api

package
v0.0.0-...-1a11905 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Aug 25, 2020 License: Apache-2.0 Imports: 31 Imported by: 4

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func JSON 

func JSON(w http.ResponseWriter, v interface{})

JSON writes the passed value into the http.ResponseWriter.

func JSONStatus 

func JSONStatus(w http.ResponseWriter, v interface{}, status int)

JSONStatus writes the given value into the http.ResponseWriter and the given status is written as the status code of the response.

func LogCertificate 

func LogCertificate(w http.ResponseWriter, cert *x509.Certificate)

LogCertificate add certificate fields to the log message.

func LogEnabledResponse 

func LogEnabledResponse(rw http.ResponseWriter, v interface{})

LogEnabledResponse log the response object if it implements the EnableLogger interface.

func LogError 

func LogError(rw http.ResponseWriter, err error)

LogError adds to the response writer the given error if it implements logging.ResponseLogger. If it does not implement it, then writes the error using the log package.

func ReadJSON 

func ReadJSON(r io.Reader, v interface{}) error

ReadJSON reads JSON from the request body and stores it in the value pointed by v.

func WriteError 

func WriteError(w http.ResponseWriter, err error)

WriteError writes to w a JSON representation of the given error.

Types

type Authority 

type Authority interface {
	SSHAuthority
	// context specifies the Authorize[Sign|Revoke|etc.] method.
	Authorize(ctx context.Context, ott string) ([]provisioner.SignOption, error)
	AuthorizeSign(ott string) ([]provisioner.SignOption, error)
	GetTLSOptions() *tlsutil.TLSOptions
	Root(shasum string) (*x509.Certificate, error)
	Sign(cr *x509.CertificateRequest, opts provisioner.SignOptions, signOpts ...provisioner.SignOption) ([]*x509.Certificate, error)
	Renew(peer *x509.Certificate) ([]*x509.Certificate, error)
	Rekey(peer *x509.Certificate, pk crypto.PublicKey) ([]*x509.Certificate, error)
	LoadProvisionerByCertificate(*x509.Certificate) (provisioner.Interface, error)
	LoadProvisionerByID(string) (provisioner.Interface, error)
	GetProvisioners(cursor string, limit int) (provisioner.List, string, error)
	Revoke(context.Context, *authority.RevokeOptions) error
	GetEncryptedKey(kid string) (string, error)
	GetRoots() (federation []*x509.Certificate, err error)
	GetFederation() ([]*x509.Certificate, error)
	Version() authority.Version
}

Authority is the interface implemented by a CA authority.

type Certificate 

type Certificate struct {
	*x509.Certificate
}

Certificate wraps a *x509.Certificate and adds the json.Marshaler interface.

func NewCertificate 

func NewCertificate(cr *x509.Certificate) Certificate

NewCertificate is a helper method that returns a Certificate from a *x509.Certificate.

func (Certificate) MarshalJSON 

func (c Certificate) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaler interface. The certificate is quoted string using the PEM encoding.

func (*Certificate) UnmarshalJSON 

func (c *Certificate) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaler interface. The certificate is expected to be a quoted string using the PEM encoding.

type CertificateRequest 

type CertificateRequest struct {
	*x509.CertificateRequest
}

CertificateRequest wraps a *x509.CertificateRequest and adds the json.Unmarshaler interface.

func NewCertificateRequest 

func NewCertificateRequest(cr *x509.CertificateRequest) CertificateRequest

NewCertificateRequest is a helper method that returns a CertificateRequest from a *x509.CertificateRequest.

func (CertificateRequest) MarshalJSON 

func (c CertificateRequest) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaler interface. The certificate request is a quoted string using the PEM encoding.

func (*CertificateRequest) UnmarshalJSON 

func (c *CertificateRequest) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaler interface. The certificate request is expected to be a quoted string using the PEM encoding.

type EnableLogger 

type EnableLogger interface {
	ToLog() (interface{}, error)
}

EnableLogger is an interface that enables response logging for an object.

type FederationResponse 

type FederationResponse struct {
	Certificates []Certificate `json:"crts"`
}

FederationResponse is the response object of the federation request.

type HealthResponse 

type HealthResponse struct {
	Status string `json:"status"`
}

HealthResponse is the response object that returns the health of the server.

type ProvisionerKeyResponse 

type ProvisionerKeyResponse struct {
	Key string `json:"key"`
}

ProvisionerKeyResponse is the response object that returns the encrypted key of a provisioner.

type ProvisionersResponse 

type ProvisionersResponse struct {
	Provisioners provisioner.List `json:"provisioners"`
	NextCursor   string           `json:"nextCursor"`
}

ProvisionersResponse is the response object that returns the list of provisioners.

type RekeyRequest 

type RekeyRequest struct {
	CsrPEM CertificateRequest `json:"csr"`
}

RekeyRequest is the request body for a certificate rekey request.

func (*RekeyRequest) Validate 

func (s *RekeyRequest) Validate() error

Validate checks the fields of the RekeyRequest and returns nil if they are ok or an error if something is wrong.

type RevokeRequest 

type RevokeRequest struct {
	Serial     string `json:"serial"`
	OTT        string `json:"ott"`
	ReasonCode int    `json:"reasonCode"`
	Reason     string `json:"reason"`
	Passive    bool   `json:"passive"`
}

RevokeRequest is the request body for a revocation request.

func (*RevokeRequest) Validate 

func (r *RevokeRequest) Validate() (err error)

Validate checks the fields of the RevokeRequest and returns nil if they are ok or an error if something is wrong.

type RevokeResponse 

type RevokeResponse struct {
	Status string `json:"status"`
}

RevokeResponse is the response object that returns the health of the server.

type RootResponse 

type RootResponse struct {
	RootPEM Certificate `json:"ca"`
}

RootResponse is the response object that returns the PEM of a root certificate.

type RootsResponse 

type RootsResponse struct {
	Certificates []Certificate `json:"crts"`
}

RootsResponse is the response object of the roots request.

type Router 

type Router interface {
	// MethodFunc adds routes for `pattern` that matches
	// the `method` HTTP method.
	MethodFunc(method, pattern string, h http.HandlerFunc)
}

Router defines a common router interface.

type RouterHandler 

type RouterHandler interface {
	Route(r Router)
}

RouterHandler is the interface that a HTTP handler that manages multiple endpoints will implement.

func New 

func New(authority Authority) RouterHandler

New creates a new RouterHandler with the CA endpoints.

type SSHAuthority 

type SSHAuthority interface {
	SignSSH(ctx context.Context, key ssh.PublicKey, opts provisioner.SignSSHOptions, signOpts ...provisioner.SignOption) (*ssh.Certificate, error)
	RenewSSH(ctx context.Context, cert *ssh.Certificate) (*ssh.Certificate, error)
	RekeySSH(ctx context.Context, cert *ssh.Certificate, key ssh.PublicKey, signOpts ...provisioner.SignOption) (*ssh.Certificate, error)
	SignSSHAddUser(ctx context.Context, key ssh.PublicKey, cert *ssh.Certificate) (*ssh.Certificate, error)
	GetSSHRoots(ctx context.Context) (*authority.SSHKeys, error)
	GetSSHFederation(ctx context.Context) (*authority.SSHKeys, error)
	GetSSHConfig(ctx context.Context, typ string, data map[string]string) ([]templates.Output, error)
	CheckSSHHost(ctx context.Context, principal string, token string) (bool, error)
	GetSSHHosts(ctx context.Context, cert *x509.Certificate) ([]sshutil.Host, error)
	GetSSHBastion(ctx context.Context, user string, hostname string) (*authority.Bastion, error)
}

SSHAuthority is the interface implemented by a SSH CA authority.

type SSHBastionRequest 

type SSHBastionRequest struct {
	User     string `json:"user"`
	Hostname string `json:"hostname"`
}

SSHBastionRequest is the request body used to get the bastion for a given host.

func (*SSHBastionRequest) Validate 

func (r *SSHBastionRequest) Validate() error

Validate checks the values of the SSHBastionRequest.

type SSHBastionResponse 

type SSHBastionResponse struct {
	Hostname string             `json:"hostname"`
	Bastion  *authority.Bastion `json:"bastion,omitempty"`
}

SSHBastionResponse is the response body used to return the bastion for a given host.

type SSHCertificate 

type SSHCertificate struct {
	*ssh.Certificate `json:"omitempty"`
}

SSHCertificate represents the response SSH certificate.

func (SSHCertificate) MarshalJSON 

func (c SSHCertificate) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaler interface. Returns a quoted, base64 encoded, openssh wire format version of the certificate.

func (*SSHCertificate) UnmarshalJSON 

func (c *SSHCertificate) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaler interface. The certificate is expected to be a quoted, base64 encoded, openssh wire formatted block of bytes.

type SSHCheckPrincipalRequest 

type SSHCheckPrincipalRequest struct {
	Type      string `json:"type"`
	Principal string `json:"principal"`
	Token     string `json:"token,omitempty"`
}

SSHCheckPrincipalRequest is the request body used to check if a principal certificate has been created. Right now it only supported for hosts certificates.

func (*SSHCheckPrincipalRequest) Validate 

func (r *SSHCheckPrincipalRequest) Validate() error

Validate checks the check principal request.

type SSHCheckPrincipalResponse 

type SSHCheckPrincipalResponse struct {
	Exists bool `json:"exists"`
}

SSHCheckPrincipalResponse is the response body used to check if a principal exists.

type SSHConfigRequest 

type SSHConfigRequest struct {
	Type string            `json:"type"`
	Data map[string]string `json:"data"`
}

SSHConfigRequest is the request body used to get the SSH configuration templates.

func (*SSHConfigRequest) Validate 

func (r *SSHConfigRequest) Validate() error

Validate checks the values of the SSHConfigurationRequest.

type SSHConfigResponse 

type SSHConfigResponse struct {
	UserTemplates []Template `json:"userTemplates,omitempty"`
	HostTemplates []Template `json:"hostTemplates,omitempty"`
}

SSHConfigResponse is the response that returns the rendered templates.

type SSHGetHostsResponse 

type SSHGetHostsResponse struct {
	Hosts []sshutil.Host `json:"hosts"`
}

SSHGetHostsResponse is the response object that returns the list of valid hosts for SSH.

type SSHPublicKey 

type SSHPublicKey struct {
	ssh.PublicKey
}

SSHPublicKey represents a public key in a response object.

func (*SSHPublicKey) MarshalJSON 

func (p *SSHPublicKey) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaler interface. Returns a quoted, base64 encoded, openssh wire format version of the public key.

func (*SSHPublicKey) UnmarshalJSON 

func (p *SSHPublicKey) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaler interface. The public key is expected to be a quoted, base64 encoded, openssh wire formatted block of bytes.

type SSHRekeyRequest 

type SSHRekeyRequest struct {
	OTT       string `json:"ott"`
	PublicKey []byte `json:"publicKey"` //base64 encoded
}

SSHRekeyRequest is the request body of an SSH certificate request.

func (*SSHRekeyRequest) Validate 

func (s *SSHRekeyRequest) Validate() error

Validate validates the SSHSignRekey.

type SSHRekeyResponse 

type SSHRekeyResponse struct {
	Certificate         SSHCertificate `json:"crt"`
	IdentityCertificate []Certificate  `json:"identityCrt,omitempty"`
}

SSHRekeyResponse is the response object that returns the SSH certificate.

type SSHRenewRequest 

type SSHRenewRequest struct {
	OTT string `json:"ott"`
}

SSHRenewRequest is the request body of an SSH certificate request.

func (*SSHRenewRequest) Validate 

func (s *SSHRenewRequest) Validate() error

Validate validates the SSHSignRequest.

type SSHRenewResponse 

type SSHRenewResponse struct {
	Certificate         SSHCertificate `json:"crt"`
	IdentityCertificate []Certificate  `json:"identityCrt,omitempty"`
}

