Documentation ¶
Index ¶
- Variables
- func CacheConfiguration()
- func GetACAClient() (*grpc.ClientConn, pb.ACAPClient, error)
- func GetClientConn(address string, serverName string) (*grpc.ClientConn, error)
- func IsAttributeOID(oid asn1.ObjectIdentifier) bool
- func MemberRoleToString(role pb.Role) (string, error)
- func NewClientTLSFromFile(certFile, serverNameOverride string) (credentials.TransportCredentials, error)
- type ACA
- type ACAA
- type ACAP
- type AffiliationGroup
- type AttributeOwner
- type AttributePair
- func (attrPair *AttributePair) GetAffiliation() string
- func (attrPair *AttributePair) GetAttributeName() string
- func (attrPair *AttributePair) GetAttributeValue() []byte
- func (attrPair *AttributePair) GetID() string
- func (attrPair *AttributePair) GetOwner() *AttributeOwner
- func (attrPair *AttributePair) GetValidFrom() time.Time
- func (attrPair *AttributePair) GetValidTo() time.Time
- func (attrPair *AttributePair) IsValidFor(date time.Time) bool
- func (attrPair *AttributePair) SetAttributeName(name string)
- func (attrPair *AttributePair) SetAttributeValue(val []byte)
- func (attrPair *AttributePair) SetOwner(owner *AttributeOwner)
- func (attrPair *AttributePair) SetValidFrom(date time.Time)
- func (attrPair *AttributePair) SetValidTo(date time.Time)
- func (attrPair *AttributePair) ToACAAttribute() *pb.ACAAttribute
- type CA
- type CertificateSpec
- func NewCertificateSpec(id string, commonName string, serialNumber *big.Int, pub interface{}, ...) *CertificateSpec
- func NewDefaultCertificateSpec(id string, pub interface{}, usage x509.KeyUsage, opt ...pkix.Extension) *CertificateSpec
- func NewDefaultCertificateSpecWithCommonName(id string, commonName string, pub interface{}, usage x509.KeyUsage, ...) *CertificateSpec
- func NewDefaultPeriodCertificateSpec(id string, serialNumber *big.Int, pub interface{}, usage x509.KeyUsage, ...) *CertificateSpec
- func NewDefaultPeriodCertificateSpecWithCommonName(id string, commonName string, serialNumber *big.Int, pub interface{}, ...) *CertificateSpec
- func (spec *CertificateSpec) GetCommonName() string
- func (spec *CertificateSpec) GetCountry() string
- func (spec *CertificateSpec) GetExtensions() *[]pkix.Extension
- func (spec *CertificateSpec) GetID() string
- func (spec *CertificateSpec) GetNotAfter() *time.Time
- func (spec *CertificateSpec) GetNotBefore() *time.Time
- func (spec *CertificateSpec) GetOrganization() string
- func (spec *CertificateSpec) GetPublicKey() interface{}
- func (spec *CertificateSpec) GetSerialNumber() *big.Int
- func (spec *CertificateSpec) GetSignatureAlgorithm() x509.SignatureAlgorithm
- func (spec *CertificateSpec) GetSubjectKeyID() *[]byte
- func (spec *CertificateSpec) GetUsage() x509.KeyUsage
- type ECA
- type ECAA
- func (ecaa *ECAA) PublishCRL(context.Context, *pb.ECertCRLReq) (*pb.CAStatus, error)
- func (ecaa *ECAA) ReadUserSet(ctx context.Context, in *pb.ReadUserSetReq) (*pb.UserSet, error)
- func (ecaa *ECAA) RegisterUser(ctx context.Context, in *pb.RegisterUserReq) (*pb.Token, error)
- func (ecaa *ECAA) RevokeCertificate(context.Context, *pb.ECertRevokeReq) (*pb.CAStatus, error)
- type ECAP
- func (ecap *ECAP) CreateCertificatePair(ctx context.Context, in *pb.ECertCreateReq) (*pb.ECertCreateResp, error)
- func (ecap *ECAP) ReadCACertificate(ctx context.Context, in *pb.Empty) (*pb.Cert, error)
- func (ecap *ECAP) ReadCertificateByHash(ctx context.Context, hash *pb.Hash) (*pb.Cert, error)
- func (ecap *ECAP) ReadCertificatePair(ctx context.Context, in *pb.ECertReadReq) (*pb.CertPair, error)
- func (ecap *ECAP) RevokeCertificatePair(context.Context, *pb.ECertRevokeReq) (*pb.CAStatus, error)
- type MemberMetadata
- type Registrar
- type TCA
- type TCAA
- type TCAP
- func (tcap *TCAP) CreateCertificateSet(ctx context.Context, in *pb.TCertCreateSetReq) (*pb.TCertCreateSetResp, error)
- func (tcap *TCAP) ReadCACertificate(ctx context.Context, in *pb.Empty) (*pb.Cert, error)
- func (tcap *TCAP) RevokeCertificate(context.Context, *pb.TCertRevokeReq) (*pb.CAStatus, error)
- func (tcap *TCAP) RevokeCertificateSet(context.Context, *pb.TCertRevokeSetReq) (*pb.CAStatus, error)
- type TCertSet
- type TLSCA
- type TLSCAA
- type TLSCAP
- func (tlscap *TLSCAP) CreateCertificate(ctx context.Context, in *pb.TLSCertCreateReq) (*pb.TLSCertCreateResp, error)
- func (tlscap *TLSCAP) ReadCACertificate(ctx context.Context, in *pb.Empty) (*pb.Cert, error)
- func (tlscap *TLSCAP) ReadCertificate(ctx context.Context, in *pb.TLSCertReadReq) (*pb.Cert, error)
- func (tlscap *TLSCAP) RevokeCertificate(context.Context, *pb.TLSCertRevokeReq) (*pb.CAStatus, error)
- type TableInitializer
Constants ¶
This section is empty.
Variables ¶
var ( // TCertEncTCertIndex is the ASN1 object identifier of the TCert index. TCertEncTCertIndex = asn1.ObjectIdentifier{1, 2, 3, 4, 5, 6, 7} // TCertEncEnrollmentID is the ASN1 object identifier of the enrollment id. TCertEncEnrollmentID = asn1.ObjectIdentifier{1, 2, 3, 4, 5, 6, 8} // TCertAttributesHeaders is the ASN1 object identifier of attributes header. TCertAttributesHeaders = asn1.ObjectIdentifier{1, 2, 3, 4, 5, 6, 9} // Padding for encryption. Padding = []byte{255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255} // RootPreKeySize for attribute encryption keys derivation RootPreKeySize = 48 )
var ( //ACAAttribute is the base OID to the attributes extensions. ACAAttribute = asn1.ObjectIdentifier{1, 2, 3, 4, 5, 6, 10} )
var ( // ECertSubjectRole is the ASN1 object identifier of the subject's role. // ECertSubjectRole = asn1.ObjectIdentifier{2, 1, 3, 4, 5, 6, 7} )
Functions ¶
func CacheConfiguration ¶
func CacheConfiguration()
CacheConfiguration caches the viper configuration
func GetACAClient ¶
func GetACAClient() (*grpc.ClientConn, pb.ACAPClient, error)
GetACAClient returns a client to Attribute Certificate Authority.
func GetClientConn ¶
func GetClientConn(address string, serverName string) (*grpc.ClientConn, error)
GetClientConn returns a connection to the server located on *address*.
func IsAttributeOID ¶
func IsAttributeOID(oid asn1.ObjectIdentifier) bool
IsAttributeOID returns if the oid passed as parameter is or not linked with an attribute
func MemberRoleToString ¶
MemberRoleToString converts a member role representation from int32 to a string, according to the Role enum defined in ca.proto.
func NewClientTLSFromFile ¶
func NewClientTLSFromFile(certFile, serverNameOverride string) (credentials.TransportCredentials, error)
NewClientTLSFromFile creates Client TLS connection credentials @certFile : TLS Server Certificate in PEM format @serverNameOverride : Common Name (CN) of the TLS Server Certificate returns Secure Transport Credentials
Types ¶
type ACA ¶
type ACA struct { *CA // contains filtered or unexported fields }
ACA is the attribute certificate authority.
func (*ACA) PopulateAttributes ¶
func (aca *ACA) PopulateAttributes(attrs []*AttributePair) error
type ACAA ¶
type ACAA struct {
// contains filtered or unexported fields
}
ACAA serves the administrator GRPC interface of the ACA.
type ACAP ¶
type ACAP struct {
// contains filtered or unexported fields
}
ACAP serves the public GRPC interface of the ACA.
func (*ACAP) FetchAttributes ¶
func (acap *ACAP) FetchAttributes(ctx context.Context, in *pb.ACAFetchAttrReq) (*pb.ACAFetchAttrResp, error)
FetchAttributes fetchs the attributes from the outside world and populate them into the database.
func (*ACAP) ReadCACertificate ¶
ReadCACertificate reads the certificate of the ACA.
func (*ACAP) RequestAttributes ¶
func (acap *ACAP) RequestAttributes(ctx context.Context, in *pb.ACAAttrReq) (*pb.ACAAttrResp, error)
RequestAttributes lookups the atributes in the database and return a certificate with attributes included in the request and found in the database.
type AffiliationGroup ¶
type AffiliationGroup struct {
// contains filtered or unexported fields
}
AffiliationGroup struct
type AttributeOwner ¶
type AttributeOwner struct {
// contains filtered or unexported fields
}
AttributeOwner is the struct that contains the data related with the user who owns the attribute.
func (*AttributeOwner) GetAffiliation ¶
func (attrOwner *AttributeOwner) GetAffiliation() string
GetAffiliation returns the affiliation related with the owner.
func (*AttributeOwner) GetID ¶
func (attrOwner *AttributeOwner) GetID() string
GetID returns the id of the attributeOwner.
type AttributePair ¶
type AttributePair struct {
// contains filtered or unexported fields
}
AttributePair is an struct that store the relation between an owner (user who owns the attribute), attributeName (name of the attribute), attributeValue (value of the attribute), validFrom (time since the attribute is valid) and validTo (time until the attribute will be valid).
func NewAttributePair ¶
func NewAttributePair(attributeVals []string, attrOwner *AttributeOwner) (*AttributePair, error)
NewAttributePair creates a new attribute pair associated with <attrOwner>.
func (*AttributePair) GetAffiliation ¶
func (attrPair *AttributePair) GetAffiliation() string
GetAffiliation gets the affilition of the attribute pair.
func (*AttributePair) GetAttributeName ¶
func (attrPair *AttributePair) GetAttributeName() string
GetAttributeName gets the attribute name related with the attribute pair.
func (*AttributePair) GetAttributeValue ¶
func (attrPair *AttributePair) GetAttributeValue() []byte
GetAttributeValue returns the value of the pair.
func (*AttributePair) GetID ¶
func (attrPair *AttributePair) GetID() string
GetID returns the id of the attributePair.
func (*AttributePair) GetOwner ¶
func (attrPair *AttributePair) GetOwner() *AttributeOwner
GetOwner returns the owner of the attribute pair.
func (*AttributePair) GetValidFrom ¶
func (attrPair *AttributePair) GetValidFrom() time.Time
GetValidFrom returns time which is valid from the pair.
func (*AttributePair) GetValidTo ¶
func (attrPair *AttributePair) GetValidTo() time.Time
GetValidTo returns time which is valid to the pair.
func (*AttributePair) IsValidFor ¶
func (attrPair *AttributePair) IsValidFor(date time.Time) bool
IsValidFor returns if the pair is valid for date.
func (*AttributePair) SetAttributeName ¶
func (attrPair *AttributePair) SetAttributeName(name string)
SetAttributeName sets the name related with the attribute pair.
func (*AttributePair) SetAttributeValue ¶
func (attrPair *AttributePair) SetAttributeValue(val []byte)
SetAttributeValue sets the value of the pair.
func (*AttributePair) SetOwner ¶
func (attrPair *AttributePair) SetOwner(owner *AttributeOwner)
SetOwner sets the owner of the attributes.
func (*AttributePair) SetValidFrom ¶
func (attrPair *AttributePair) SetValidFrom(date time.Time)
SetValidFrom returns time which is valid from the pair.
func (*AttributePair) SetValidTo ¶
func (attrPair *AttributePair) SetValidTo(date time.Time)
SetValidTo returns time which is valid to the pair.
func (*AttributePair) ToACAAttribute ¶
func (attrPair *AttributePair) ToACAAttribute() *pb.ACAAttribute
ToACAAttribute converts the receiver to the protobuf format.
type CA ¶
type CA struct {
// contains filtered or unexported fields
}
CA is the base certificate authority.
type CertificateSpec ¶
type CertificateSpec struct { NotBefore *time.Time NotAfter *time.Time // contains filtered or unexported fields }
CertificateSpec defines the parameter used to create a new certificate.
func NewCertificateSpec ¶
func NewCertificateSpec(id string, commonName string, serialNumber *big.Int, pub interface{}, usage x509.KeyUsage, notBefore *time.Time, notAfter *time.Time, opt ...pkix.Extension) *CertificateSpec
NewCertificateSpec creates a new certificate spec
func NewDefaultCertificateSpec ¶
func NewDefaultCertificateSpec(id string, pub interface{}, usage x509.KeyUsage, opt ...pkix.Extension) *CertificateSpec
NewDefaultCertificateSpec creates a new certificate spec with serialNumber = 1, notBefore a minute ago and not after 90 days from notBefore.
func NewDefaultCertificateSpecWithCommonName ¶
func NewDefaultCertificateSpecWithCommonName(id string, commonName string, pub interface{}, usage x509.KeyUsage, opt ...pkix.Extension) *CertificateSpec
NewDefaultCertificateSpecWithCommonName creates a new certificate spec with serialNumber = 1, notBefore a minute ago and not after 90 days from notBefore and a specific commonName.
func NewDefaultPeriodCertificateSpec ¶
func NewDefaultPeriodCertificateSpec(id string, serialNumber *big.Int, pub interface{}, usage x509.KeyUsage, opt ...pkix.Extension) *CertificateSpec
NewDefaultPeriodCertificateSpec creates a new certificate spec with notBefore a minute ago and not after 90 days from notBefore.
func NewDefaultPeriodCertificateSpecWithCommonName ¶
func NewDefaultPeriodCertificateSpecWithCommonName(id string, commonName string, serialNumber *big.Int, pub interface{}, usage x509.KeyUsage, opt ...pkix.Extension) *CertificateSpec
NewDefaultPeriodCertificateSpecWithCommonName creates a new certificate spec with notBefore a minute ago and not after 90 days from notBefore and a specifc commonName.
func (*CertificateSpec) GetCommonName ¶
func (spec *CertificateSpec) GetCommonName() string
GetCommonName returns the spec's Common Name field/value
func (*CertificateSpec) GetCountry ¶
func (spec *CertificateSpec) GetCountry() string
GetCountry returns the spec's Country field/value
func (*CertificateSpec) GetExtensions ¶
func (spec *CertificateSpec) GetExtensions() *[]pkix.Extension
GetExtensions returns the sepc's extensions
func (*CertificateSpec) GetID ¶
func (spec *CertificateSpec) GetID() string
GetID returns the spec's ID field/value
func (*CertificateSpec) GetNotAfter ¶
func (spec *CertificateSpec) GetNotAfter() *time.Time
GetNotAfter returns the spec NotAfter (time.Time) field/value
func (*CertificateSpec) GetNotBefore ¶
func (spec *CertificateSpec) GetNotBefore() *time.Time
GetNotBefore returns the spec NotBefore (time.Time) field/value
func (*CertificateSpec) GetOrganization ¶
func (spec *CertificateSpec) GetOrganization() string
GetOrganization returns the spec's Organization field/value
func (*CertificateSpec) GetPublicKey ¶
func (spec *CertificateSpec) GetPublicKey() interface{}
GetPublicKey returns the spec's Public Key field/value
func (*CertificateSpec) GetSerialNumber ¶
func (spec *CertificateSpec) GetSerialNumber() *big.Int
GetSerialNumber returns the spec's Serial Number field/value
func (*CertificateSpec) GetSignatureAlgorithm ¶
func (spec *CertificateSpec) GetSignatureAlgorithm() x509.SignatureAlgorithm
GetSignatureAlgorithm returns the X509.SignatureAlgorithm field/value
func (*CertificateSpec) GetSubjectKeyID ¶
func (spec *CertificateSpec) GetSubjectKeyID() *[]byte
GetSubjectKeyID returns the spec's subject KeyID
func (*CertificateSpec) GetUsage ¶
func (spec *CertificateSpec) GetUsage() x509.KeyUsage
GetUsage returns the spec's usage (which is the x509.KeyUsage) field/value
type ECA ¶
type ECA struct { *CA // contains filtered or unexported fields }
ECA is the enrollment certificate authority.
