dfnpki

package module
v0.1.2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Oct 11, 2020 License: Apache-2.0 Imports: 19 Imported by: 1

README

This golang library partially implements a frontend for the DFN PKI SOAP API.

It is used in a few projects:

Please do not run go test; there is no mocking layer for the DFN API so all tests are run against the live API.

Dokumentation is sparse, please refer to the tests and the aforementions projects for usage information.

Documentation

Index

Constants

View Source 
const (
	SANEmail = iota
	SANDNS
	IP
	URI
	MicrosoftGUID
	MicrosoftUPN
)
View Source 
const (
	DFNTimestampFormat = "2006-01-02T15:04:05"
)

Variables

View Source 
var (
	DFNCertificatePool *x509.CertPool
	ErrNoTrustChain    = errors.New("Unable to find a trust chain")
)
View Source 
var (

	// RolesMachines are all the possible roles machine certificates can have
	// as defined in  https://www.ca.kit.edu/p/zertifikatsprofile
	RolesMachines = []string{
		"802.1X Client",
		"Domain Controller",
		"Exchange Server",
		"LDAP Server",
		"Mail Server",
		"Radius Server",
		"Shibboleth IdP SP",
		"VoIP Server",
		"VPN Server",
		"Web Server",
		"Webserver MustStaple",
		"Web Server SOAP",
	}
	// RolesUser are all the possible roles personal certificates can have
	// as defined in  https://www.ca.kit.edu/p/zertifikatsprofile
	RolesUser = []string{
		"802.1X User",
		"Code Signing",
		"Mitarbeiter",
		"RA Operator",
		"Smartcard",
		"Smartcard Encrypt",
		"Smartcard Logon",
		"Smartcard Sign",
		"Smartcard Sign andLogon",
		"Student",
		"TrustedDisk",
		"User",
		"UserAuth",
		"UserEMail",
		"UserEncrypt",
		"UserSign",
		"UserSignAuth",
		"User SOAP",
		"VPN User",
	}
)
View Source 
var (
	GeneratePublicURL    = endpointURLFactory(endpointTemplatePublic)
	GenerateRegistration = endpointURLFactory(endpointTemplateRegistration)
	GenerateDomains      = endpointURLFactory(endpointTemplateDomains)
	// TODO: add hidden roles
	DFNPublicRoles = make(map[string]DFNRole)
)
View Source 
var (
	TemplateNewRequest   = template.Must(template.New("newRequest").Parse(newRequestTemplate))
	ErrorNoPEMBlockFound = errors.New("No PEM block found in keybytes")
)
View Source 
var (
	EpochZero                   = time.Unix(0, 0)
	TemplateListExtendedDomains = template.Must(template.New("listExtendedDomains").Parse(listExtendedDomainsTemplate))
)
View Source 
var (
	DFNCertificateList = []string{}/* 405 elements not displayed */

)
View Source 
var (
	TemplateGetCAInfoData = template.Must(template.New("getCAInfoData").Parse(getCAInfoDataTemplate))
)
View Source 
var (
	TemplateGetCertificateByRequestSerial = template.Must(template.New("getCertificateByRequestSerial").Parse(getCertificateByRequestSerialTemplate))
)
View Source 
var (
	TemplateGetRequestPrintout = template.Must(template.New("getRequestPrintout").Parse(getRequestPrintoutTemplate))
)
View Source 
var (
	TemplateSendChallengeEMailData = template.Must(template.New("sendChallengeEMail").Parse(sendChallengeEMailTemplate))
)

Functions

func GenerateRequest 

func GenerateRequest(pkey *rsa.PrivateKey, request *x509.CertificateRequest) (string, error)

GenerateRequest creates a PKCS10 (“.req”) request for a given RSA private key

func GetAuthHTTPClient 

func GetAuthHTTPClient(keyBytes, certBytes, chainBytes []byte) (*http.Client, error)

GetAuthHTTPClient returns an http.client with certificate authentication

func GetAuthHTTPClientFromFiles 

func GetAuthHTTPClientFromFiles(keyfile, certfile, chainfile string) (*http.Client, error)

GetAuthHTTPClient returns an http.client with certificate authentication (using files)

func GetCertificateByRequestSerial 

func GetCertificateByRequestSerial(client SoapClient, data GetCertificateByRequestSerialData) (string, error)

GetCertificateByRequestSerial implements the SOAP API getCertificateByRequestSerial interface

func GetChainForCertificate 

func GetChainForCertificate(cert *x509.Certificate) ([]*x509.Certificate, error)

GetChainForCertificate tries to build a chain for a given certificate

func GetPublicHTTPClient 

func GetPublicHTTPClient() (*http.Client, error)

GetPublicHTTPClient returns a simple http client

func GetRequestPrintout 

func GetRequestPrintout(client SoapClient, raid int, serial string, pin string) ([]byte, error)

GetRequestPrintout implements the SOAP API getRequestPrintout interface

func NewPrivateKey 

func NewPrivateKey(bits int) (*rsa.PrivateKey, error)

NewPrivateKey generates a new RSA private key with reasonable key size bounds

func NewRequest 

func NewRequest(client SoapClient, csr string, data NewRequestData) (string, error)

NewRequest implements the SOAP API newRequest interface

func PINtoHash 

func PINtoHash(pin string) string

PINtoHash returns the correct hash for cleartext PINs

func ParsePrivateKey 

func ParsePrivateKey(keybytes, password []byte) (*rsa.PrivateKey, error)

ParsePrivateKey parses an RSA private key from a byte array

func RandomPIN 

func RandomPIN() string

RandomPIN generates a random PIN (_not_ cryptographically sound)

func SAN 

func SAN(kind int, value string) string

SAN returns valid AltNames strings

Types

type CAInfo 

type CAInfo struct {
	Roles      []string
	DNPrefixes []string
	CAChain    []string
}

func GetCAInfoData 

func GetCAInfoData(client SoapClient, raid int) (CAInfo, error)

GetCAInfoData implements the getCAInfoData SOAP API interface

type DFNRole 

type DFNRole string

type DomainFilter 

type DomainFilter func(DomainInformation) bool

type DomainInformation 

type DomainInformation struct {
	Approved              bool
	ApprovedDate          time.Time
	BRVersion             string
	ChallengeMailAddress  string
	LastChallengeMailSent time.Time
	Method                string
	Name                  string
	Secret                bool
	Type                  string
	ValidUntil            time.Time
}

func (DomainInformation) Filter 

func (domainInformation DomainInformation) Filter(filter DomainFilter) bool

Filter returns true if the domainInformation matches the predicate filter

type ExtendedDomains 

type ExtendedDomains struct {
	Change  string
	Domains []DomainInformation
}

func ListExtendedDomains 

func ListExtendedDomains(client SoapClient, raid int) (extendedDomains ExtendedDomains, err error)

ListExtendedDomains implements the SOAP API listExtendedDomains interface

type GetCertificateByRequestSerialData 

type GetCertificateByRequestSerialData struct {
	RaId   int
	Serial int
	PIN    string
}

type NewRequestData 

type NewRequestData struct {
	RaId                          int
	Pkcs10                        string
	AltNames                      []string
	Role                          DFNRole
	PIN                           string
	AddName, AddEMail, AddOrgUnit string
	Publish                       bool
}

type SendChallengeEMailData 

type SendChallengeEMailData struct {
	RaId   int
	Name   string
	Type   string
	Change string
}

type SendChallengeEMailReturn 

type SendChallengeEMailReturn struct {
	Change                string
	LastChallengeMailSent time.Time
}

func SendChallengeEMail 

func SendChallengeEMail(client SoapClient, raid int, name string, Type string, change string) (response SendChallengeEMailReturn, err error)

SendChallengeEMail implements the SOAP API sendChallengeEMail interface

type SoapClient 

type SoapClient struct {
	Client  *http.Client
	SoapURL string
}

func NewSoapClient 

func NewSoapClient(client *http.Client, baseurl string) SoapClient

func (*SoapClient) Request 

func (sc *SoapClient) Request(tmpl *template.Template, data interface{}) ([]byte, mxj.Map, error)

generic SOAP call

Source Files

View all Source files

Directories

Path Synopsis
cmd
XMLParsing

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.