server

package
v1.9.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Nov 19, 2024 License: MIT Imports: 34 Imported by: 0

Documentation

Overview

Package server implements a lightweight Sectigo mock server that can be used in staging to issue mock certificates and perform integration tests. This server implements a subset of the Sectigo IoT API that targets GDS-specific usage. All state is held in-memory and is periodically flushed so this service should not be relied on for anything other than staging and systems integration tests.

Index

Constants

View Source
const (
	EcosystemID = 21
	UserID      = 295
)

Variables

This section is empty.

Functions

func Err

func Err(e interface{}) gin.H

func InitCA

func InitCA(commonName string) (cert *x509.Certificate, priv crypto.PrivateKey, err error)

func ParseID

func ParseID(c *gin.Context) (id int, err error)

func SerialNumber

func SerialNumber() *big.Int

Types

type AuthConfig

type AuthConfig struct {
	Username string   `required:"true"`
	Password string   `required:"true"`
	Issuer   string   `default:"https://cathy.test-net.io"`
	Subject  string   `default:"/account/42/user/staging"`
	Scopes   []string `default:"ROLE_USER"`
	Secret   string   `required:"false"`
}

func (AuthConfig) ParseSecret

func (c AuthConfig) ParseSecret() []byte

func (AuthConfig) Validate

func (c AuthConfig) Validate() error

type Batch

type Batch struct {
	BatchID       int
	OrderNumber   int
	CreationDate  string
	Profile       string
	Size          int
	Status        string
	BatchName     string
	RejectReason  string
	UserID        string
	Active        int
	Failed        int
	SerialNumbers []string
	Params        Params
	Expires       time.Time
	Cleaned       bool
}

type Certificate

type Certificate struct {
	DeviceID     string
	CommonName   string
	SerialNumber string
	CreationDate string
	Status       string
	Data         []byte
}

type Certs

type Certs struct {
	// contains filtered or unexported fields
}

func NewCerts

func NewCerts(conf Config) (certs *Certs, err error)

TODO: create a different CA for each profile

func (*Certs) Issue

func (c *Certs) Issue(sub pkix.Name) (_ []byte, err error)

TODO: handle dNSNames

type Claims

type Claims struct {
	jwt.RegisteredClaims
	Scopes     []string `json:"scopes,omitempty"`
	FirstLogin bool     `json:"first-login"`
}

type Config

type Config struct {
	BindAddr   string              `split_words:"true" default:":8831"`
	Mode       string              `split_words:"true" default:"release"`
	LogLevel   logger.LevelDecoder `split_words:"true" default:"info"`
	ConsoleLog bool                `split_words:"true" default:"false"`
	CAPath     string              `split_words:"true"`
	Auth       AuthConfig
	// contains filtered or unexported fields
}

Configure the server in a lightweight fashion by fetching environment variables.

func NewConfig

func NewConfig() (conf Config, err error)

func (Config) CA

func (c Config) CA() (cert *x509.Certificate, priv crypto.PrivateKey, err error)

func (Config) GetLogLevel

func (c Config) GetLogLevel() zerolog.Level

func (Config) IsZero

func (c Config) IsZero() bool

func (Config) Mark

func (c Config) Mark() (Config, error)

func (Config) Validate

func (c Config) Validate() error

type Params

type Params map[string]string

func (Params) Get

func (p Params) Get(name, defaultValue string) string

type Server

type Server struct {
	sync.RWMutex
	// contains filtered or unexported fields
}

func New

func New(conf Config) (s *Server, err error)

New is the primary entry point to creating a Sectigo Integration API Server.

func (*Server) Authenticate

func (s *Server) Authenticate(c *gin.Context)

func (*Server) AuthorityAvailableBalance

func (s *Server) AuthorityAvailableBalance(c *gin.Context)

func (*Server) Available

func (s *Server) Available() gin.HandlerFunc

Available is middleware that checks the healthy boolean and returns service unavailable if the server is shutting down.

