scepserver

package
v1.0.2 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Sep 16, 2018 License: MIT Imports: 28 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func DecodeSCEPResponse

func DecodeSCEPResponse(ctx context.Context, r *http.Response) (interface{}, error)

DecodeSCEPResponse decodes a SCEP response

func EncodeSCEPRequest

func EncodeSCEPRequest(ctx context.Context, r *http.Request, request interface{}) error

EncodeSCEPRequest encodes a SCEP HTTP Request. Used by the client.

func EndpointLoggingMiddleware added in v1.0.2

func EndpointLoggingMiddleware(logger log.Logger) endpoint.Middleware

EndpointLoggingMiddleware returns an endpoint middleware that logs the duration of each invocation, and the resulting error, if any.

func MakeHTTPHandler added in v1.0.2

func MakeHTTPHandler(e *Endpoints, svc Service, logger kitlog.Logger) http.Handler

func MakeSCEPEndpoint added in v1.0.2

func MakeSCEPEndpoint(svc Service) endpoint.Endpoint

Types

type Endpoints added in v1.0.2

type Endpoints struct {
	GetEndpoint  endpoint.Endpoint
	PostEndpoint endpoint.Endpoint
	// contains filtered or unexported fields
}

func MakeClientEndpoints added in v1.0.2

func MakeClientEndpoints(instance string) (*Endpoints, error)

MakeClientEndpoints returns an Endpoints struct where each endpoint invokes the corresponding method on the remote instance, via a transport/http.Client. Useful in a SCEP client.

func MakeServerEndpoints added in v1.0.2

func MakeServerEndpoints(svc Service) *Endpoints

func (*Endpoints) GetCACaps added in v1.0.2

func (e *Endpoints) GetCACaps(ctx context.Context) ([]byte, error)

func (*Endpoints) GetCACert added in v1.0.2

func (e *Endpoints) GetCACert(ctx context.Context) ([]byte, int, error)

func (*Endpoints) GetNextCACert added in v1.0.2

func (e *Endpoints) GetNextCACert(ctx context.Context) ([]byte, error)

func (*Endpoints) PKIOperation added in v1.0.2

func (e *Endpoints) PKIOperation(ctx context.Context, msg []byte) ([]byte, error)

func (*Endpoints) Supports added in v1.0.2

func (e *Endpoints) Supports(cap string) bool

type SCEPRequest

type SCEPRequest struct {
	Operation string
	Message   []byte
}

SCEPRequest is a SCEP server request.

type SCEPResponse

type SCEPResponse struct {
	CACertNum int
	Data      []byte
	Err       error
	// contains filtered or unexported fields
}

SCEPResponse is a SCEP server response. Business errors will be encoded as a CertRep message with pkiStatus FAILURE and a failInfo attribute.

type Service

type Service interface {
	// GetCACaps returns a list of options
	// which are supported by the server.
	GetCACaps(ctx context.Context) ([]byte, error)

	// GetCACert returns CA certificate or
	// a CA certificate chain with intermediates
	// in a PKCS#7 Degenerate Certificates format
	GetCACert(ctx context.Context) ([]byte, int, error)

	// PKIOperation handles incoming SCEP messages such as PKCSReq and
	// sends back a CertRep PKIMessag.
	PKIOperation(ctx context.Context, msg []byte) ([]byte, error)

	// GetNextCACert returns a replacement certificate or certificate chain
	// when the old one expires. The response format is a PKCS#7 Degenerate
	// Certificates type.
	GetNextCACert(ctx context.Context) ([]byte, error)
}

Service is the interface for all supported SCEP server operations.

func NewLoggingService

func NewLoggingService(logger log.Logger, s Service) Service

NewLoggingService creates adds logging to the SCEP service

func NewService

func NewService(depot depot.Depot, opts ...ServiceOption) (Service, error)

NewService creates a new scep service

type ServiceOption

type ServiceOption func(*service) error

ServiceOption is a server configuration option

func AllowRenewal

func AllowRenewal(duration int) ServiceOption

allowRenewal sets the days before expiry which we are allowed to renew (optional)

func CAKeyPassword

func CAKeyPassword(pw []byte) ServiceOption

CAKeyPassword is an optional argument to NewService for specifying the CA private key password.

func ChallengePassword

func ChallengePassword(pw string) ServiceOption

ChallengePassword is an optional argument to NewService which allows setting a preshared key for SCEP.

func ClientValidity

func ClientValidity(duration int) ServiceOption

ClientValidity sets the validity of signed client certs in days (optional parameter)

func WithCSRVerifier added in v1.0.2

func WithCSRVerifier(csrVerifier csrverifier.CSRVerifier) ServiceOption

WithCSRVerifier is an option argument to NewService which allows setting a CSR verifier.

func WithDynamicChallenges added in v1.0.2

func WithDynamicChallenges(cache challenge.Store) ServiceOption

func WithLogger added in v1.0.2

func WithLogger(logger log.Logger) ServiceOption

WithLogger configures a logger for the SCEP Service. By default, a no-op logger is used.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL