apiv1

package
v0.15.9-rc3 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Feb 18, 2021 License: Apache-2.0 Imports: 11 Imported by: 3

Documentation

Index

Constants

View Source
const (
	// DefaultCAS is a CertificateAuthorityService using software.
	DefaultCAS = ""
	// SoftCAS is a CertificateAuthorityService using software.
	SoftCAS = "softcas"
	// CloudCAS is a CertificateAuthorityService using Google Cloud CAS.
	CloudCAS = "cloudcas"
)

Variables

This section is empty.

Functions

func CreateCertificateAuthorityExtension

func CreateCertificateAuthorityExtension(typ Type, certificateID string, keyValuePairs ...string) (pkix.Extension, error)

CreateCertificateAuthorityExtension returns a X.509 extension that shows the CAS type, id and a list of optional key value pairs.

func FindCertificateAuthorityExtension

func FindCertificateAuthorityExtension(cert *x509.Certificate) (pkix.Extension, bool)

FindCertificateAuthorityExtension returns the certificate authority extension from a signed certificate.

func Register

Register adds to the registry a method to create a KeyManager of type t.

func RemoveCertificateAuthorityExtension

func RemoveCertificateAuthorityExtension(cert *x509.Certificate)

RemoveCertificateAuthorityExtension removes the certificate authority extension from a certificate template.

Types

type CertificateAuthorityCreator added in v0.15.6

type CertificateAuthorityCreator interface {
	CreateCertificateAuthority(req *CreateCertificateAuthorityRequest) (*CreateCertificateAuthorityResponse, error)
}

CertificateAuthorityCreator is an interface implamented by a CertificateAuthorityService that has a method to create a new certificate authority.

type CertificateAuthorityExtension

type CertificateAuthorityExtension struct {
	Type          string
	CertificateID string   `asn1:"optional,omitempty"`
	KeyValuePairs []string `asn1:"optional,omitempty"`
}

CertificateAuthorityExtension type is used to encode the certificate authority extension.

type CertificateAuthorityGetter

type CertificateAuthorityGetter interface {
	GetCertificateAuthority(req *GetCertificateAuthorityRequest) (*GetCertificateAuthorityResponse, error)
}

CertificateAuthorityGetter is an interface implemented by a CertificateAuthorityService that has a method to get the root certificate.

type CertificateAuthorityService

type CertificateAuthorityService interface {
	CreateCertificate(req *CreateCertificateRequest) (*CreateCertificateResponse, error)
	RenewCertificate(req *RenewCertificateRequest) (*RenewCertificateResponse, error)
	RevokeCertificate(req *RevokeCertificateRequest) (*RevokeCertificateResponse, error)
}

CertificateAuthorityService is the interface implemented to support external certificate authorities.

type CertificateAuthorityServiceNewFunc

type CertificateAuthorityServiceNewFunc func(ctx context.Context, opts Options) (CertificateAuthorityService, error)

CertificateAuthorityServiceNewFunc is the type that represents the method to initialize a new CertificateAuthorityService.

func LoadCertificateAuthorityServiceNewFunc

func LoadCertificateAuthorityServiceNewFunc(t Type) (CertificateAuthorityServiceNewFunc, bool)

LoadCertificateAuthorityServiceNewFunc returns the function initialize a KayManager.

type CertificateAuthorityType added in v0.15.6

type CertificateAuthorityType int

CertificateAuthorityType indicates the type of Certificate Authority to create.

const (
	// RootCA is the type used to create a self-signed certificate suitable for
	// use as a root CA.
	RootCA CertificateAuthorityType = iota + 1

	// IntermediateCA is the type used to create a subordinated certificate that
	// can be used to sign additional leaf certificates.
	IntermediateCA
)

type CreateCertificateAuthorityRequest added in v0.15.6

type CreateCertificateAuthorityRequest struct {
	Name      string
	Type      CertificateAuthorityType
	Template  *x509.Certificate
	Lifetime  time.Duration
	Backdate  time.Duration
	RequestID string
	Project   string
	Location  string

	// Parent is the signer of the new CertificateAuthority.
	Parent *CreateCertificateAuthorityResponse

	// CreateKey defines the KMS CreateKeyRequest to use when creating a new
	// CertificateAuthority. If CreateKey is nil, a default algorithm will be
	// used.
	CreateKey *apiv1.CreateKeyRequest
}

CreateCertificateAuthorityRequest is the request used to generate a root or intermediate certificate.

type CreateCertificateAuthorityResponse added in v0.15.6

type CreateCertificateAuthorityResponse struct {
	Name             string
	Certificate      *x509.Certificate
	CertificateChain []*x509.Certificate
	PublicKey        crypto.PublicKey
	PrivateKey       crypto.PrivateKey
	Signer           crypto.Signer
}

