Documentation ¶
Index ¶
- func DecodeSCEPResponse(ctx context.Context, r *http.Response) (interface{}, error)
- func EncodeSCEPRequest(ctx context.Context, r *http.Request, request interface{}) error
- func EndpointLoggingMiddleware(logger log.Logger) endpoint.Middleware
- func MakeHTTPHandler(e *Endpoints, svc Service, logger kitlog.Logger) http.Handler
- func MakeSCEPEndpoint(svc Service) endpoint.Endpoint
- type Endpoints
- func (e *Endpoints) GetCACaps(ctx context.Context) ([]byte, error)
- func (e *Endpoints) GetCACert(ctx context.Context) ([]byte, int, error)
- func (e *Endpoints) GetNextCACert(ctx context.Context) ([]byte, error)
- func (e *Endpoints) PKIOperation(ctx context.Context, msg []byte) ([]byte, error)
- func (e *Endpoints) Supports(cap string) bool
- type SCEPRequest
- type SCEPResponse
- type Service
- type ServiceOption
- func AllowRenewal(duration int) ServiceOption
- func CAKeyPassword(pw []byte) ServiceOption
- func ChallengePassword(pw string) ServiceOption
- func ClientValidity(duration int) ServiceOption
- func WithCSRVerifier(csrVerifier csrverifier.CSRVerifier) ServiceOption
- func WithDynamicChallenges(cache challenge.Store) ServiceOption
- func WithLogger(logger log.Logger) ServiceOption
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func DecodeSCEPResponse ¶
DecodeSCEPResponse decodes a SCEP response
func EncodeSCEPRequest ¶
EncodeSCEPRequest encodes a SCEP HTTP Request. Used by the client.
func EndpointLoggingMiddleware ¶ added in v1.0.2
func EndpointLoggingMiddleware(logger log.Logger) endpoint.Middleware
EndpointLoggingMiddleware returns an endpoint middleware that logs the duration of each invocation, and the resulting error, if any.
func MakeHTTPHandler ¶ added in v1.0.2
func MakeSCEPEndpoint ¶ added in v1.0.2
Types ¶
type Endpoints ¶ added in v1.0.2
type Endpoints struct { GetEndpoint endpoint.Endpoint PostEndpoint endpoint.Endpoint // contains filtered or unexported fields }
func MakeClientEndpoints ¶ added in v1.0.2
MakeClientEndpoints returns an Endpoints struct where each endpoint invokes the corresponding method on the remote instance, via a transport/http.Client. Useful in a SCEP client.
func MakeServerEndpoints ¶ added in v1.0.2
func (*Endpoints) GetNextCACert ¶ added in v1.0.2
func (*Endpoints) PKIOperation ¶ added in v1.0.2
type SCEPRequest ¶
SCEPRequest is a SCEP server request.
type SCEPResponse ¶
type SCEPResponse struct { CACertNum int Data []byte Err error // contains filtered or unexported fields }
SCEPResponse is a SCEP server response. Business errors will be encoded as a CertRep message with pkiStatus FAILURE and a failInfo attribute.
type Service ¶
type Service interface { // GetCACaps returns a list of options // which are supported by the server. GetCACaps(ctx context.Context) ([]byte, error) // GetCACert returns CA certificate or // a CA certificate chain with intermediates // in a PKCS#7 Degenerate Certificates format GetCACert(ctx context.Context) ([]byte, int, error) // PKIOperation handles incoming SCEP messages such as PKCSReq and // sends back a CertRep PKIMessag. PKIOperation(ctx context.Context, msg []byte) ([]byte, error) // GetNextCACert returns a replacement certificate or certificate chain // when the old one expires. The response format is a PKCS#7 Degenerate // Certificates type. GetNextCACert(ctx context.Context) ([]byte, error) }
Service is the interface for all supported SCEP server operations.
func NewLoggingService ¶
NewLoggingService creates adds logging to the SCEP service
func NewService ¶
func NewService(depot depot.Depot, opts ...ServiceOption) (Service, error)
NewService creates a new scep service
type ServiceOption ¶
type ServiceOption func(*service) error
ServiceOption is a server configuration option
func AllowRenewal ¶
func AllowRenewal(duration int) ServiceOption
allowRenewal sets the days before expiry which we are allowed to renew (optional)
func CAKeyPassword ¶
func CAKeyPassword(pw []byte) ServiceOption
CAKeyPassword is an optional argument to NewService for specifying the CA private key password.
func ChallengePassword ¶
func ChallengePassword(pw string) ServiceOption
ChallengePassword is an optional argument to NewService which allows setting a preshared key for SCEP.
func ClientValidity ¶
func ClientValidity(duration int) ServiceOption
ClientValidity sets the validity of signed client certs in days (optional parameter)
func WithCSRVerifier ¶ added in v1.0.2
func WithCSRVerifier(csrVerifier csrverifier.CSRVerifier) ServiceOption
WithCSRVerifier is an option argument to NewService which allows setting a CSR verifier.
func WithDynamicChallenges ¶ added in v1.0.2
func WithDynamicChallenges(cache challenge.Store) ServiceOption
func WithLogger ¶ added in v1.0.2
func WithLogger(logger log.Logger) ServiceOption
WithLogger configures a logger for the SCEP Service. By default, a no-op logger is used.