Documentation
¶
Index ¶
- Constants
- Variables
- func AllSupportedKeySizes() []int
- func GenerateECDSAPrivateKey(curve EllipticCurve) (crypto.Signer, error)
- func GenerateED25519PrivateKey() (crypto.Signer, error)
- func GenerateRSAPrivateKey(size int) (*rsa.PrivateKey, error)
- func GenerateRequest(request *Request, privateKey crypto.Signer) errordeprecated
- func GetCertificatePEMBlock(cert []byte) *pem.Block
- func GetCertificateRequestPEMBlock(request []byte) *pem.Block
- func GetEncryptedPrivateKeyPEMBock(key crypto.Signer, password []byte, format ...string) (*pem.Block, error)
- func GetPrivateKeyPEMBock(key crypto.Signer, format ...string) (*pem.Block, error)
- func PublicKey(priv crypto.Signer) crypto.PublicKey
- type AccessControl
- type CSrOriginOption
- type CertSeachInfo
- type CertSearchResponse
- type CertificateInfo
- type CertificateMetaData
- type ChainOption
- type CustomField
- type CustomFieldDetails
- type CustomFieldType
- type EllipticCurve
- type ExtKeyUsage
- type ExtKeyUsageSlice
- type ImportRequest
- type ImportResponse
- type KeyType
- type Location
- type PEMCollection
- type ProcessingDetails
- type RenewalRequest
- type Request
- type RetireRequest
- type RevocationRequest
- type Sans
- type SearchRequest
- type SshAvaliableTemplate
- type SshCaTemplateRequest
- type SshCertRequest
- type SshCertificateDetails
- type SshCertificateObject
- type SshConfig
- type SshTppCaTemplateRequest
- type SshTppCaTemplateResponse
- type TPPSshCertRequest
- type TppSshCertOperationResponse
- type TppSshCertResponseInfo
- type TppSshCertRetrieveRequest
Constants ¶
View Source
const ( // LocalGeneratedCSR - this vcert library generates CSR internally based on Request data LocalGeneratedCSR CSrOriginOption = iota // local generation is default. // ServiceGeneratedCSR - server generate CSR internally based on zone configuration and data from Request ServiceGeneratedCSR // UserProvidedCSR - client provides CSR from external resource and vcert library just check and send this CSR to server UserProvidedCSR UnknownCSR // StrLocalGeneratedCSR is the string representations of the LocalGeneratedCSR constant StrLocalGeneratedCSR = "local" // StrServiceGeneratedCSR is the string representations of the ServiceGeneratedCSR constant StrServiceGeneratedCSR = "service" // StrUserProvidedCSR is the string representations of the UserProvidedCSR constant StrUserProvidedCSR = "file" )
View Source
const ( // Unknown ExtKeyUsage. WARNING: crypto/x509.ExtKeyUsage does not declare an undefined // ExtKeyUsage constant! UnknownExtKeyUsage ExtKeyUsage = -1 // ExtKeyUsageAny represents an EKU of Any (oid: 2.5.29.37.0) ExtKeyUsageAny = ExtKeyUsage(x509.ExtKeyUsageAny) // ExtKeyUsageServerAuth represents an EKU of ServerAuth (oid: 1.3.6.1.5.5.7.3.1) ExtKeyUsageServerAuth = ExtKeyUsage(x509.ExtKeyUsageServerAuth) // ExtKeyUsageClientAuth represents an EKU of ClientAuth (oid: 1.3.6.1.5.5.7.3.2) ExtKeyUsageClientAuth = ExtKeyUsage(x509.ExtKeyUsageClientAuth) // ExtKeyUsageCodeSigning represents an EKU of CodeSigning (oid: 1.3.6.1.5.5.7.3.3) ExtKeyUsageCodeSigning = ExtKeyUsage(x509.ExtKeyUsageCodeSigning) // ExtKeyUsageEmailProtection represents an EKU of EmailProtection (oid: 1.3.6.1.5.5.7.3.4) ExtKeyUsageEmailProtection = ExtKeyUsage(x509.ExtKeyUsageEmailProtection) // ExtKeyUsageIPSECEndSystem represents an EKU of IPSECEndSystem (oid: 1.3.6.1.5.5.7.3.5) ExtKeyUsageIPSECEndSystem = ExtKeyUsage(x509.ExtKeyUsageIPSECEndSystem) // ExtKeyUsageIPSECTunnel represents an EKU of IPSECTunnel (oid: 1.3.6.1.5.5.7.3.6) ExtKeyUsageIPSECTunnel = ExtKeyUsage(x509.ExtKeyUsageIPSECTunnel) // ExtKeyUsageIPSECUser represents an EKU of IPSECUser (oid: 1.3.6.1.5.5.7.3.7) ExtKeyUsageIPSECUser = ExtKeyUsage(x509.ExtKeyUsageIPSECUser) // ExtKeyUsageTimeStamping represents an EKU of TimeStamping (oid: 1.3.6.1.5.5.7.3.8) ExtKeyUsageTimeStamping = ExtKeyUsage(x509.ExtKeyUsageTimeStamping) // ExtKeyUsageOCSPSigning represents an EKU of OCSPSigning (oid: 1.3.6.1.5.5.7.3.9) ExtKeyUsageOCSPSigning = ExtKeyUsage(x509.ExtKeyUsageOCSPSigning) // ExtKeyUsageMicrosoftServerGatedCrypto represents an EKU of MicrosoftServerGatedCrypto (oid: 1.3.6.1.4.1.311.10.3.3) ExtKeyUsageMicrosoftServerGatedCrypto = ExtKeyUsage(x509.ExtKeyUsageMicrosoftServerGatedCrypto) // ExtKeyUsageNetscapeServerGatedCrypto represents an EKU of NetscapeServerGatedCrypto (oid: 2.16.840.1.113730.4.1) ExtKeyUsageNetscapeServerGatedCrypto = ExtKeyUsage(x509.ExtKeyUsageNetscapeServerGatedCrypto) // ExtKeyUsageMicrosoftCommercialCodeSigning represents an EKU of MicrosoftCommercialCodeSigning (oid: 1.3.6.1.4.1.311.2.1.22) ExtKeyUsageMicrosoftCommercialCodeSigning = ExtKeyUsage(x509.ExtKeyUsageMicrosoftCommercialCodeSigning) // ExtKeyUsageMicrosoftKernelCodeSigning represents an EKU of MicrosoftKernelCodeSigning (oid: 1.3.6.1.4.1.311.61.1.1) ExtKeyUsageMicrosoftKernelCodeSigning = ExtKeyUsage(x509.ExtKeyUsageMicrosoftKernelCodeSigning) )
View Source
const (
DefaultRSAlength int = 2048
)
Variables ¶
View Source
var ( // The ASN1 Object Identifier for the X509 extension Extended Key Usage. In ASN1 // the specifiec Extended Key Usage OIDs are elements sequenced under this OID. ExtensionExtKeyUsageOid = asn1.ObjectIdentifier{2, 5, 29, 37} // The ASN1 Object Identifier for Extended Key Usage: Any ExtKeyUsageAnyOid = asn1.ObjectIdentifier{2, 5, 29, 37, 0} // The ASN1 Object Identifier for Extended Key Usage: ServerAuth ExtKeyUsageServerAuthOid = asn1.ObjectIdentifier{1, 3, 6, 1, 5, 5, 7, 3, 1} // The ASN1 Object Identifier for Extended Key Usage: ClientAuth ExtKeyUsageClientAuthOid = asn1.ObjectIdentifier{1, 3, 6, 1, 5, 5, 7, 3, 2} // The ASN1 Object Identifier for Extended Key Usage: CodeSigning ExtKeyUsageCodeSigningOid = asn1.ObjectIdentifier{1, 3, 6, 1, 5, 5, 7, 3, 3} // The ASN1 Object Identifier for Extended Key Usage: EmailProtection ExtKeyUsageEmailProtectionOid = asn1.ObjectIdentifier{1, 3, 6, 1, 5, 5, 7, 3, 4} // The ASN1 Object Identifier for Extended Key Usage: IPSECEndSystem ExtKeyUsageIPSECEndSystemOid = asn1.ObjectIdentifier{1, 3, 6, 1, 5, 5, 7, 3, 5} // The ASN1 Object Identifier for Extended Key Usage: IPSECTunnel ExtKeyUsageIPSECTunnelOid = asn1.ObjectIdentifier{1, 3, 6, 1, 5, 5, 7, 3, 6} // The ASN1 Object Identifier for Extended Key Usage: IPSECUser ExtKeyUsageIPSECUserOid = asn1.ObjectIdentifier{1, 3, 6, 1, 5, 5, 7, 3, 7} // The ASN1 Object Identifier for Extended Key Usage: TimeStamping ExtKeyUsageTimeStampingOid = asn1.ObjectIdentifier{1, 3, 6, 1, 5, 5, 7, 3, 8} // The ASN1 Object Identifier for Extended Key Usage: OCSPSigning ExtKeyUsageOCSPSigningOid = asn1.ObjectIdentifier{1, 3, 6, 1, 5, 5, 7, 3, 9} // The ASN1 Object Identifier for Extended Key Usage: MicrosoftServerGatedCrypto ExtKeyUsageMicrosoftServerGatedCryptoOid = asn1.ObjectIdentifier{1, 3, 6, 1, 4, 1, 311, 10, 3, 3} // The ASN1 Object Identifier for Extended Key Usage: MicrosoftCommercialCodeSigning ExtKeyUsageMicrosoftCommercialCodeSigningOid = asn1.ObjectIdentifier{1, 3, 6, 1, 4, 1, 311, 2, 1, 22} // The ASN1 Object Identifier for Extended Key Usage: MicrosoftKernelCodeSigning ExtKeyUsageMicrosoftKernelCodeSigningOid = asn1.ObjectIdentifier{1, 3, 6, 1, 4, 1, 311, 61, 1, 1} // The ASN1 Object Identifier for Extended Key Usage: NetscapeServerGatedCrypto ExtKeyUsageNetscapeServerGatedCryptoOid = asn1.ObjectIdentifier{2, 16, 840, 1, 113730, 4, 1} )
Functions ¶
func AllSupportedKeySizes ¶
func AllSupportedKeySizes() []int
func GenerateECDSAPrivateKey ¶
func GenerateECDSAPrivateKey(curve EllipticCurve) (crypto.Signer, error)
GenerateECDSAPrivateKey generates a new ecdsa private key using the curve specified
func GenerateRSAPrivateKey ¶
func GenerateRSAPrivateKey(size int) (*rsa.PrivateKey, error)
GenerateRSAPrivateKey generates a new rsa private key using the size specified
func GenerateRequest
deprecated
func GetCertificatePEMBlock ¶
GetCertificatePEMBlock gets the certificate as a PEM data block
func GetCertificateRequestPEMBlock ¶
GetCertificateRequestPEMBlock gets the certificate request as a PEM data block
func GetEncryptedPrivateKeyPEMBock ¶
func GetEncryptedPrivateKeyPEMBock(key crypto.Signer, password []byte, format ...string) (*pem.Block, error)
GetEncryptedPrivateKeyPEMBock gets the private key as an encrypted PEM data block
func GetPrivateKeyPEMBock ¶
GetPrivateKeyPEMBock gets the private key as a PEM data block
Types ¶
type AccessControl ¶
type AccessControl struct {
DefaultPrincipals []string
}
type CSrOriginOption ¶
type CSrOriginOption int
func ParseCSROrigin ¶
func ParseCSROrigin(value string) CSrOriginOption
ParseCSROrigin returns a CSrOriginOption from a valid string representation
func (CSrOriginOption) MarshalYAML ¶
func (csr CSrOriginOption) MarshalYAML() (interface{}, error)
MarshalYAML customizes the behavior of ChainOption when being marshaled into a YAML document. The returned value is marshaled in place of the original value implementing Marshaller
func (*CSrOriginOption) String ¶
func (csr *CSrOriginOption) String() string
String returns a string representation of this object
func (*CSrOriginOption) UnmarshalYAML ¶
func (csr *CSrOriginOption) UnmarshalYAML(value *yaml.Node) error
UnmarshalYAML customizes the behavior when being unmarshalled from a YAML document
type CertSeachInfo ¶
type CertSearchResponse ¶
type CertSearchResponse struct {
Certificates []CertSeachInfo `json:"Certificates"`
Count int `json:"TotalCount"`
}
type CertificateInfo ¶
type CertificateInfo struct {
ID string `json:",omitempty"`
CN string
SANS Sans
Serial string
Thumbprint string
ValidFrom time.Time
ValidTo time.Time
}
func FindNewestCertificateWithSans ¶
func FindNewestCertificateWithSans(certificates []*CertificateInfo, sans_ *Sans) (*CertificateInfo, error)
FindNewestCertificateWithSans finds a certificate from a list of certificates whose Sans.DNS matches and is the newest
type CertificateMetaData ¶
type CertificateMetaData struct {
Approver []string `json:"Approver"`
CreatedOn string `json:"CreatedOn"`
CertificateAuthorityDN string `json:"CertificateAuthorityDN"`
Contact []string `json:"Contact"`
CreatedBy []string `json:"CreatedBy"`
CertificateDetails struct {
AIACAIssuerURL []string `json:"AIACAIssuerURL"`
AIAKeyIdentifier string `json:"AIAKeyIdentifier"`
C string `json:"C"`
CDPURI string `json:"CDPURI"`
CN string `json:"CN"`
EnhancedKeyUsage string `json:"EnhancedKeyUsage"`
Issuer string `json:"Issuer"`
KeyAlgorithm string `json:"KeyAlgorithm"`
KeySize int `json:"KeySize"`
KeyUsage string `json:"KeyUsage"`
L string `json:"L"`
O string `json:"O"`
OU []string `json:"OU"`
PublicKeyHash string `json:"PublicKeyHash"`
S string `json:"S"`
SKIKeyIdentifier string `json:"SKIKeyIdentifier"`
Serial string `json:"Serial"`
SignatureAlgorithm string `json:"SignatureAlgorithm"`
SignatureAlgorithmOID string `json:"SignatureAlgorithmOID"`
StoreAdded time.Time `json:"StoreAdded"`
Subject string `json:"Subject"`
TemplateMajorVersion string `json:"TemplateMajorVersion"`
TemplateMinorVersion string `json:"TemplateMinorVersion"`
TemplateName string `json:"TemplateName"`
TemplateOID string `json:"TemplateOID"`
Thumbprint string `json:"Thumbprint"`
ValidFrom time.Time `json:"ValidFrom"`
ValidTo time.Time `json:"ValidTo"`
} `json:"CertificateDetails"`
RenewalDetails struct {
City string `json:"City"`
Country string `json:"Country"`
KeySize int `json:"KeySize"`
Organization string `json:"Organization"`
OrganizationalUnit []string `json:"OrganizationalUnit"`
State string `json:"State"`
Subject string `json:"Subject"`
} `json:"RenewalDetails"`
ValidationDetails struct {
LastValidationStateUpdate time.Time `json:"LastValidationStateUpdate"`
NetworkValidationDisabled bool `json:"NetworkValidationDisabled"`
ValidationDisabled bool `json:"ValidationDisabled"`
} `json:"ValidationDetails"`
CustomFields []CustomFieldDetails `json:"CustomFields"`
DN string `json:"DN"`
Guid string `json:"Guid"`
ManagementType string `json:"ManagementType"`
Name string `json:"Name"`
Origin string `json:"Origin"`
ParentDn string `json:"ParentDn"`
SchemaClass string `json:"SchemaClass"`
}
type ChainOption ¶
type ChainOption int
ChainOption represents the options to be used with the certificate chain
const ( //ChainOptionRootLast specifies the root certificate should be in the last position of the chain ChainOptionRootLast ChainOption = iota //ChainOptionRootFirst specifies the root certificate should be in the first position of the chain ChainOptionRootFirst //ChainOptionIgnore specifies the chain should be ignored ChainOptionIgnore )
func ChainOptionFromString ¶
func ChainOptionFromString(order string) ChainOption
ChainOptionFromString converts the string to the corresponding ChainOption
func (ChainOption) MarshalYAML ¶
func (co ChainOption) MarshalYAML() (interface{}, error)
MarshalYAML customizes the behavior of ChainOption when being marshaled into a YAML document. The returned value is marshaled in place of the original value implementing Marshaller
func (*ChainOption) String ¶
func (co *ChainOption) String() string
String returns a string representation of this object
func (*ChainOption) UnmarshalYAML ¶
func (co *ChainOption) UnmarshalYAML(value *yaml.Node) error
UnmarshalYAML customizes the behavior when being unmarshalled from a YAML document
type CustomField ¶
type CustomField struct {
Type CustomFieldType `yaml:"-"`
Name string `yaml:"name"`
Value string `yaml:"value"`
}
CustomField can be used for adding additional information to certificate. For example: custom fields or Origin. By default, Type is CustomFieldPlain. For adding Origin set Type: CustomFieldOrigin For adding multiple values to a single custom field:
request.CustomFields = []CustomField{
{Name: "name1", Value: "value1"}
{Name: "name1", Value: "value2"}
}
type CustomFieldDetails ¶
type CustomFieldType ¶
type CustomFieldType int
const ( CustomFieldPlain CustomFieldType = 0 + iota CustomFieldOrigin CustomFieldUnknown )
func (CustomFieldType) MarshalYAML ¶
func (cft CustomFieldType) MarshalYAML() (interface{}, error)
MarshalYAML customizes the behavior of ChainOption when being marshaled into a YAML document. The returned value is marshaled in place of the original value implementing Marshaller
func (*CustomFieldType) String ¶
func (cft *CustomFieldType) String() string
String returns a string representation of this object
type EllipticCurve ¶
type EllipticCurve int
EllipticCurve represents the types of supported elliptic curves
const ( // EllipticCurveNotSet represents a value not set EllipticCurveNotSet EllipticCurve = iota // EllipticCurveP521 represents the P521 curve EllipticCurveP521 // EllipticCurveP256 represents the P256 curve EllipticCurveP256 // EllipticCurveP384 represents the P384 curve EllipticCurveP384 // EllipticCurveED25519 represents the ED25519 curve EllipticCurveED25519 // EllipticCurveDefault represents the default curve value EllipticCurveDefault = EllipticCurveP256 )
func AllSupportedCurves ¶
func AllSupportedCurves() []EllipticCurve
func (EllipticCurve) MarshalYAML ¶
func (ec EllipticCurve) MarshalYAML() (interface{}, error)
MarshalYAML customizes the behavior of ChainOption when being marshaled into a YAML document. The returned value is marshaled in place of the original value implementing Marshaller
func (*EllipticCurve) Set ¶
func (ec *EllipticCurve) Set(value string) error
Set EllipticCurve value via a string
func (*EllipticCurve) String ¶
func (ec *EllipticCurve) String() string
func (*EllipticCurve) UnmarshalYAML ¶
func (ec *EllipticCurve) UnmarshalYAML(value *yaml.Node) error
UnmarshalYAML customizes the behavior when being unmarshalled from a YAML document
type ExtKeyUsage ¶ added in v5.9.0
type ExtKeyUsage x509.ExtKeyUsage
type ExtKeyUsage struct {
id x509.ExtKeyUsage
oid asn1.ObjectIdentifier
name string
}
ExtKeyUsage represents an extended set of actions that are valid for a given key. Each of the ExtKeyUsage* constants define a unique action.
func ParseExtKeyUsage ¶ added in v5.9.0
func ParseExtKeyUsage(s string) (ExtKeyUsage, error)
func (*ExtKeyUsage) MarshalYAML ¶ added in v5.9.0
func (eku *ExtKeyUsage) MarshalYAML() (interface{}, error)
MarshalYAML customizes the behavior of ExtKeyUsage when being marshaled into a YAML document. The returned value is marshaled in place of the original value implementing Marshaller
func (*ExtKeyUsage) Oid ¶ added in v5.9.0
func (eku *ExtKeyUsage) Oid() (asn1.ObjectIdentifier, error)
Returns the ASN1 Obect Indentifier represented by the ExtKeyUsage type
func (*ExtKeyUsage) String ¶ added in v5.9.0
func (eku *ExtKeyUsage) String() string
Returns the string representation of this object
func (*ExtKeyUsage) UnmarshalYAML ¶ added in v5.9.0
func (eku *ExtKeyUsage) UnmarshalYAML(value *yaml.Node) error
UnmarshalYAML customizes the behavior when being unmarshalled from a YAML document
func (*ExtKeyUsage) X509Type ¶ added in v5.9.0
func (eku *ExtKeyUsage) X509Type() x509.ExtKeyUsage
X509Type() returns the crypto/x509.ExtKeyUsage type
type ExtKeyUsageSlice ¶ added in v5.9.0
type ExtKeyUsageSlice []ExtKeyUsage
A slice that contains multiple ExtKeyUsage types, with useful functions for adding and parsing the slice
func NewExtKeyUsageSlice ¶ added in v5.9.0
func NewExtKeyUsageSlice(param any) *ExtKeyUsageSlice
func (*ExtKeyUsageSlice) Add ¶ added in v5.9.0
func (es *ExtKeyUsageSlice) Add(param any) error
func (*ExtKeyUsageSlice) Exists ¶ added in v5.9.0
func (es *ExtKeyUsageSlice) Exists(eku ExtKeyUsage) bool
func (*ExtKeyUsageSlice) String ¶ added in v5.9.0
func (es *ExtKeyUsageSlice) String() string
type ImportRequest ¶
type ImportResponse ¶
type KeyType ¶
type KeyType int
KeyType represents the types of supported keys
func (KeyType) MarshalYAML ¶
MarshalYAML customizes the behavior of ChainOption when being marshaled into a YAML document. The returned value is marshaled in place of the original value implementing Marshaller
func (*KeyType) UnmarshalYAML ¶
UnmarshalYAML customizes the behavior when being unmarshalled from a YAML document
func (*KeyType) X509Type ¶
func (kt *KeyType) X509Type() x509.PublicKeyAlgorithm
type Location ¶
type Location struct {
Instance string `yaml:"instance,omitempty"`
Workload string `yaml:"workload,omitempty"`
TLSAddress string `yaml:"tlsAddress,omitempty"`
Replace bool `yaml:"replace,omitempty"`
Zone string `yaml:"zone,omitempty"`
}
Location represents a Device that needs enrollment or provisioning
type PEMCollection ¶
type PEMCollection struct {
Certificate string `json:",omitempty"`
PrivateKey string `json:",omitempty"`
Chain []string `json:",omitempty"`
CSR string `json:",omitempty"`
}
PEMCollection represents a collection of PEM data
func NewPEMCollection ¶
func NewPEMCollection(certificate *x509.Certificate, privateKey crypto.Signer, privateKeyPassword []byte, format ...string) (*PEMCollection, error)
NewPEMCollection creates a PEMCollection based on the data being passed in
func PEMCollectionFromBytes ¶
func PEMCollectionFromBytes(certBytes []byte, chainOrder ChainOption) (*PEMCollection, error)
PEMCollectionFromBytes creates a PEMCollection based on the data passed in
func (*PEMCollection) AddChainElement ¶
func (col *PEMCollection) AddChainElement(certificate *x509.Certificate) error
AddChainElement adds a chain element to the collection
func (*PEMCollection) AddPrivateKey ¶
func (col *PEMCollection) AddPrivateKey(privateKey crypto.Signer, privateKeyPassword []byte, format ...string) error
AddPrivateKey adds a Private Key to the PEMCollection. Note that the collection can only contain one private key
func (*PEMCollection) ToTLSCertificate ¶
func (col *PEMCollection) ToTLSCertificate() tls.Certificate
type ProcessingDetails ¶
type RenewalRequest ¶
type Request ¶
type Request struct {
CADN string
Subject pkix.Name
DNSNames []string
OmitSANs bool
EmailAddresses []string
IPAddresses []net.IP
URIs []*url.URL
UPNs []string
// Deprecated: Attributes is deprecated from X509.CertificateRequest. See ExtraExtensions
// instead. Values override any extensions that would otherwise be produced based on the
// other fields but are overridden by any extensions specified in Attributes.
Attributes []pkix.AttributeTypeAndValueSET
// ExtraExtensions may include SAN values and ExtKeyUsage values. If these are
// specified as part of ExtraExtensions, they will override the other specified values.
ExtraExtensions []pkix.Extension
SignatureAlgorithm x509.SignatureAlgorithm
FriendlyName string
KeyType KeyType
KeyLength int
KeyCurve EllipticCurve
PrivateKey crypto.Signer
CsrOrigin CSrOriginOption
PickupID string
//Cloud Certificate ID
CertID string
ChainOption ChainOption
KeyPassword string
FetchPrivateKey bool
/* Thumbprint is here because *Request is used in RetrieveCertificate().
Code should be refactored so that RetrieveCertificate() uses some abstract search object, instead of *Request{PickupID} */
Thumbprint string
// Timeout usage:
// TPP (a.k.a TLSPDC): we use it in order to set WorkToDoTimeout, that overrides TPP default timeout waiting time for the CA to finish
// if the value is more than the maximum value, TPP will automatically set the maximum value supported (as of the moment of this
// commit, 120 seconds).
// Cloud (a.k.a VaaS a.k.a TLSPC) : We use this timeout in our RetrieveCertificate function which handles a retry logic
// TPP SSH feature: We override the http client default timeout to perform http requests.
// Firefly: not usage at all
//
// Note:
// In VCert CLI we have hardcoded 180 seconds for retrieve certificate operation. For VaaS it will set retry logic for
// 180 seconds and TPP will override CA timeout as the hardcoded value
Timeout time.Duration
CustomFields []CustomField
Location *Location
ValidityDuration *time.Duration
ValidityPeriod string //represents the validity of the certificate expressed as an ISO 8601 duration
IssuerHint util.IssuerHint
// Contacts allows you to configure email addresses to send notifications
// about the certificate. This field is TPP-specific.
//
// Note: the user who receives the notification isn't automatically given
// access to that certificate. Access is configured at the policy folder
// level; if the user doesn't permissions on that folder, they will not be
// able to see the certificate's status in TPP or remediate the problem
// through the TPP UI.
//
// When an email is used by multiple TPP identities, the first identity
// found is picked arbitrarily.
//
// The scope `configuration` is required. Since Contacts works by searching
// the emails in the same LDAP or AD as the user attached to the token, you
// must check that you are using a user in that same identity provider.
// Contacts doesn't work with the local TPP identities. Using Contacts
// requires adding `mail` to the list of fields searched when performing a
// user search, which can be configured in the Venafi Configuration Console
// by RDP'ing into the TPP VM. This configuration cannot be performed
// directly in the TPP UI.
Contacts []string
// Allow user to specify whether to include
ExtKeyUsages ExtKeyUsageSlice
// Deprecated: use ValidityDuration instead, this field is ignored if ValidityDuration is set
ValidityHours int
// contains filtered or unexported fields
}
Request contains data needed to generate a certificate request CSR is a PEM-encoded Certificate Signing Request
func NewRequest ¶
func NewRequest(cert *x509.Certificate) *Request
NewRequest duplicates new Request object based on issued certificate
func (*Request) CheckCertificate ¶
CheckCertificate validate that certificate returned by server matches data in request object. It can be used for control server.
func (*Request) GenerateCSR ¶
GenerateCSR creates CSR for sending to server based on data from Request fields. It rewrites CSR field if it`s already filled.
func (*Request) GeneratePrivateKey ¶
GeneratePrivateKey creates private key (if it doesn`t already exist) based on request.KeyType, request.KeyLength and request.KeyCurve fileds
type RetireRequest ¶
type RevocationRequest ¶
type SearchRequest ¶
type SearchRequest []string
type SshAvaliableTemplate ¶
type SshCaTemplateRequest ¶
type SshCertRequest ¶
type SshCertRequest struct {
Template string
PolicyDN string
ObjectName string
DestinationAddresses []string
KeyId string
Principals []string
ValidityPeriod string
PublicKeyData string
Extensions []string
ForceCommand string
SourceAddresses []string
PickupID string
Guid string
IncludePrivateKeyData bool
PrivateKeyPassphrase string
PrivateKeyFormat string
IncludeCertificateDetails bool
Timeout time.Duration
}
SshCertRequest This request is a standard one, it will hold data for tpp request and in the future it will hold VaS data.
type SshCertificateDetails ¶
type SshCertificateDetails struct {
KeyType string `json:"KeyType,omitempty"`
CertificateType string `json:"CertificateType,omitempty"`
CertificateFingerprintSHA256 string `json:"CertificateFingerprintSHA256,omitempty"`
CAFingerprintSHA256 string `json:"CAFingerprintSHA256,omitempty"`
KeyID string `json:"KeyID,omitempty"`
SerialNumber string `json:"SerialNumber,omitempty"`
Principals []string `json:"Principals,omitempty"`
ValidFrom int64 `json:"ValidFrom,omitempty"`
ValidTo int64 `json:"ValidTo,omitempty"`
ForceCommand string `json:"ForceCommand,omitempty"`
SourceAddresses []string `json:"SourceAddresses,omitempty"`
PublicKeyFingerprintSHA256 string `json:"PublicKeyFingerprintSHA256,omitempty"`
Extensions map[string]interface{} `json:"Extensions,omitempty"`
}
type SshCertificateObject ¶
type SshCertificateObject struct {
Guid string
DN string
CAGuid string
CADN string
CertificateData string
PrivateKeyData string
PublicKeyData string
CertificateDetails SshCertificateDetails
ProcessingDetails ProcessingDetails
}
type SshTppCaTemplateRequest ¶
type SshTppCaTemplateResponse ¶
type SshTppCaTemplateResponse struct {
AccessControl AccessControl
Response TppSshCertResponseInfo `json:"Response,omitempty"`
}
type TPPSshCertRequest ¶
type TPPSshCertRequest struct {
CADN string `json:"CADN,omitempty"`
PolicyDN string `json:"PolicyDN,omitempty"`
ObjectName string `json:"ObjectName,omitempty"`
DestinationAddresses []string `json:"DestinationAddresses,omitempty"`
KeyId string `json:"KeyId,omitempty"`
Principals []string `json:"Principals,omitempty"`
ValidityPeriod string `json:"ValidityPeriod,omitempty"`
PublicKeyData string `json:"PublicKeyData,omitempty"`
Extensions map[string]interface{} `json:"Extensions,omitempty"`
ForceCommand string `json:"ForceCommand,omitempty"`
SourceAddresses []string `json:"SourceAddresses,omitempty"`
IncludePrivateKeyData bool `json:"IncludePrivateKeyData,omitempty"`
PrivateKeyPassphrase string `json:"PrivateKeyPassphrase,omitempty"`
IncludeCertificateDetails bool `json:"IncludeCertificateDetails,omitempty"`
ProcessingTimeout string `json:"ProcessingTimeout,omitempty"`
}
type TppSshCertOperationResponse ¶
type TppSshCertOperationResponse struct {
ProcessingDetails ProcessingDetails
Guid string
DN string
CertificateData string
PrivateKeyData string
PublicKeyData string
CAGuid string
CADN string
CertificateDetails SshCertificateDetails
Response TppSshCertResponseInfo
}
type TppSshCertResponseInfo ¶
Source Files
Click to show internal directories.
Click to hide internal directories.