CreateCertificateAuthorityResponse is the response for CreateCertificateAuthority method and contains the root or intermediate certificate generated as well as the CA chain.

type CreateCertificateRequest

type CreateCertificateRequest struct {
	Template  *x509.Certificate
	Lifetime  time.Duration
	Backdate  time.Duration
	RequestID string
}

CreateCertificateRequest is the request used to sign a new certificate.

type CreateCertificateResponse

type CreateCertificateResponse struct {
	Certificate      *x509.Certificate
	CertificateChain []*x509.Certificate
}

CreateCertificateResponse is the response to a create certificate request.

type GetCertificateAuthorityRequest

type GetCertificateAuthorityRequest struct {
	Name string
}

GetCertificateAuthorityRequest is the request used to get the root certificate from a CAS.

type GetCertificateAuthorityResponse

type GetCertificateAuthorityResponse struct {
	RootCertificate *x509.Certificate
}

GetCertificateAuthorityResponse is the response that contains the root certificate.

type Options

type Options struct {
	// The type of the CAS to use.
	Type string `json:"type"`

	// Path to the credentials file used in CloudCAS
	CredentialsFile string `json:"credentialsFile"`

	// CertificateAuthority reference. In CloudCAS the format is
	// `projects/*/locations/*/certificateAuthorities/*`.
	CertificateAuthority string `json:"certificateAuthority"`

	// Certificate and signer are the issuer certificate,along with any other bundled certificates to be returned in the chain for consumers, and signer used in SoftCAS.
	// They are configured in ca.json crt and key properties.
	CertificateChain []*x509.Certificate
	Signer           crypto.Signer `json:"-"`

	// IsCreator is set to true when we're creating a certificate authority. Is
	// used to skip some validations when initializing a CertificateAuthority.
	IsCreator bool `json:"-"`

	// KeyManager is the KMS used to generate keys in SoftCAS.
	KeyManager kms.KeyManager `json:"-"`

	// Project and Location are parameters used in CloudCAS to create a new
	// certificate authority.
	Project  string `json:"-"`
	Location string `json:"-"`
}

Options represents the configuration options used to select and configure the CertificateAuthorityService (CAS) to use.

func (*Options) Is

func (o *Options) Is(t Type) bool

Is returns if the options have the given type.

func (*Options) Validate

func (o *Options) Validate() error

Validate checks the fields in Options.

type RenewCertificateRequest

type RenewCertificateRequest struct {
	Template  *x509.Certificate
	Lifetime  time.Duration
	Backdate  time.Duration
	RequestID string
}

RenewCertificateRequest is the request used to re-sign a certificate.

type RenewCertificateResponse

type RenewCertificateResponse struct {
	Certificate      *x509.Certificate
	CertificateChain []*x509.Certificate
}

RenewCertificateResponse is the response to a renew certificate request.

type RevokeCertificateRequest

type RevokeCertificateRequest struct {
	Certificate *x509.Certificate
	Reason      string
	ReasonCode  int
	RequestID   string
}

RevokeCertificateRequest is the request used to revoke a certificate.

type RevokeCertificateResponse

type RevokeCertificateResponse struct {
	Certificate      *x509.Certificate
	CertificateChain []*x509.Certificate
}

RevokeCertificateResponse is the response to a revoke certificate request.

type SignatureAlgorithm added in v0.15.6

type SignatureAlgorithm int

SignatureAlgorithm used for cryptographic signing.

const (
	// Not specified.
	UnspecifiedSignAlgorithm SignatureAlgorithm = iota
	// RSASSA-PKCS1-v1_5 key and a SHA256 digest.
	SHA256WithRSA
	// RSASSA-PKCS1-v1_5 key and a SHA384 digest.
	SHA384WithRSA
	// RSASSA-PKCS1-v1_5 key and a SHA512 digest.
	SHA512WithRSA
	// RSASSA-PSS key with a SHA256 digest.
	SHA256WithRSAPSS
	// RSASSA-PSS key with a SHA384 digest.
	SHA384WithRSAPSS
	// RSASSA-PSS key with a SHA512 digest.
	SHA512WithRSAPSS
	// ECDSA on the NIST P-256 curve with a SHA256 digest.
	ECDSAWithSHA256
	// ECDSA on the NIST P-384 curve with a SHA384 digest.
	ECDSAWithSHA384
	// ECDSA on the NIST P-521 curve with a SHA512 digest.
	ECDSAWithSHA512
	// EdDSA on Curve25519 with a SHA512 digest.
	PureEd25519
)

type Type

type Type string

Type represents the CAS type used.

func (Type) String

func (t Type) String() string

String returns a string from the type. It will always return the lower case version of the Type, as we need a standard type to compare and use as the registry key.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL