Documentation ¶
Overview ¶
Package server implements a lightweight Sectigo mock server that can be used in staging to issue mock certificates and perform integration tests. This server implements a subset of the Sectigo IoT API that targets GDS-specific usage. All state is held in-memory and is periodically flushed so this service should not be relied on for anything other than staging and systems integration tests.
Index ¶
- Constants
- func Err(e interface{}) gin.H
- func InitCA(commonName string) (cert *x509.Certificate, priv crypto.PrivateKey, err error)
- func ParseID(c *gin.Context) (id int, err error)
- func SerialNumber() *big.Int
- type AuthConfig
- type Batch
- type Certificate
- type Certs
- type Claims
- type Config
- type Params
- type Server
- func (s *Server) Authenticate(c *gin.Context)
- func (s *Server) AuthorityAvailableBalance(c *gin.Context)
- func (s *Server) Available() gin.HandlerFunc
- func (s *Server) BatchDetail(c *gin.Context)
- func (s *Server) BatchStatus(c *gin.Context)
- func (s *Server) CreateCerts(params Params, profile string, batchID int)
- func (s *Server) CreateSingleCertBatch(c *gin.Context)
- func (s *Server) Download(c *gin.Context)
- func (s *Server) FindCertificate(c *gin.Context)
- func (s *Server) LicensesUsed(c *gin.Context)
- func (s *Server) Login(c *gin.Context)
- func (s *Server) NotAllowed(c *gin.Context)
- func (s *Server) NotFound(c *gin.Context)
- func (s *Server) Organization(c *gin.Context)
- func (s *Server) ProcessingInfo(c *gin.Context)
- func (s *Server) ProfileDetail(c *gin.Context)
- func (s *Server) ProfileParams(c *gin.Context)
- func (s *Server) Profiles(c *gin.Context)
- func (s *Server) Refresh(c *gin.Context)
- func (s *Server) RevokeCertificate(c *gin.Context)
- func (s *Server) Serve() (err error)
- func (s *Server) SetHealth(health bool)
- func (s *Server) Shutdown() error
- func (s *Server) Status(c *gin.Context)
- func (s *Server) URL() string
- func (s *Server) UploadCSRBatch(c *gin.Context)
- func (s *Server) UserAuthorities(c *gin.Context)
- type Store
- func (s *Store) AddBatch(profile string, info *sectigo.CreateSingleCertBatchRequest) (Batch, error)
- func (s *Store) AddCert(batchID int, data []byte) error
- func (s *Store) Find(commonName, serialNumber string) []Certificate
- func (s *Store) GetBatch(id int) (Batch, error)
- func (s *Store) GetCertData(serialNumber string) (cert *trust.Provider, err error)
- func (s *Store) Issued() int
- func (s *Store) RejectBatch(batchID int, rejectReason string) error
- func (s *Store) Revoke(serialNumber string) error
- type StringSet
- type Tokens
- func (tm *Tokens) CreateAccessToken() (_ *jwt.Token, err error)
- func (tm *Tokens) CreateRefreshToken(accessToken *jwt.Token) (refreshToken *jwt.Token, err error)
- func (tm *Tokens) Sign(token *jwt.Token) (tks string, err error)
- func (tm *Tokens) SignedTokenPair() (accessToken, refreshToken string, err error)
- func (tm *Tokens) Verify(tks string) (claims *Claims, err error)
Constants ¶
const ( EcosystemID = 21 UserID = 295 )
Variables ¶
This section is empty.
Functions ¶
func InitCA ¶
func InitCA(commonName string) (cert *x509.Certificate, priv crypto.PrivateKey, err error)
func SerialNumber ¶
Types ¶
type AuthConfig ¶
type AuthConfig struct { Username string `required:"true"` Password string `required:"true"` Issuer string `default:"https://cathy.test-net.io"` Subject string `default:"/account/42/user/staging"` Scopes []string `default:"ROLE_USER"` Secret string `required:"false"` }
func (AuthConfig) ParseSecret ¶
func (c AuthConfig) ParseSecret() []byte
func (AuthConfig) Validate ¶
func (c AuthConfig) Validate() error
type Certificate ¶
type Certs ¶
type Certs struct {
// contains filtered or unexported fields
}
type Claims ¶
type Claims struct { jwt.RegisteredClaims Scopes []string `json:"scopes,omitempty"` FirstLogin bool `json:"first-login"` }
type Config ¶
type Config struct { BindAddr string `split_words:"true" default:":8831"` Mode string `split_words:"true" default:"release"` LogLevel logger.LevelDecoder `split_words:"true" default:"info"` ConsoleLog bool `split_words:"true" default:"false"` CAPath string `split_words:"true"` Auth AuthConfig // contains filtered or unexported fields }
Configure the server in a lightweight fashion by fetching environment variables.
func (Config) CA ¶
func (c Config) CA() (cert *x509.Certificate, priv crypto.PrivateKey, err error)
func (Config) GetLogLevel ¶
type Server ¶
func (*Server) Authenticate ¶
func (*Server) AuthorityAvailableBalance ¶
func (*Server) Available ¶
func (s *Server) Available() gin.HandlerFunc
Available is middleware that checks the healthy boolean and returns service unavailable if the server is shutting down.
func (*Server) BatchDetail ¶
func (*Server) BatchStatus ¶
func (*Server) CreateCerts ¶
func (*Server) CreateSingleCertBatch ¶
func (*Server) FindCertificate ¶
func (*Server) LicensesUsed ¶
func (*Server) NotAllowed ¶
NotAllowed returns a JSON 405 response for the API.
func (*Server) Organization ¶
func (*Server) ProcessingInfo ¶
func (*Server) ProfileDetail ¶
func (*Server) ProfileParams ¶
func (*Server) RevokeCertificate ¶
func (*Server) UploadCSRBatch ¶
func (*Server) UserAuthorities ¶
type Store ¶
In-memory store to hold information about batches and certificates.
func (*Store) Find ¶
func (s *Store) Find(commonName, serialNumber string) []Certificate
func (*Store) GetCertData ¶
type Tokens ¶
type Tokens struct {
// contains filtered or unexported fields
}
A simple token manager that returns jwt.RegisteredClaims with HS512 signatures.
func NewTokens ¶
func NewTokens(conf AuthConfig) (*Tokens, error)
func (*Tokens) CreateAccessToken ¶
CreateAccessToken from the verified Google credential payload or from an previous token if the access token is being reauthorized from previous credentials. Note that the returned token only contains the claims and is unsigned.
func (*Tokens) CreateRefreshToken ¶
CreateRefreshToken from the Access token claims with predefined expiration. Note that the returned token only contains the claims and is unsigned.
func (*Tokens) SignedTokenPair ¶
Create signed token pair - an access and refresh token.