func (*Server) BatchDetail

func (s *Server) BatchDetail(c *gin.Context)

func (*Server) BatchStatus

func (s *Server) BatchStatus(c *gin.Context)

func (*Server) CreateCerts

func (s *Server) CreateCerts(params Params, profile string, batchID int)

func (*Server) CreateSingleCertBatch

func (s *Server) CreateSingleCertBatch(c *gin.Context)

func (*Server) Download

func (s *Server) Download(c *gin.Context)

func (*Server) FindCertificate

func (s *Server) FindCertificate(c *gin.Context)

func (*Server) LicensesUsed

func (s *Server) LicensesUsed(c *gin.Context)

func (*Server) Login

func (s *Server) Login(c *gin.Context)

func (*Server) NotAllowed

func (s *Server) NotAllowed(c *gin.Context)

NotAllowed returns a JSON 405 response for the API.

func (*Server) NotFound

func (s *Server) NotFound(c *gin.Context)

NotFound returns a JSON 404 response for the API

func (*Server) Organization

func (s *Server) Organization(c *gin.Context)

func (*Server) ProcessingInfo

func (s *Server) ProcessingInfo(c *gin.Context)

func (*Server) ProfileDetail

func (s *Server) ProfileDetail(c *gin.Context)

func (*Server) ProfileParams

func (s *Server) ProfileParams(c *gin.Context)

func (*Server) Profiles

func (s *Server) Profiles(c *gin.Context)

func (*Server) Refresh

func (s *Server) Refresh(c *gin.Context)

func (*Server) RevokeCertificate

func (s *Server) RevokeCertificate(c *gin.Context)

func (*Server) Serve

func (s *Server) Serve() (err error)

func (*Server) SetHealth

func (s *Server) SetHealth(health bool)

func (*Server) Shutdown

func (s *Server) Shutdown() error

func (*Server) Status

func (s *Server) Status(c *gin.Context)

Status implements the heartbeat endpoint of the API server.

func (*Server) URL

func (s *Server) URL() string

func (*Server) UploadCSRBatch

func (s *Server) UploadCSRBatch(c *gin.Context)

func (*Server) UserAuthorities

func (s *Server) UserAuthorities(c *gin.Context)

type Store

type Store struct {
	sync.RWMutex
	// contains filtered or unexported fields
}

In-memory store to hold information about batches and certificates.

func NewStore

func NewStore() (*Store, error)

func (*Store) AddBatch

func (s *Store) AddBatch(profile string, info *sectigo.CreateSingleCertBatchRequest) (Batch, error)

func (*Store) AddCert

func (s *Store) AddCert(batchID int, data []byte) error

func (*Store) Find

func (s *Store) Find(commonName, serialNumber string) []Certificate

func (*Store) GetBatch

func (s *Store) GetBatch(id int) (Batch, error)

func (*Store) GetCertData

func (s *Store) GetCertData(serialNumber string) (cert *trust.Provider, err error)

func (*Store) Issued

func (s *Store) Issued() int

func (*Store) RejectBatch

func (s *Store) RejectBatch(batchID int, rejectReason string) error

func (*Store) Revoke

func (s *Store) Revoke(serialNumber string) error

type StringSet

type StringSet map[string]struct{}

type Tokens

type Tokens struct {
	// contains filtered or unexported fields
}

A simple token manager that returns jwt.RegisteredClaims with HS512 signatures.

func NewTokens

func NewTokens(conf AuthConfig) (*Tokens, error)

func (*Tokens) CreateAccessToken

func (tm *Tokens) CreateAccessToken() (_ *jwt.Token, err error)

CreateAccessToken from the verified Google credential payload or from an previous token if the access token is being reauthorized from previous credentials. Note that the returned token only contains the claims and is unsigned.

func (*Tokens) CreateRefreshToken

func (tm *Tokens) CreateRefreshToken(accessToken *jwt.Token) (refreshToken *jwt.Token, err error)

CreateRefreshToken from the Access token claims with predefined expiration. Note that the returned token only contains the claims and is unsigned.

func (*Tokens) Sign

func (tm *Tokens) Sign(token *jwt.Token) (tks string, err error)

Sign an access or refresh token and return the token string.

func (*Tokens) SignedTokenPair

func (tm *Tokens) SignedTokenPair() (accessToken, refreshToken string, err error)

Create signed token pair - an access and refresh token.

func (*Tokens) Verify

func (tm *Tokens) Verify(tks string) (claims *Claims, err error)

Verify an access or refresh token after parsing and return its claims.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL