The highest tagged major version is
Documentation
¶
Index ¶
- func AllSupportedKeySizes() []int
- func GenerateECDSAPrivateKey(curve EllipticCurve) (*ecdsa.PrivateKey, error)
- func GenerateRSAPrivateKey(size int) (*rsa.PrivateKey, error)
- func GenerateRequest(request *Request, privateKey crypto.Signer) error
- func GetCertificatePEMBlock(cert []byte) *pem.Block
- func GetCertificateRequestPEMBlock(request []byte) *pem.Block
- func GetEncryptedPrivateKeyPEMBock(key crypto.Signer, password []byte, format ...string) (*pem.Block, error)
- func GetPrivateKeyPEMBock(key crypto.Signer, format ...string) (*pem.Block, error)
- func PublicKey(priv crypto.Signer) crypto.PublicKey
- type AccessControl
- type CSrOriginOption
- type CertSeachInfo
- type CertSearchResponse
- type CertificateInfo
- type CertificateMetaData
- type ChainOption
- type CustomField
- type CustomFieldDetails
- type CustomFieldType
- type EllipticCurve
- type ImportRequest
- type ImportResponse
- type KeyType
- type Location
- type PEMCollection
- type ProcessingDetails
- type RenewalRequest
- type Request
- type RevocationRequest
- type Sans
- type SearchRequest
- type SshAvaliableTemplate
- type SshCaTemplateRequest
- type SshCertRequest
- type SshCertificateDetails
- type SshCertificateObject
- type SshConfig
- type SshTppCaTemplateRequest
- type SshTppCaTemplateResponse
- type TPPSshCertRequest
- type TppSshCertOperationResponse
- type TppSshCertResponseInfo
- type TppSshCertRetrieveRequest
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func AllSupportedKeySizes ¶
func AllSupportedKeySizes() []int
func GenerateECDSAPrivateKey ¶
func GenerateECDSAPrivateKey(curve EllipticCurve) (*ecdsa.PrivateKey, error)
GenerateECDSAPrivateKey generates a new ecdsa private key using the curve specified
func GenerateRSAPrivateKey ¶
func GenerateRSAPrivateKey(size int) (*rsa.PrivateKey, error)
GenerateRSAPrivateKey generates a new rsa private key using the size specified
func GenerateRequest ¶
GenerateRequest generates a certificate request Please use method Request.GenerateCSR() TODO: Remove usage from all libraries, deprecated
func GetCertificatePEMBlock ¶
GetCertificatePEMBlock gets the certificate as a PEM data block
func GetCertificateRequestPEMBlock ¶
GetCertificateRequestPEMBlock gets the certificate request as a PEM data block
func GetEncryptedPrivateKeyPEMBock ¶
func GetEncryptedPrivateKeyPEMBock(key crypto.Signer, password []byte, format ...string) (*pem.Block, error)
GetEncryptedPrivateKeyPEMBock gets the private key as an encrypted PEM data block
func GetPrivateKeyPEMBock ¶
GetPrivateKeyPEMBock gets the private key as a PEM data block
Types ¶
type AccessControl ¶ added in v4.15.2
type AccessControl struct {
DefaultPrincipals []string
}
type CSrOriginOption ¶
type CSrOriginOption int
const ( // LocalGeneratedCSR - this vcert library generates CSR internally based on Request data LocalGeneratedCSR CSrOriginOption = iota // local generation is default. // ServiceGeneratedCSR - server generate CSR internally based on zone configuration and data from Request ServiceGeneratedCSR // UserProvidedCSR - client provides CSR from external resource and vcert library just check and send this CSR to server UserProvidedCSR )
type CertSeachInfo ¶ added in v4.17.0
type CertSearchResponse ¶ added in v4.17.0
type CertSearchResponse struct {
Certificates []CertSeachInfo `json:"Certificates"`
Count int `json:"TotalCount"`
}
type CertificateInfo ¶
type CertificateInfo struct {
ID string `json:",omitempty"`
CN string
SANS Sans
Serial string
Thumbprint string
ValidFrom time.Time
ValidTo time.Time
}
func FindNewestCertificateWithSans ¶ added in v4.22.0
func FindNewestCertificateWithSans(certificates []*CertificateInfo, sans_ *Sans) (*CertificateInfo, error)
find a certificate from a list of certificates whose Sans.DNS matches and is the newest
type CertificateMetaData ¶ added in v4.17.1
type CertificateMetaData struct {
Approver []string `json:"Approver"`
CreatedOn string `json:"CreatedOn"`
CertificateAuthorityDN string `json:"CertificateAuthorityDN"`
Contact []string `json:"Contact"`
CreatedBy []string `json:"CreatedBy"`
CertificateDetails struct {
AIACAIssuerURL []string `json:"AIACAIssuerURL"`
AIAKeyIdentifier string `json:"AIAKeyIdentifier"`
C string `json:"C"`
CDPURI string `json:"CDPURI"`
CN string `json:"CN"`
EnhancedKeyUsage string `json:"EnhancedKeyUsage"`
Issuer string `json:"Issuer"`
KeyAlgorithm string `json:"KeyAlgorithm"`
KeySize int `json:"KeySize"`
KeyUsage string `json:"KeyUsage"`
L string `json:"L"`
O string `json:"O"`
OU []string `json:"OU"`
PublicKeyHash string `json:"PublicKeyHash"`
S string `json:"S"`
SKIKeyIdentifier string `json:"SKIKeyIdentifier"`
Serial string `json:"Serial"`
SignatureAlgorithm string `json:"SignatureAlgorithm"`
SignatureAlgorithmOID string `json:"SignatureAlgorithmOID"`
StoreAdded time.Time `json:"StoreAdded"`
Subject string `json:"Subject"`
TemplateMajorVersion string `json:"TemplateMajorVersion"`
TemplateMinorVersion string `json:"TemplateMinorVersion"`
TemplateName string `json:"TemplateName"`
TemplateOID string `json:"TemplateOID"`
Thumbprint string `json:"Thumbprint"`
ValidFrom time.Time `json:"ValidFrom"`
ValidTo time.Time `json:"ValidTo"`
} `json:"CertificateDetails"`
RenewalDetails struct {
City string `json:"City"`
Country string `json:"Country"`
KeySize int `json:"KeySize"`
Organization string `json:"Organization"`
OrganizationalUnit []string `json:"OrganizationalUnit"`
State string `json:"State"`
Subject string `json:"Subject"`
} `json:"RenewalDetails"`
ValidationDetails struct {
LastValidationStateUpdate time.Time `json:"LastValidationStateUpdate"`
NetworkValidationDisabled bool `json:"NetworkValidationDisabled"`
ValidationDisabled bool `json:"ValidationDisabled"`
} `json:"ValidationDetails"`
CustomFields []CustomFieldDetails `json:"CustomFields"`
DN string `json:"DN"`
Guid string `json:"Guid"`
ManagementType string `json:"ManagementType"`
Name string `json:"Name"`
Origin string `json:"Origin"`
ParentDn string `json:"ParentDn"`
SchemaClass string `json:"SchemaClass"`
}
type ChainOption ¶
type ChainOption int
ChainOption represents the options to be used with the certificate chain
const ( //ChainOptionRootLast specifies the root certificate should be in the last position of the chain ChainOptionRootLast ChainOption = iota //ChainOptionRootFirst specifies the root certificate should be in the first position of the chain ChainOptionRootFirst //ChainOptionIgnore specifies the chain should be ignored ChainOptionIgnore )
func ChainOptionFromString ¶
func ChainOptionFromString(order string) ChainOption
ChainOptionFromString converts the string to the corresponding ChainOption
type CustomField ¶
type CustomField struct {
Type CustomFieldType
Name string
Value string
}
CustomField can be used for adding additional information to certificate. For example: custom fields or Origin. By default it's custom field. For adding Origin set Type: CustomFieldOrigin For adding custom field with one name and few values give to request:
request.CustomFields = []CustomField{
{Name: "name1", Value: "value1"}
{Name: "name1", Value: "value2"}
}
type CustomFieldDetails ¶ added in v4.17.1
type CustomFieldType ¶
type CustomFieldType int
const ( CustomFieldPlain CustomFieldType = 0 + iota CustomFieldOrigin )
type EllipticCurve ¶
type EllipticCurve int
EllipticCurve represents the types of supported elliptic curves
const ( EllipticCurveNotSet EllipticCurve = iota // EllipticCurveP521 represents the P521 curve EllipticCurveP521 // EllipticCurveP256 represents the P256 curve EllipticCurveP256 // EllipticCurveP384 represents the P384 curve EllipticCurveP384 // EllipticED25519 represents the ED25519 curve EllipticCurveED25519 EllipticCurveDefault = EllipticCurveP256 )
func AllSupportedCurves ¶
func AllSupportedCurves() []EllipticCurve
func (*EllipticCurve) Set ¶
func (ec *EllipticCurve) Set(value string) error
Set EllipticCurve value via a string
func (*EllipticCurve) String ¶
func (ec *EllipticCurve) String() string
type ImportRequest ¶
type ImportResponse ¶
type KeyType ¶
type KeyType int
KeyType represents the types of supported keys
func (*KeyType) X509Type ¶
func (kt *KeyType) X509Type() x509.PublicKeyAlgorithm
type PEMCollection ¶
type PEMCollection struct {
Certificate string `json:",omitempty"`
PrivateKey string `json:",omitempty"`
Chain []string `json:",omitempty"`
CSR string `json:",omitempty"`
}
PEMCollection represents a collection of PEM data
func NewPEMCollection ¶
func NewPEMCollection(certificate *x509.Certificate, privateKey crypto.Signer, privateKeyPassword []byte, format ...string) (*PEMCollection, error)
NewPEMCollection creates a PEMCollection based on the data being passed in
func PEMCollectionFromBytes ¶
func PEMCollectionFromBytes(certBytes []byte, chainOrder ChainOption) (*PEMCollection, error)
PEMCollectionFromBytes creates a PEMCollection based on the data passed in
func (*PEMCollection) AddChainElement ¶
func (col *PEMCollection) AddChainElement(certificate *x509.Certificate) error
AddChainElement adds a chain element to the collection
func (*PEMCollection) AddPrivateKey ¶
func (col *PEMCollection) AddPrivateKey(privateKey crypto.Signer, privateKeyPassword []byte, format ...string) error
AddPrivateKey adds a Private Key to the PEMCollection. Note that the collection can only contain one private key
func (*PEMCollection) ToTLSCertificate ¶
func (col *PEMCollection) ToTLSCertificate() tls.Certificate
type ProcessingDetails ¶ added in v4.15.2
type RenewalRequest ¶
type Request ¶
type Request struct {
CADN string
Subject pkix.Name
DNSNames []string
OmitSANs bool
EmailAddresses []string
IPAddresses []net.IP
URIs []*url.URL
UPNs []string
Attributes []pkix.AttributeTypeAndValueSET
SignatureAlgorithm x509.SignatureAlgorithm
FriendlyName string
KeyType KeyType
KeyLength int
KeyCurve EllipticCurve
PrivateKey crypto.Signer
CsrOrigin CSrOriginOption
PickupID string
//Cloud Certificate ID
CertID string
ChainOption ChainOption
KeyPassword string
FetchPrivateKey bool
/* Thumbprint is here because *Request is used in RetrieveCertificate().
Code should be refactored so that RetrieveCertificate() uses some abstract search object, instead of *Request{PickupID} */
Thumbprint string
Timeout time.Duration
CustomFields []CustomField
Location *Location
ValidityHours int
IssuerHint string
// contains filtered or unexported fields
}
Request contains data needed to generate a certificate request CSR is a PEM-encoded Certificate Signing Request
func NewRequest ¶
func NewRequest(cert *x509.Certificate) *Request
NewRequest duplicates new Request object based on issued certificate
func (*Request) CheckCertificate ¶
CheckCertificate validate that certificate returned by server matches data in request object. It can be used for control server.
func (*Request) GenerateCSR ¶
GenerateCSR creates CSR for sending to server based on data from Request fields. It rewrites CSR field if it`s already filled.
