Documentation
¶
Index ¶
- Constants
- Variables
- func ConvertToRegex(values []string, wildcardAllowed bool) []string
- func ConvertToRfc822Regex(values []string) []string
- func GetApplicationName(zone string) string
- func GetCitName(zone string) string
- func GetFileAndBytes(p string) (*os.File, []byte, error)
- func GetFileType(f string) string
- func GetParent(p string) string
- func IsDefaultEmpty(ps *PolicySpecification) bool
- func IsPolicyEmpty(ps *PolicySpecification) bool
- func IsWildcardAllowed(ps PolicySpecification) bool
- func RemoveRegex(values []string) []string
- func ValidateCloudPolicySpecification(ps *PolicySpecification) error
- func ValidateTppPolicySpecification(ps *PolicySpecification) error
- func VerifyPolicySpec(bytes []byte, fileExt string) error
- type Account
- type AccountDetails
- type Accounts
- type Application
- type CADetails
- type CertificateAuthorityInfo
- type CheckPolicyRequest
- type CheckPolicyResponse
- type ClearTTPAttributesRequest
- type CloudPolicyRequest
- type Default
- type DefaultKeyPair
- type DefaultSubject
- type Key
- type KeyPair
- type KeyPairResponse
- type KeyType
- type LockedArrayAttribute
- type LockedAttribute
- type LockedIntAttribute
- type OwnerIdType
- type Policy
- type PolicyExistPayloadRequest
- type PolicyGetAttributePayloadRequest
- type PolicyGetAttributeResponse
- type PolicyIsValidResponse
- type PolicyObject
- type PolicyPayloadRequest
- type PolicyResponse
- type PolicySetAttributePayloadRequest
- type PolicySetAttributeResponse
- type PolicySpecification
- type Product
- type ProductDetails
- type ProductOption
- type ProductTemplate
- type RecommendedSettings
- type Subject
- type SubjectAltNames
- type SubjectResponse
- type TppPolicy
- type TrackingData
Constants ¶
View Source
const ( JsonExtension = ".json" YamlExtension = ".yaml" RootPath = util.PathSeparator + "VED" + util.PathSeparator + "Policy" PolicyClass = "Policy" PolicyAttributeClass = "X509 Certificate" //tpp policy attributes TppContact = "Contact" TppApprover = "Approver" TppCertificateAuthority = "Certificate Authority" TppProhibitWildcard = "Prohibit Wildcard" TppDomainSuffixWhitelist = "Domain Suffix Whitelist" TppOrganization = "Organization" TppOrganizationalUnit = "Organizational Unit" TppCity = "City" TppState = "State" TppCountry = "Country" TppPkixParameterSetPolicy = "PKIX Parameter Set Policy" TppPkixParameterSetPolicyDefault = "PKIX Parameter Set Policy Default" TppKeyAlgorithm = "Key Algorithm" TppKeyBitStrength = "Key Bit Strength" TppEllipticCurve = "Elliptic Curve" ServiceGenerated = "Manual Csr" TppProhibitedSANTypes = "Prohibited SAN Types" TppAllowPrivateKeyReuse = "Allow Private Key Reuse" TppWantRenewal = "Want Renewal" TppDnsAllowed = "DNS" TppIpAllowed = "IP" TppEmailAllowed = "Email" TppUriAllowed = "URI" TppUpnAllowed = "UPN" AllowAll = ".*" UserProvided = "UserProvided" DefaultCA = "BUILTIN\\Built-In CA\\Default Product" TppManagementType = "Management Type" TppManagementTypeEnrollment = "Enrollment" TppManagementTypeProvisioning = "Provisioning" CloudEntrustCA = "ENTRUST" CloudDigicertCA = "DIGICERT" CloudRequesterName = "Venafi Cloud Service" CloudRequesterEmail = "no-reply@venafi.cloud" CloudRequesterPhone = "801-555-0123" IdentityUser = 1 IdentitySecurityGroup = 2 IdentityDistributionGroup = 8 AllIdentities = IdentityUser + IdentitySecurityGroup + IdentityDistributionGroup )
Variables ¶
View Source
var CloudRsaKeySize = []int{1024, 2048, 3072, 4096}
CloudRsaKeySize represents the Key sizes supported by VaaS for RSA Private Keys
View Source
var KeyAlgorithmsToPKIX = map[string]map[string]string{
"RSA": {
"1024": "1.3.6.1.4.1.28783.10.1.1.1024",
"2048": "1.3.6.1.4.1.28783.10.1.1.2048",
"3072": "1.3.6.1.4.1.28783.10.1.1.3072",
"4096": "1.3.6.1.4.1.28783.10.1.1.4096",
},
"ECC": {
"P256": "1.3.6.1.4.1.28783.10.2.1.256",
"P384": "1.3.6.1.4.1.28783.10.2.1.384",
"P521": "1.3.6.1.4.1.28783.10.2.1.521",
},
}
KeyAlgorithmsToPKIX represents the mapping of RSA and ECDSA/ECC Key Algorithms to the PKIX OIDs
View Source
var TppEllipticCurves = []string{"P256", "P384", "P521"}
TppEllipticCurves represents the curves supported by TPP for ECDSA Private Keys
View Source
var TppKeyType = []string{"RSA", "ECDSA", "ECC"}
TppKeyType represents the Private Key types supported by TPP
View Source
var TppRsaKeySize = []int{512, 1024, 2048, 3072, 4096}
TppRsaKeySize represents the Key sizes supported by TPP for RSA Private Keys
Functions ¶
func ConvertToRegex ¶
func ConvertToRfc822Regex ¶
func GetApplicationName ¶
func GetCitName ¶
func GetFileType ¶
func IsDefaultEmpty ¶
func IsDefaultEmpty(ps *PolicySpecification) bool
func IsPolicyEmpty ¶
func IsPolicyEmpty(ps *PolicySpecification) bool
func IsWildcardAllowed ¶
func IsWildcardAllowed(ps PolicySpecification) bool
func RemoveRegex ¶
func ValidateCloudPolicySpecification ¶
func ValidateCloudPolicySpecification(ps *PolicySpecification) error
func ValidateTppPolicySpecification ¶
func ValidateTppPolicySpecification(ps *PolicySpecification) error
func VerifyPolicySpec ¶
Types ¶
type AccountDetails ¶
type AccountDetails struct {
Account Account `json:"account"`
ProductOption []ProductOption `json:"productOptions"`
}
type Accounts ¶
type Accounts struct {
Accounts []AccountDetails
}
type Application ¶
type Application struct {
OwnerIdsAndTypes []OwnerIdType `json:"ownerIdsAndTypes"`
Name string `json:"name"`
Description string `json:"description"`
Fqdns []string `json:"fqdns"`
InternalFqdns []string `json:"internalFqdns"`
InternalIpRanges []string `json:"internalIpRanges"`
ExternalIpRanges []string `json:"externalIpRanges"`
InternalPorts []string `json:"internalPorts"`
FullyQualifiedDomainNames []string `json:"fullyQualifiedDomainNames"`
IpRanges []string `json:"ipRanges"`
Ports []string `json:"ports"`
CertificateIssuingTemplateAliasIdMap map[string]string `json:"certificateIssuingTemplateAliasIdMap"`
StartTargetedDiscovery bool `json:"startTargetedDiscovery"`
}
type CertificateAuthorityInfo ¶
func GetCertAuthorityInfo ¶
func GetCertAuthorityInfo(certificateAuthority string) (CertificateAuthorityInfo, error)
type CheckPolicyRequest ¶
type CheckPolicyRequest struct {
PolicyDN string `json:"PolicyDN"`
}
type CheckPolicyResponse ¶
type CheckPolicyResponse struct {
Error string `json:"Error"`
Policy *PolicyResponse `json:"Policy"`
}
type CloudPolicyRequest ¶
type CloudPolicyRequest struct {
Name string `json:"name"`
CertificateAuthority string `json:"certificateAuthority"`
CertificateAuthorityProductOptionId string `json:"certificateAuthorityProductOptionId"`
Product Product `json:"product"`
TrackingData *TrackingData `json:"trackingData"`
SubjectCNRegexes []string `json:"subjectCNRegexes"`
SubjectORegexes []string `json:"subjectORegexes"`
SubjectOURegexes []string `json:"subjectOURegexes"`
SubjectLRegexes []string `json:"subjectLRegexes"`
SubjectSTRegexes []string `json:"subjectSTRegexes"`
SubjectCValues []string `json:"subjectCValues"`
SanRegexes []string `json:"sanRegexes"`
SanIpAddressRegexes []string `json:"sanIpAddressRegexes"`
SanRfc822NameRegexes []string `json:"sanRfc822NameRegexes"`
SanUniformResourceIdentifierRegexes []string `json:"sanUniformResourceIdentifierRegexes"`
KeyTypes []KeyType `json:"keyTypes"`
KeyReuse *bool `json:"keyReuse"`
RecommendedSettings *RecommendedSettings `json:"recommendedSettings"`
CsrUploadAllowed bool `json:"csrUploadAllowed"`
KeyGeneratedByVenafiAllowed bool `json:"keyGeneratedByVenafiAllowed"`
}
func BuildCloudCitRequest ¶
func BuildCloudCitRequest(ps *PolicySpecification, ca *CADetails) (*CloudPolicyRequest, error)