type ECAA ¶
type ECAA struct {
// contains filtered or unexported fields
}
ECAA serves the administrator GRPC interface of the ECA.
func (*ECAA) PublishCRL ¶
PublishCRL requests the creation of a certificate revocation list from the ECA. Not yet implemented.
func (*ECAA) ReadUserSet ¶
ReadUserSet returns a list of users matching the parameters set in the read request.
func (*ECAA) RegisterUser ¶
RegisterUser registers a new user with the ECA. If the user had been registered before an error is returned.
type ECAP ¶
type ECAP struct {
// contains filtered or unexported fields
}
ECAP serves the public GRPC interface of the ECA.
func (*ECAP) CreateCertificatePair ¶
func (ecap *ECAP) CreateCertificatePair(ctx context.Context, in *pb.ECertCreateReq) (*pb.ECertCreateResp, error)
CreateCertificatePair requests the creation of a new enrollment certificate pair by the ECA.
func (*ECAP) ReadCACertificate ¶
ReadCACertificate reads the certificate of the ECA.
func (*ECAP) ReadCertificateByHash ¶
ReadCertificateByHash reads a single enrollment certificate by hash from the ECA.
type MemberMetadata ¶
type MemberMetadata struct {
Registrar Registrar `json:"registrar"`
}
MemberMetadata Additional member metadata
type Registrar ¶
type Registrar struct { Roles []string `json:"roles"` DelegateRoles []string `json:"delegateRoles"` }
Registrar metadata
type TCA ¶
type TCA struct { *CA // contains filtered or unexported fields }
TCA is the transaction certificate authority.
type TCAA ¶
type TCAA struct {
// contains filtered or unexported fields
}
TCAA serves the administrator GRPC interface of the TCA.
func (*TCAA) PublishCRL ¶
PublishCRL requests the creation of a certificate revocation list from the TCA. Not yet implemented.
func (*TCAA) RevokeCertificate ¶
RevokeCertificate revokes a certificate from the TCA. Not yet implemented.
type TCAP ¶
type TCAP struct {
// contains filtered or unexported fields
}
TCAP serves the public GRPC interface of the TCA.
func (*TCAP) CreateCertificateSet ¶
func (tcap *TCAP) CreateCertificateSet(ctx context.Context, in *pb.TCertCreateSetReq) (*pb.TCertCreateSetResp, error)
CreateCertificateSet requests the creation of a new transaction certificate set by the TCA.
func (*TCAP) ReadCACertificate ¶
ReadCACertificate reads the certificate of the TCA.
func (*TCAP) RevokeCertificate ¶
RevokeCertificate revokes a certificate from the TCA. Not yet implemented.
type TCertSet ¶
TCertSet contains relevant information of a set of tcerts
type TLSCA ¶
type TLSCA struct { *CA // contains filtered or unexported fields }
TLSCA is the tls certificate authority.
type TLSCAA ¶
type TLSCAA struct {
// contains filtered or unexported fields
}
TLSCAA serves the administrator GRPC interface of the TLS.
type TLSCAP ¶
type TLSCAP struct {
// contains filtered or unexported fields
}
TLSCAP serves the public GRPC interface of the TLSCA.
func (*TLSCAP) CreateCertificate ¶
func (tlscap *TLSCAP) CreateCertificate(ctx context.Context, in *pb.TLSCertCreateReq) (*pb.TLSCertCreateResp, error)
CreateCertificate requests the creation of a new enrollment certificate by the TLSCA.
func (*TLSCAP) ReadCACertificate ¶
ReadCACertificate reads the certificate of the TLSCA.
func (*TLSCAP) ReadCertificate ¶
ReadCertificate reads an enrollment certificate from the TLSCA.