est

package module
v0.0.0-...-a9d7226 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 6, 2018 License: MIT Imports: 12 Imported by: 2

README

est-client-go

EST client - RFC 7030 - Enrollment over Secure Transport

// EST client.  Username and password will be used for basic auth.
// serverCert contains the EST server certificate in PEM format.
client := est.Client{
            URLPrefix: "https://testrfc7030.cisco.com:8443",
            Username: "estuser",
            Password: "estpwd",
            ServerCert: serverCert}

// Get EST server CA certs in PEM format.
caCerts, err := client.CaCerts()

// Create CSR.  CreateCsr returns the CSR and the private key generated
// in PEM format.
commonName := "Test"
country := "FR"
state := "Guadeloupe"
city := "Anse Bananier"
organization := "Relax"
organizationalUnit := "Secret"
emailAddress := "test@example.com"
priv, csr, err := est.CreateCsr(commonName, country, state, city,
                                organization, organizationalUnit,
                                emailAddress)

// Enroll using the CSR.  SimpleEnroll returns the signed cert in PEM format.
cert, err = client.SimpleEnroll(csr)

// Reenroll using the CSR.
cert, err = client.SimpleReenroll(csr, nil, nil)

// Reenroll using the CSR and the client cert/key for authentication.
cert, err = client.SimpleReenroll(csr, cert, priv)

Out of Scope:

  • §3.3.3 - Certificate-less TLS Mutual Authentication.
  • §3.5 - Linking Identity and PoP information.
  • §4.3 - CMC.
  • §4.4 - Server-side key generation.
  • §4.5 - CSR attributes.

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var TLSConfig *tls.Config

Functions

func CreateCsr 

func CreateCsr(commonName string, country string, state string, city string,
	organization string, organizationalUnit string,
	emailAddress string) ([]byte, []byte, error)

CreateCsr generates a key pair, creates a CSR and returns the private key and CSR in PEM format.

func Get 

func Get(url string, headers map[string]string,
	serverCert []byte) ([]byte, error)

Get issues an HTTP GET request. Returns the response body.

func PKCS7ToPEM 

func PKCS7ToPEM(data []byte) ([]byte, error)

PKCS7ToPEM converts PKCS7 formatted data to PEM formatted data.

func Post 

func Post(url string, data []byte, headers map[string]string,
	username string, password string, clientCert []byte,
	clientKey []byte, serverCert []byte) ([]byte, error)

Post issues an HTTP POST request. username and password are used for basic auth. clientKey and clientCert are used for TLS auth. Returns the response body.

func Send 

func Send(method string, url string, data []byte, headers map[string]string,
	username string, password string,
	clientCert []byte,
	clientKey []byte, serverCert []byte) ([]byte, error)

Send issues an HTTP request. Returns the body.

Types

type Client 

type Client struct {
	URLPrefix  string
	Username   string
	Password   string
	ServerCert []byte
}

Client represents and EST client.

func (*Client) CaCerts 

func (c *Client) CaCerts() ([]byte, error)

CaCerts issues an EST GET /cacerts request. Return CA certs in PEM format.

func (*Client) SimpleEnroll 

func (c *Client) SimpleEnroll(csr []byte) ([]byte, error)

SimpleEnroll issues an EST POST /simpleenroll request. Takes a CSR in PEM format and returns the signed cert in PEM format.

func (*Client) SimpleReenroll 

func (c *Client) SimpleReenroll(csr []byte, clientCert []byte,
	clientKey []byte) ([]byte, error)

SimpleReenroll issues an EST POST /simplereenroll request. Takes a CSR in PEM format and returns the signed cert in PEM format. You can also pass a client cert/key for authentication.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.