api

package
Version: v0.0.0-...-03b241a Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Aug 25, 2020 License: Apache-2.0 Imports: 31 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func JSON

func JSON(w http.ResponseWriter, v interface{})

JSON writes the passed value into the http.ResponseWriter.

func JSONStatus

func JSONStatus(w http.ResponseWriter, v interface{}, status int)

JSONStatus writes the given value into the http.ResponseWriter and the given status is written as the status code of the response.

func LogCertificate

func LogCertificate(w http.ResponseWriter, cert *x509.Certificate)

LogCertificate add certificate fields to the log message.

func LogEnabledResponse

func LogEnabledResponse(rw http.ResponseWriter, v interface{})

LogEnabledResponse log the response object if it implements the EnableLogger interface.

func LogError

func LogError(rw http.ResponseWriter, err error)

LogError adds to the response writer the given error if it implements logging.ResponseLogger. If it does not implement it, then writes the error using the log package.

func ReadJSON

func ReadJSON(r io.Reader, v interface{}) error

ReadJSON reads JSON from the request body and stores it in the value pointed by v.

func WriteError

func WriteError(w http.ResponseWriter, err error)

WriteError writes to w a JSON representation of the given error.

Types

type Authority

type Authority interface {
	SSHAuthority
	// context specifies the Authorize[Sign|Revoke|etc.] method.
	Authorize(ctx context.Context, ott string) ([]provisioner.SignOption, error)
	AuthorizeSign(ott string) ([]provisioner.SignOption, error)
	GetTLSOptions() *tlsutil.TLSOptions
	Root(shasum string) (*x509.Certificate, error)
	Sign(cr *x509.CertificateRequest, opts provisioner.SignOptions, signOpts ...provisioner.SignOption) ([]*x509.Certificate, error)
	Renew(peer *x509.Certificate) ([]*x509.Certificate, error)
	Rekey(peer *x509.Certificate, pk crypto.PublicKey) ([]*x509.Certificate, error)
	LoadProvisionerByCertificate(*x509.Certificate) (provisioner.Interface, error)
	LoadProvisionerByID(string) (provisioner.Interface, error)
	GetProvisioners(cursor string, limit int) (provisioner.List, string, error)
	Revoke(context.Context, *authority.RevokeOptions) error
	GetEncryptedKey(kid string) (string, error)
	GetRoots() (federation []*x509.Certificate, err error)
	GetFederation() ([]*x509.Certificate, error)
	Version() authority.Version
}

Authority is the interface implemented by a CA authority.

type Certificate

type Certificate struct {
	*x509.Certificate
}

Certificate wraps a *x509.Certificate and adds the json.Marshaler interface.

func NewCertificate

func NewCertificate(cr *x509.Certificate) Certificate

NewCertificate is a helper method that returns a Certificate from a *x509.Certificate.

func (Certificate) MarshalJSON

func (c Certificate) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaler interface. The certificate is quoted string using the PEM encoding.

func (*Certificate) UnmarshalJSON

func (c *Certificate) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaler interface. The certificate is expected to be a quoted string using the PEM encoding.

type CertificateRequest

type CertificateRequest struct {
	*x509.CertificateRequest
}

CertificateRequest wraps a *x509.CertificateRequest and adds the json.Unmarshaler interface.

func NewCertificateRequest

func NewCertificateRequest(cr *x509.CertificateRequest) CertificateRequest

NewCertificateRequest is a helper method that returns a CertificateRequest from a *x509.CertificateRequest.

func (CertificateRequest) MarshalJSON

func (c CertificateRequest) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaler interface. The certificate request is a quoted string using the PEM encoding.

func (*CertificateRequest) UnmarshalJSON

func (c *CertificateRequest) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaler interface. The certificate request is expected to be a quoted string using the PEM encoding.

type EnableLogger

type EnableLogger interface {
	ToLog() (interface{}, error)
}

EnableLogger is an interface that enables response logging for an object.

type FederationResponse

type FederationResponse struct {
	Certificates []Certificate `json:"crts"`
}

FederationResponse is the response object of the federation request.

type HealthResponse

type HealthResponse struct {
	Status string `json:"status"`
}

HealthResponse is the response object that returns the health of the server.

type ProvisionerKeyResponse

type ProvisionerKeyResponse struct {
	Key string `json:"key"`
}

ProvisionerKeyResponse is the response object that returns the encrypted key of a provisioner.

type ProvisionersResponse

type ProvisionersResponse struct {
	Provisioners provisioner.List `json:"provisioners"`
	NextCursor   string           `json:"nextCursor"`
}

ProvisionersResponse is the response object that returns the list of provisioners.

type RekeyRequest

type RekeyRequest struct {
	CsrPEM CertificateRequest `json:"csr"`
}

RekeyRequest is the request body for a certificate rekey request.

func (*RekeyRequest) Validate

func (s *RekeyRequest) Validate() error

Validate checks the fields of the RekeyRequest and returns nil if they are ok or an error if something is wrong.

type RevokeRequest

type RevokeRequest struct {
	Serial     string `json:"serial"`
	OTT        string `json:"ott"`
	ReasonCode int    `json:"reasonCode"`
	Reason     string `json:"reason"`
	Passive    bool   `json:"passive"`
}

RevokeRequest is the request body for a revocation request.

func (*RevokeRequest) Validate

func (r *RevokeRequest) Validate() (err error)

Validate checks the fields of the RevokeRequest and returns nil if they are ok or an error if something is wrong.

type RevokeResponse

type RevokeResponse struct {
	Status string `json:"status"`
}

RevokeResponse is the response object that returns the health of the server.

type RootResponse

type RootResponse struct {
	RootPEM Certificate `json:"ca"`
}

RootResponse is the response object that returns the PEM of a root certificate.

type RootsResponse

type RootsResponse struct {
	Certificates []Certificate `json:"crts"`
}

RootsResponse is the response object of the roots request.

type Router

type Router interface {
	// MethodFunc adds routes for `pattern` that matches
	// the `method` HTTP method.
	MethodFunc(method, pattern string, h http.HandlerFunc)
}

Router defines a common router interface.

type RouterHandler

type RouterHandler interface {
	Route(r Router)
}

RouterHandler is the interface that a HTTP handler that manages multiple endpoints will implement.

func New

func New(authority Authority) RouterHandler

New creates a new RouterHandler with the CA endpoints.

type SSHAuthority

type SSHAuthority interface {
	SignSSH(ctx context.Context, key ssh.PublicKey, opts provisioner.SignSSHOptions, signOpts ...provisioner.SignOption) (*ssh.Certificate, error)
	RenewSSH(ctx context.Context, cert *ssh.Certificate) (*ssh.Certificate, error)
	RekeySSH(ctx context.Context, cert *ssh.Certificate, key ssh.PublicKey, signOpts ...provisioner.SignOption) (*ssh.Certificate, error)
	SignSSHAddUser(ctx context.Context, key ssh.PublicKey, cert *ssh.Certificate) (*ssh.Certificate, error)
	GetSSHRoots(ctx context.Context) (*authority.SSHKeys, error)
	GetSSHFederation(ctx context.Context) (*authority.SSHKeys, error)
	GetSSHConfig(ctx context.Context, typ string, data map[string]string) ([]templates.Output, error)
	CheckSSHHost(ctx context.Context, principal string, token string) (bool, error)
	GetSSHHosts(ctx context.Context, cert *x509.Certificate) ([]sshutil.Host, error)
	GetSSHBastion(ctx context.Context, user string, hostname string) (*authority.Bastion, error)
}

SSHAuthority is the interface implemented by a SSH CA authority.

type SSHBastionRequest

type SSHBastionRequest struct {
	User     string `json:"user"`
	Hostname string `json:"hostname"`
}

SSHBastionRequest is the request body used to get the bastion for a given host.

func (*SSHBastionRequest) Validate

func (r *SSHBastionRequest) Validate() error

Validate checks the values of the SSHBastionRequest.

type SSHBastionResponse

type SSHBastionResponse struct {
	Hostname string             `json:"hostname"`
	Bastion  *authority.Bastion `json:"bastion,omitempty"`
}

SSHBastionResponse is the response body used to return the bastion for a given host.

type SSHCertificate

type SSHCertificate struct {
	*ssh.Certificate `json:"omitempty"`
}

SSHCertificate represents the response SSH certificate.

func (SSHCertificate) MarshalJSON

func (c SSHCertificate) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaler interface. Returns a quoted, base64 encoded, openssh wire format version of the certificate.

func (*SSHCertificate) UnmarshalJSON

func (c *SSHCertificate) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaler interface. The certificate is expected to be a quoted, base64 encoded, openssh wire formatted block of bytes.

type SSHCheckPrincipalRequest

type SSHCheckPrincipalRequest struct {
	Type      string `json:"type"`
	Principal string `json:"principal"`
	Token     string `json:"token,omitempty"`
}

SSHCheckPrincipalRequest is the request body used to check if a principal certificate has been created. Right now it only supported for hosts certificates.

func (*SSHCheckPrincipalRequest) Validate

func (r *SSHCheckPrincipalRequest) Validate() error

Validate checks the check principal request.

type SSHCheckPrincipalResponse

type SSHCheckPrincipalResponse struct {
	Exists bool `json:"exists"`
}

SSHCheckPrincipalResponse is the response body used to check if a principal exists.

type SSHConfigRequest

type SSHConfigRequest struct {
	Type string            `json:"type"`
	Data map[string]string `json:"data"`
}

SSHConfigRequest is the request body used to get the SSH configuration templates.

func (*SSHConfigRequest) Validate

func (r *SSHConfigRequest) Validate() error

Validate checks the values of the SSHConfigurationRequest.

type SSHConfigResponse

type SSHConfigResponse struct {
	UserTemplates []Template `json:"userTemplates,omitempty"`
	HostTemplates []Template `json:"hostTemplates,omitempty"`
}

SSHConfigResponse is the response that returns the rendered templates.

type SSHGetHostsResponse

type SSHGetHostsResponse struct {
	Hosts []sshutil.Host `json:"hosts"`
}

SSHGetHostsResponse is the response object that returns the list of valid hosts for SSH.

type SSHPublicKey

type SSHPublicKey struct {
	ssh.PublicKey
}

SSHPublicKey represents a public key in a response object.

func (*SSHPublicKey) MarshalJSON

func (p *SSHPublicKey) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaler interface. Returns a quoted, base64 encoded, openssh wire format version of the public key.

func (*SSHPublicKey) UnmarshalJSON

func (p *SSHPublicKey) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaler interface. The public key is expected to be a quoted, base64 encoded, openssh wire formatted block of bytes.

type SSHRekeyRequest

type SSHRekeyRequest struct {
	OTT       string `json:"ott"`
	PublicKey []byte `json:"publicKey"` //base64 encoded
}

SSHRekeyRequest is the request body of an SSH certificate request.

func (*SSHRekeyRequest) Validate

func (s *SSHRekeyRequest) Validate() error

Validate validates the SSHSignRekey.

type SSHRekeyResponse

type SSHRekeyResponse struct {
	Certificate         SSHCertificate `json:"crt"`
	IdentityCertificate []Certificate  `json:"identityCrt,omitempty"`
}

SSHRekeyResponse is the response object that returns the SSH certificate.

type SSHRenewRequest

type SSHRenewRequest struct {
	OTT string `json:"ott"`
}

SSHRenewRequest is the request body of an SSH certificate request.

func (*SSHRenewRequest) Validate

func (s *SSHRenewRequest) Validate() error

Validate validates the SSHSignRequest.

type SSHRenewResponse

type SSHRenewResponse struct {
	Certificate         SSHCertificate `json:"crt"`
	IdentityCertificate []Certificate  `json:"identityCrt,omitempty"`
}

SSHRenewResponse is the response object that returns the SSH certificate.

type SSHRevokeRequest

type SSHRevokeRequest struct {
	Serial     string `json:"serial"`
	OTT        string `json:"ott"`
	ReasonCode int    `json:"reasonCode"`
	Reason     string `json:"reason"`
	Passive    bool   `json:"passive"`
}

SSHRevokeRequest is the request body for a revocation request.

func (*SSHRevokeRequest) Validate

func (r *SSHRevokeRequest) Validate() (err error)

Validate checks the fields of the RevokeRequest and returns nil if they are ok or an error if something is wrong.

type SSHRevokeResponse

type SSHRevokeResponse struct {
	Status string `json:"status"`
}

SSHRevokeResponse is the response object that returns the health of the server.

type SSHRootsResponse

type SSHRootsResponse struct {
	UserKeys []SSHPublicKey `json:"userKey,omitempty"`
	HostKeys []SSHPublicKey `json:"hostKey,omitempty"`
}

SSHRootsResponse represents the response object that returns the SSH user and host keys.

type SSHSignRequest

type SSHSignRequest struct {
	PublicKey        []byte             `json:"publicKey"` // base64 encoded
	OTT              string             `json:"ott"`
	CertType         string             `json:"certType,omitempty"`
	Principals       []string           `json:"principals,omitempty"`
	ValidAfter       TimeDuration       `json:"validAfter,omitempty"`
	ValidBefore      TimeDuration       `json:"validBefore,omitempty"`
	AddUserPublicKey []byte             `json:"addUserPublicKey,omitempty"`
	KeyID            string             `json:"keyID"`
	IdentityCSR      CertificateRequest `json:"identityCSR,omitempty"`
}

SSHSignRequest is the request body of an SSH certificate request.

func (*SSHSignRequest) Validate

func (s *SSHSignRequest) Validate() error

Validate validates the SSHSignRequest.

type SSHSignResponse

type SSHSignResponse struct {
	Certificate         SSHCertificate  `json:"crt"`
	AddUserCertificate  *SSHCertificate `json:"addUserCrt,omitempty"`
	IdentityCertificate []Certificate   `json:"identityCrt,omitempty"`
}

SSHSignResponse is the response object that returns the SSH certificate.

type SignRequest

type SignRequest struct {
	CsrPEM       CertificateRequest `json:"csr"`
	OTT          string             `json:"ott"`
	NotAfter     TimeDuration       `json:"notAfter"`
	NotBefore    TimeDuration       `json:"notBefore"`
	TemplateData json.RawMessage    `json:"templateData"`
}

SignRequest is the request body for a certificate signature request.

func (*SignRequest) Validate

func (s *SignRequest) Validate() error

Validate checks the fields of the SignRequest and returns nil if they are ok or an error if something is wrong.

type SignResponse

type SignResponse struct {
	ServerPEM    Certificate          `json:"crt"`
	CaPEM        Certificate          `json:"ca"`
	CertChainPEM []Certificate        `json:"certChain"`
	TLSOptions   *tlsutil.TLSOptions  `json:"tlsOptions,omitempty"`
	TLS          *tls.ConnectionState `json:"-"`
}

SignResponse is the response object of the certificate signature request.

type Template

type Template = templates.Output

Template represents the output of a template.

type TimeDuration

type TimeDuration = provisioner.TimeDuration

TimeDuration is an alias of provisioner.TimeDuration

func NewTimeDuration

func NewTimeDuration(t time.Time) TimeDuration

NewTimeDuration returns a TimeDuration with the defined time.

func ParseTimeDuration

func ParseTimeDuration(s string) (TimeDuration, error)

ParseTimeDuration returns a new TimeDuration parsing the RFC 3339 time or time.Duration string.

type VersionResponse

type VersionResponse struct {
	Version                     string `json:"version"`
	RequireClientAuthentication bool   `json:"requireClientAuthentication,omitempty"`
}

VersionResponse is the response object that returns the version of the server.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL