Documentation ¶
Index ¶
- Constants
- Variables
- func GenerateRequest(pkey *rsa.PrivateKey, request *x509.CertificateRequest) (string, error)
- func GetAuthHTTPClient(keyBytes, certBytes, chainBytes []byte) (*http.Client, error)
- func GetAuthHTTPClientFromFiles(keyfile, certfile, chainfile string) (*http.Client, error)
- func GetCertificateByRequestSerial(client SoapClient, data GetCertificateByRequestSerialData) (string, error)
- func GetChainForCertificate(cert *x509.Certificate) ([]*x509.Certificate, error)
- func GetPublicHTTPClient() (*http.Client, error)
- func GetRequestPrintout(client SoapClient, raid int, serial string, pin string) ([]byte, error)
- func NewPrivateKey(bits int) (*rsa.PrivateKey, error)
- func NewRequest(client SoapClient, csr string, data NewRequestData) (string, error)
- func PINtoHash(pin string) string
- func ParsePrivateKey(keybytes, password []byte) (*rsa.PrivateKey, error)
- func RandomPIN() string
- func SAN(kind int, value string) string
- type CAInfo
- type DFNRole
- type DomainFilter
- type DomainInformation
- type ExtendedDomains
- type GetCertificateByRequestSerialData
- type NewRequestData
- type SendChallengeEMailData
- type SendChallengeEMailReturn
- type SoapClient
Constants ¶
const ( SANEmail = iota SANDNS IP URI MicrosoftGUID MicrosoftUPN )
const (
DFNTimestampFormat = "2006-01-02T15:04:05"
)
Variables ¶
var ( DFNCertificatePool *x509.CertPool ErrNoTrustChain = errors.New("Unable to find a trust chain") )
var ( // RolesMachines are all the possible roles machine certificates can have // as defined in https://www.ca.kit.edu/p/zertifikatsprofile RolesMachines = []string{ "802.1X Client", "Domain Controller", "Exchange Server", "LDAP Server", "Mail Server", "Radius Server", "Shibboleth IdP SP", "VoIP Server", "VPN Server", "Web Server", "Webserver MustStaple", "Web Server SOAP", } // RolesUser are all the possible roles personal certificates can have // as defined in https://www.ca.kit.edu/p/zertifikatsprofile RolesUser = []string{ "802.1X User", "Code Signing", "Mitarbeiter", "RA Operator", "Smartcard", "Smartcard Encrypt", "Smartcard Logon", "Smartcard Sign", "Smartcard Sign andLogon", "Student", "TrustedDisk", "User", "UserAuth", "UserEMail", "UserEncrypt", "UserSign", "UserSignAuth", "User SOAP", "VPN User", } )
var ( GeneratePublicURL = endpointURLFactory(endpointTemplatePublic) GenerateRegistration = endpointURLFactory(endpointTemplateRegistration) GenerateDomains = endpointURLFactory(endpointTemplateDomains) // TODO: add hidden roles DFNPublicRoles = make(map[string]DFNRole) )
var ( TemplateNewRequest = template.Must(template.New("newRequest").Parse(newRequestTemplate)) ErrorNoPEMBlockFound = errors.New("No PEM block found in keybytes") )
var ( EpochZero = time.Unix(0, 0) TemplateListExtendedDomains = template.Must(template.New("listExtendedDomains").Parse(listExtendedDomainsTemplate)) )
var (
DFNCertificateList = []string{}/* 405 elements not displayed */
)
var (
TemplateGetCAInfoData = template.Must(template.New("getCAInfoData").Parse(getCAInfoDataTemplate))
)
var (
TemplateGetCertificateByRequestSerial = template.Must(template.New("getCertificateByRequestSerial").Parse(getCertificateByRequestSerialTemplate))
)
var (
TemplateGetRequestPrintout = template.Must(template.New("getRequestPrintout").Parse(getRequestPrintoutTemplate))
)
var (
TemplateSendChallengeEMailData = template.Must(template.New("sendChallengeEMail").Parse(sendChallengeEMailTemplate))
)
Functions ¶
func GenerateRequest ¶
func GenerateRequest(pkey *rsa.PrivateKey, request *x509.CertificateRequest) (string, error)
GenerateRequest creates a PKCS10 (“.req”) request for a given RSA private key
func GetAuthHTTPClient ¶
GetAuthHTTPClient returns an http.client with certificate authentication
func GetAuthHTTPClientFromFiles ¶
GetAuthHTTPClient returns an http.client with certificate authentication (using files)
func GetCertificateByRequestSerial ¶
func GetCertificateByRequestSerial(client SoapClient, data GetCertificateByRequestSerialData) (string, error)
GetCertificateByRequestSerial implements the SOAP API getCertificateByRequestSerial interface
func GetChainForCertificate ¶
func GetChainForCertificate(cert *x509.Certificate) ([]*x509.Certificate, error)
GetChainForCertificate tries to build a chain for a given certificate
func GetPublicHTTPClient ¶
GetPublicHTTPClient returns a simple http client
func GetRequestPrintout ¶
GetRequestPrintout implements the SOAP API getRequestPrintout interface
func NewPrivateKey ¶
func NewPrivateKey(bits int) (*rsa.PrivateKey, error)
NewPrivateKey generates a new RSA private key with reasonable key size bounds
func NewRequest ¶
func NewRequest(client SoapClient, csr string, data NewRequestData) (string, error)
NewRequest implements the SOAP API newRequest interface
func ParsePrivateKey ¶
func ParsePrivateKey(keybytes, password []byte) (*rsa.PrivateKey, error)
ParsePrivateKey parses an RSA private key from a byte array
Types ¶
type CAInfo ¶
func GetCAInfoData ¶
func GetCAInfoData(client SoapClient, raid int) (CAInfo, error)
GetCAInfoData implements the getCAInfoData SOAP API interface
type DomainFilter ¶
type DomainFilter func(DomainInformation) bool
type DomainInformation ¶
type DomainInformation struct { Approved bool ApprovedDate time.Time BRVersion string ChallengeMailAddress string LastChallengeMailSent time.Time Method string Name string Secret bool Type string ValidUntil time.Time }
func (DomainInformation) Filter ¶
func (domainInformation DomainInformation) Filter(filter DomainFilter) bool
Filter returns true if the domainInformation matches the predicate filter
type ExtendedDomains ¶
type ExtendedDomains struct { Change string Domains []DomainInformation }
func ListExtendedDomains ¶
func ListExtendedDomains(client SoapClient, raid int) (extendedDomains ExtendedDomains, err error)
ListExtendedDomains implements the SOAP API listExtendedDomains interface
type NewRequestData ¶
type SendChallengeEMailData ¶
type SendChallengeEMailReturn ¶
func SendChallengeEMail ¶
func SendChallengeEMail(client SoapClient, raid int, name string, Type string, change string) (response SendChallengeEMailReturn, err error)
SendChallengeEMail implements the SOAP API sendChallengeEMail interface
type SoapClient ¶
func NewSoapClient ¶
func NewSoapClient(client *http.Client, baseurl string) SoapClient