func (*Request) GeneratePrivateKey ¶
GeneratePrivateKey creates private key (if it doesn`t already exist) based on request.KeyType, request.KeyLength and request.KeyCurve fileds
type RevocationRequest ¶
type SearchRequest ¶ added in v4.17.0
type SearchRequest []string
type SshAvaliableTemplate ¶ added in v4.17.1
type SshCaTemplateRequest ¶ added in v4.15.2
type SshCertRequest ¶ added in v4.15.0
type SshCertRequest struct {
Template string
PolicyDN string
ObjectName string
DestinationAddresses []string
KeyId string
Principals []string
ValidityPeriod string
PublicKeyData string
Extensions []string
ForceCommand string
SourceAddresses []string
PickupID string
Guid string
IncludePrivateKeyData bool
PrivateKeyPassphrase string
PrivateKeyFormat string
IncludeCertificateDetails bool
Timeout time.Duration
}
SshCertRequest This request is a standard one, it will hold data for tpp request and in the future it will hold VaS data.
type SshCertificateDetails ¶ added in v4.15.0
type SshCertificateDetails struct {
KeyType string `json:"KeyType,omitempty"`
CertificateType string `json:"CertificateType,omitempty"`
CertificateFingerprintSHA256 string `json:"CertificateFingerprintSHA256,omitempty"`
CAFingerprintSHA256 string `json:"CAFingerprintSHA256,omitempty"`
KeyID string `json:"KeyID,omitempty"`
SerialNumber string `json:"SerialNumber,omitempty"`
Principals []string `json:"Principals,omitempty"`
ValidFrom int64 `json:"ValidFrom,omitempty"`
ValidTo int64 `json:"ValidTo,omitempty"`
ForceCommand string `json:"ForceCommand,omitempty"`
SourceAddresses []string `json:"SourceAddresses,omitempty"`
PublicKeyFingerprintSHA256 string `json:"PublicKeyFingerprintSHA256,omitempty"`
Extensions map[string]interface{} `json:"Extensions,omitempty"`
}
type SshCertificateObject ¶ added in v4.16.1
type SshCertificateObject struct {
Guid string
DN string
CAGuid string
CADN string
CertificateData string
PrivateKeyData string
PublicKeyData string
CertificateDetails SshCertificateDetails
ProcessingDetails ProcessingDetails
}
type SshTppCaTemplateRequest ¶ added in v4.15.2
type SshTppCaTemplateResponse ¶ added in v4.15.2
type SshTppCaTemplateResponse struct {
AccessControl AccessControl
Response TppSshCertResponseInfo `json:"Response,omitempty"`
}
type TPPSshCertRequest ¶ added in v4.15.0
type TPPSshCertRequest struct {
CADN string `json:"CADN,omitempty"`
PolicyDN string `json:"PolicyDN,omitempty"`
ObjectName string `json:"ObjectName,omitempty"`
DestinationAddresses []string `json:"DestinationAddresses,omitempty"`
KeyId string `json:"KeyId,omitempty"`
Principals []string `json:"Principals,omitempty"`
ValidityPeriod string `json:"ValidityPeriod,omitempty"`
PublicKeyData string `json:"PublicKeyData,omitempty"`
Extensions map[string]interface{} `json:"Extensions,omitempty"`
ForceCommand string `json:"ForceCommand,omitempty"`
SourceAddresses []string `json:"SourceAddresses,omitempty"`
IncludePrivateKeyData bool `json:"IncludePrivateKeyData,omitempty"`
PrivateKeyPassphrase string `json:"PrivateKeyPassphrase,omitempty"`
IncludeCertificateDetails bool `json:"IncludeCertificateDetails,omitempty"`
ProcessingTimeout string `json:"ProcessingTimeout,omitempty"`
}
type TppSshCertOperationResponse ¶ added in v4.16.1
type TppSshCertOperationResponse struct {
ProcessingDetails ProcessingDetails
Guid string
DN string
CertificateData string
PrivateKeyData string
PublicKeyData string
CAGuid string
CADN string
CertificateDetails SshCertificateDetails
Response TppSshCertResponseInfo
}
type TppSshCertResponseInfo ¶ added in v4.15.0
Source Files
Click to show internal directories.
Click to hide internal directories.