certificate

Renewing an existing cerificate is nearly identical to enrolling for a new certificate. In addition the original certificate or the transaction ID needs to be provided.

renewal, err := viceClient.Certificates.Renew(
  context.TODO(), 
  &vice.RenewRequest{
    FirstName:           "Michael",
    LastName:            "Schmidt",
    Email:               "michael.schmidt@email.com",
    CSR:                 string(csr),
    SubjectAltNames:     sans,
    OriginalCertificate: certificate,
    OriginalChallenge:   "Passwort1!",
    Challenge:           "Passwort2!",
    CertProductType:     vice.CertProductType.Server,
    ServerType:          vice.ServerType.OpenSSL,
    ValidityPeriod:      vice.ValidityPeriod.OneYear,
    SignatureAlgorithm:  vice.SignatureAlgorithm.SHA256WithRSAEncryption,
  }
)

// With Auto-Approval turned on, the certificate is returned
certificate := renewal.Certificate

// Otherwise, you can approve it with the returned transactionID
tid := renewal.TransactionID
Revoking a Certificate

Revoking a valid certificate. Given you still know the serial number of the certificate. In addition you have to provide a reason and a password, if it was set for the certificate.

revokement, err := viceClient.Certificates.Revoke(
  context.Background(),
  &vice.RevokeRequest{
    CertSerial: "04be916823d7asd1908acc9f982a4ccf12",
    Reason:     vice.CertRevokementType.Unspecified,
    Challenge:  "password",
  })

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var CTLogOption = struct {
	Public _CTLogOption
	NoLog  _CTLogOption
}{
	"public",
	"nolog",
}
View Source 
var CertProductType = struct {
	HAServer             _CertProductType
	HAGlobalServer       _CertProductType
	Server               _CertProductType
	GlobalServer         _CertProductType
	IntranetServer       _CertProductType
	IntranetGlobalServer _CertProductType
	PrivateServer        _CertProductType
	GeotrustServer       _CertProductType
	CodeSigning          _CertProductType
	JavaCodeSigning      _CertProductType
	EVCodeSigning        _CertProductType
	OFXServer            _CertProductType
}{
	"HAServer",
	"HAGlobalServer",
	"Server",
	"GlobalServer",
	"IntranetServer",
	"IntranetGlobalServer",
	"PrivateServer",
	"GeotrustServer",
	"CodeSigning",
	"JavaCodeSigning",
	"EVCodeSigning",
	"OFXServer",
}
View Source 
var CertRevokementType = struct {
	KeyCompromise        _CertRevokementType
	CACompromise         _CertRevokementType
	AffiliationChanged   _CertRevokementType
	Superseded           _CertRevokementType
	CessationOfOperation _CertRevokementType
	CertificateHold      _CertRevokementType
	RemoveFromCRL        _CertRevokementType
	PrivilegeWithdrawn   _CertRevokementType
	AACompromise         _CertRevokementType
	Unspecified          _CertRevokementType
}{
	KeyCompromise:        "Key compromise",
	CACompromise:         "CA compromise",
	AffiliationChanged:   "Affiliation changed",
	Superseded:           "Superseded",
	CessationOfOperation: "Cessation of operation",
	CertificateHold:      "Certificate hold",
	RemoveFromCRL:        "Remove from CRL",
	PrivilegeWithdrawn:   "Privilege withdrawn",
	AACompromise:         "AA compromise",
	Unspecified:          "Unspecified",
}
View Source 
var ServerType = struct {
	Microsoft _ServerType
	OpenSSL   _ServerType
}{
	"Microsoft",
	"Apache",
}
View Source 
var SignatureAlgorithm = struct {
	SHA1WithRSAEncryption       _SignatureAlgorithm
	SHA256WithRSAEncryption     _SignatureAlgorithm
	SHA256WithRSAEncryptionFull _SignatureAlgorithm
	DSAwithSHA256               _SignatureAlgorithm
	ECDSAwithSHA256             _SignatureAlgorithm
	ECDSAwithSHA256andRSAroot   _SignatureAlgorithm
}{
	"sha1WithRSAEncryption",
	"sha256WithRSAEncryption",
	"sha256WithRSAEncryptionFull",
	"DSAwithSHA256",
	"ECDSAwithSHA256",
	"ECDSAwithSHA256andRSAroot",
}
View Source 
var ValidityPeriod = struct {
	OneYear    _ValidityPeriod
	TwoYears   _ValidityPeriod
	ThreeYears _ValidityPeriod
}{
	"1Y",
	"2Y",
	"3Y",
}

Functions

func CreateCSR 

func CreateCSR(name pkix.Name, email string, sans []string, key *rsa.PrivateKey) ([]byte, error)

Types

type Approval 

type Approval struct {
	ViceResponse

	Certificate string `xml:"Certificate,omitempty"`
}

type ApprovalRequest 

type ApprovalRequest struct {
	TransactionID string `url:"transaction_id"`
}

type CertificatesService 

type CertificatesService interface {
	Enroll(context.Context, *EnrollRequest) (*Enrollment, error)
	Pickup(context.Context, *PickupRequest) (*Pickup, error)
	Approve(context.Context, *ApprovalRequest) (*Approval, error)
	Renew(context.Context, *RenewRequest) (*Renewal, error)
	Replace(context.Context, *ReplaceRequest) (*Replacement, error)
	Revoke(context.Context, *RevokeRequest) (*Revokement, error)
	GetTokenCount(context.Context) (*TokenCount, error)
	GetOrganizationInfo(context.Context) (*OrganizationInfo, error)
}

type CertificatesServiceOp 

type CertificatesServiceOp struct {
	// contains filtered or unexported fields
}

func (*CertificatesServiceOp) Approve 

func (c *CertificatesServiceOp) Approve(ctx context.Context, r *ApprovalRequest) (*Approval, error)

func (*CertificatesServiceOp) Enroll 

func (c *CertificatesServiceOp) Enroll(ctx context.Context, er *EnrollRequest) (*Enrollment, error)

func (*CertificatesServiceOp) GetOrganizationInfo 

func (c *CertificatesServiceOp) GetOrganizationInfo(ctx context.Context) (*OrganizationInfo, error)

func (*CertificatesServiceOp) GetTokenCount 

func (c *CertificatesServiceOp) GetTokenCount(ctx context.Context) (*TokenCount, error)

func (*CertificatesServiceOp) Pickup 

func (c *CertificatesServiceOp) Pickup(ctx context.Context, r *PickupRequest) (*Pickup, error)

func (*CertificatesServiceOp) Renew 

func (c *CertificatesServiceOp) Renew(ctx context.Context, er *RenewRequest) (*Renewal, error)

func (*CertificatesServiceOp) Replace 

func (c *CertificatesServiceOp) Replace(ctx context.Context, er *ReplaceRequest) (*Replacement, error)

func (*CertificatesServiceOp) Revoke 

func (c *CertificatesServiceOp) Revoke(ctx context.Context, er *RevokeRequest) (*Revokement, error)

type Client 

type Client struct {
	BaseURL   *url.URL
	UserAgent string

	Certificates CertificatesService
	// contains filtered or unexported fields
}

func New 

func New(cert tls.Certificate) *Client

func NewClient 

func NewClient(httpClient *http.Client) *Client

func (*Client) Do 

func (c *Client) Do(req *http.Request, v interface{}) error

type Date 

type Date struct {
	time.Time
}

func (Date) EncodeValues 

func (d Date) EncodeValues(key string, v *url.Values) error

type EnrollRequest 

type EnrollRequest struct {
	Challenge          string              `url:"challenge"`
	FirstName          string              `url:"firstName"`
	MiddleInitial      string              `url:"middleInitial,omitempty"`
	LastName           string              `url:"lastName"`
	Email              string              `url:"email"`
	CSR                string              `url:"csr"`
	CertProductType    _CertProductType    `url:"certProductType"`
	ServerType         _ServerType         `url:"serverType"`
	ValidityPeriod     _ValidityPeriod     `url:"validityPeriod"`
	SpecificEndDate    Date                `url:"specificEndDate,omitempty"`
	EmployeeId         string              `url:"employeeID,omitempty"`
	ServerIP           string              `url:"serverIP,omitempty"`
	MailStop           string              `url:"mailStop,omitempty"`
	SignatureAlgorithm _SignatureAlgorithm `url:"signatureAlgorithm,omitempty"`
	CTLogOption        _CTLogOption        `url:"ctLogOption,omitempty"`
	AdditionalFields   []string            `url:"additionalField,numbered,omitempty"`
	SubjectAltNames    []string            `url:"subject_alt_names,comma,omitempty"`
}

type Enrollment 

type Enrollment struct {
	ViceResponse

	Certificate   string `xml:"Certificate,omitempty"`
	TransactionID string `xml:"Transaction_ID,omitempty"`
}

type OrganizationInfo 

type OrganizationInfo struct {
	ViceResponse

	Organization _Organization `xml:"Organization"`
}

type Pickup 

type Pickup struct {
	ViceResponse

	Certificate string `xml:"Certificate,omitempty"`
}

type PickupRequest 

type PickupRequest struct {
	TransactionID string `url:"transaction_id"`
}

type RenewRequest 

type RenewRequest struct {
	Challenge             string              `url:"challenge"`
	FirstName             string              `url:"firstName"`
	LastName              string              `url:"lastName"`
	Email                 string              `url:"email"`
	CSR                   string              `url:"csr"`
	CertProductType       _CertProductType    `url:"certProductType"`
	ServerType            _ServerType         `url:"serverType"`
	ValidityPeriod        _ValidityPeriod     `url:"validityPeriod"`
	SpecificEndDate       Date                `url:"specificEndDate,omitempty"`
	OriginalCertificate   string              `url:"original_certificate"`
	OriginalTransactionID string              `url:"original_transaction_id"`
	OriginalChallenge     string              `url:"original_challenge"`
	SignatureAlgorithm    _SignatureAlgorithm `url:"signatureAlgorithm,omitempty"`
	CTLogOption           _CTLogOption        `url:"ctLogOption,omitempty"`
	SubjectAltNames       []string            `url:"subject_alt_names,comma,omitempty"`
}

type Renewal 

type Renewal struct {
	ViceResponse

	Certificate   string `xml:"Certificate,omitempty"`
	TransactionID string `xml:"Transaction_ID,omitempty"`
}

type ReplaceRequest 

type ReplaceRequest struct {
	OriginalCertificate   string `url:"original_certificate"`
	OriginalTransactionID string `url:"original_transaction_id,omitempty"`
	OriginalChallenge     string `url:"original_challenge"`
	Challenge             string `url:"challenge"`
	Reason                string `url:"reason"`
	CSR                   string `url:"csr"`
	SpecificEndDate       Date   `url:"specificEndDate,omitempty"`

	FirstName          string              `url:"firstName"`
	LastName           string              `url:"lastName"`
	Email              string              `url:"email"`
	ServerType         _ServerType         `url:"serverType"`
	SignatureAlgorithm _SignatureAlgorithm `url:"signatureAlgorithm,omitempty"`
	CTLogOption        _CTLogOption        `url:"ctLogOption,omitempty"`
	AdditionalFields   []string            `url:"additionalField,numbered,omitempty"`
}

type Replacement 

type Replacement struct {
	ViceResponse

	Certificate   string `xml:"Certificate,omitempty"`
	TransactionID string `xml:"Transaction_ID,omitempty"`
}

type RevokeRequest 

type RevokeRequest struct {
	CertSerial string              `url:"certSerial"`
	Reason     _CertRevokementType `url:"reason"`
	Challenge  string              `url:"challenge,omitempty"`
}

type Revokement 

type Revokement struct {
	ViceResponse ViceResponse
}

type SimpleTime 

type SimpleTime struct {
	time.Time
}

func NewSimpleTime 

func NewSimpleTime(day, month, year int) SimpleTime

func (*SimpleTime) UnmarshalXML 

func (sT *SimpleTime) UnmarshalXML(d *xml.Decoder, start xml.StartElement) error

type TokenCount 

type TokenCount struct {
	ViceResponse
	Tokens []_TokenCount `xml:"TokenCount"`
}

type ViceError 

type ViceError struct {
	Response *http.Response

	XMLName    xml.Name `xml:"Error"`
	StatusCode string   `xml:"StatusCode"`
	Message    string   `xml:"Message"`
}

func (*ViceError) Error 

func (r *ViceError) Error() string

type ViceResponse 

type ViceResponse struct {
	Response *http.Response

	XMLName    xml.Name `xml:"Response"`
	StatusCode string   `xml:"StatusCode"`
	Message    string   `xml:"Message"`
}

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.