SSHRenewResponse is the response object that returns the SSH certificate.

type SSHRevokeRequest 

type SSHRevokeRequest struct {
	Serial     string `json:"serial"`
	OTT        string `json:"ott"`
	ReasonCode int    `json:"reasonCode"`
	Reason     string `json:"reason"`
	Passive    bool   `json:"passive"`
}

SSHRevokeRequest is the request body for a revocation request.

func (*SSHRevokeRequest) Validate 

func (r *SSHRevokeRequest) Validate() (err error)

Validate checks the fields of the RevokeRequest and returns nil if they are ok or an error if something is wrong.

type SSHRevokeResponse 

type SSHRevokeResponse struct {
	Status string `json:"status"`
}

SSHRevokeResponse is the response object that returns the health of the server.

type SSHRootsResponse 

type SSHRootsResponse struct {
	UserKeys []SSHPublicKey `json:"userKey,omitempty"`
	HostKeys []SSHPublicKey `json:"hostKey,omitempty"`
}

SSHRootsResponse represents the response object that returns the SSH user and host keys.

type SSHSignRequest 

type SSHSignRequest struct {
	PublicKey        []byte             `json:"publicKey"` // base64 encoded
	OTT              string             `json:"ott"`
	CertType         string             `json:"certType,omitempty"`
	Principals       []string           `json:"principals,omitempty"`
	ValidAfter       TimeDuration       `json:"validAfter,omitempty"`
	ValidBefore      TimeDuration       `json:"validBefore,omitempty"`
	AddUserPublicKey []byte             `json:"addUserPublicKey,omitempty"`
	KeyID            string             `json:"keyID"`
	IdentityCSR      CertificateRequest `json:"identityCSR,omitempty"`
}

SSHSignRequest is the request body of an SSH certificate request.

func (*SSHSignRequest) Validate 

func (s *SSHSignRequest) Validate() error

Validate validates the SSHSignRequest.

type SSHSignResponse 

type SSHSignResponse struct {
	Certificate         SSHCertificate  `json:"crt"`
	AddUserCertificate  *SSHCertificate `json:"addUserCrt,omitempty"`
	IdentityCertificate []Certificate   `json:"identityCrt,omitempty"`
}

SSHSignResponse is the response object that returns the SSH certificate.

type SignRequest 

type SignRequest struct {
	CsrPEM       CertificateRequest `json:"csr"`
	OTT          string             `json:"ott"`
	NotAfter     TimeDuration       `json:"notAfter"`
	NotBefore    TimeDuration       `json:"notBefore"`
	TemplateData json.RawMessage    `json:"templateData"`
}

SignRequest is the request body for a certificate signature request.

func (*SignRequest) Validate 

func (s *SignRequest) Validate() error

Validate checks the fields of the SignRequest and returns nil if they are ok or an error if something is wrong.

type SignResponse 

type SignResponse struct {
	ServerPEM    Certificate          `json:"crt"`
	CaPEM        Certificate          `json:"ca"`
	CertChainPEM []Certificate        `json:"certChain"`
	TLSOptions   *tlsutil.TLSOptions  `json:"tlsOptions,omitempty"`
	TLS          *tls.ConnectionState `json:"-"`
}

SignResponse is the response object of the certificate signature request.

type Template 

type Template = templates.Output

Template represents the output of a template.

type TimeDuration 

type TimeDuration = provisioner.TimeDuration

TimeDuration is an alias of provisioner.TimeDuration

func NewTimeDuration 

func NewTimeDuration(t time.Time) TimeDuration

NewTimeDuration returns a TimeDuration with the defined time.

func ParseTimeDuration 

func ParseTimeDuration(s string) (TimeDuration, error)

ParseTimeDuration returns a new TimeDuration parsing the RFC 3339 time or time.Duration string.

type VersionResponse 

type VersionResponse struct {
	Version                     string `json:"version"`
	RequireClientAuthentication bool   `json:"requireClientAuthentication,omitempty"`
}

VersionResponse is the response object that returns the version of the server.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.