type Default ¶
type Default struct {
Domain *string `json:"domain,omitempty" yaml:"domain,omitempty"`
Subject *DefaultSubject `json:"subject,omitempty" yaml:"subject,omitempty"`
KeyPair *DefaultKeyPair `json:"keyPair,omitempty" yaml:"keyPair,omitempty"`
AutoInstalled *bool `json:"autoInstalled,omitempty" yaml:"autoInstalled,omitempty"`
}
type DefaultKeyPair ¶
type DefaultKeyPair struct {
PkixParameterSetDefault *string `json:"pkixParameterSetDefault,omitempty" yaml:"pkixParameterSetDefault,omitempty"`
KeyType *string `json:"keyType,omitempty" yaml:"keyType,omitempty"`
RsaKeySize *int `json:"rsaKeySize,omitempty" yaml:"rsaKeySize,omitempty"`
EllipticCurve *string `json:"ellipticCurve,omitempty" yaml:"ellipticCurve,omitempty"`
ServiceGenerated *bool `json:"serviceGenerated,omitempty" yaml:"serviceGenerated,omitempty"`
}
type DefaultSubject ¶
type DefaultSubject struct {
Org *string `json:"org,omitempty" yaml:"org,omitempty"`
OrgUnits []string `json:"orgUnits,omitempty" yaml:"orgUnits,omitempty"`
Locality *string `json:"locality,omitempty" yaml:"locality,omitempty"`
State *string `json:"state,omitempty" yaml:"state,omitempty"`
Country *string `json:"country,omitempty" yaml:"country,omitempty"`
}
type KeyPair ¶
type KeyPair struct {
PkixParameterSet []string `json:"pkixParameterSet,omitempty" yaml:"pkixParameterSet,omitempty"`
KeyTypes []string `json:"keyTypes,omitempty" yaml:"keyTypes,omitempty"`
RsaKeySizes []int `json:"rsaKeySizes,omitempty" yaml:"rsaKeySizes,omitempty"`
EllipticCurves []string `json:"ellipticCurves,omitempty" yaml:"ellipticCurves,omitempty"`
ServiceGenerated *bool `json:"serviceGenerated,omitempty" yaml:"generationType,omitempty"`
ReuseAllowed *bool `json:"reuseAllowed,omitempty" yaml:"reuseAllowed,omitempty"`
}
type KeyPairResponse ¶
type KeyPairResponse struct {
KeyAlgorithm LockedAttribute `json:"KeyAlgorithm"`
KeySize LockedIntAttribute `json:"KeySize"`
EllipticCurve LockedAttribute `json:"EllipticCurve"`
}
type LockedArrayAttribute ¶
type LockedAttribute ¶
type LockedIntAttribute ¶
type OwnerIdType ¶
type Policy ¶
type Policy struct {
Domains []string `json:"domains,omitempty" yaml:"domains,omitempty"`
WildcardAllowed *bool `json:"wildcardAllowed,omitempty" yaml:"wildcardAllowed,omitempty"`
AutoInstalled *bool `json:"autoInstalled,omitempty" yaml:"autoInstalled,omitempty"`
MaxValidDays *int `json:"maxValidDays,omitempty" yaml:"maxValidDays,omitempty"`
CertificateAuthority *string `json:"certificateAuthority,omitempty" yaml:"certificateAuthority,omitempty"`
Subject *Subject `json:"subject,omitempty" yaml:"subject,omitempty"`
KeyPair *KeyPair `json:"keyPair,omitempty" yaml:"keyPair,omitempty"`
SubjectAltNames *SubjectAltNames `json:"subjectAltNames,omitempty" yaml:"subjectAltNames,omitempty"`
}
type PolicyExistPayloadRequest ¶
type PolicyExistPayloadRequest struct {
ObjectDN string `json:"ObjectDN"`
}
type PolicyIsValidResponse ¶
type PolicyIsValidResponse struct {
Error string `json:"Error"`
Result int `json:"Result"`
PolicyObject PolicyObject `json:"Object"`
}
type PolicyObject ¶
type PolicyPayloadRequest ¶
type PolicyResponse ¶
type PolicyResponse struct {
CertificateAuthority LockedAttribute `json:"CertificateAuthority"`
CsrGeneration LockedAttribute `json:"CsrGeneration"`
KeyGeneration LockedAttribute `json:"KeyGeneration"`
KeyPairResponse KeyPairResponse `json:"KeyPair"`
ManagementType LockedAttribute `json:"ManagementType"`
PrivateKeyReuseAllowed bool `json:"PrivateKeyReuseAllowed"`
SubjAltNameDnsAllowed bool `json:"SubjAltNameDnsAllowed"`
SubjAltNameEmailAllowed bool `json:"SubjAltNameEmailAllowed"`
SubjAltNameIpAllowed bool `json:"SubjAltNameIpAllowed"`
SubjAltNameUpnAllowed bool `json:"SubjAltNameUpnAllowed"`
SubjAltNameUriAllowed bool `json:"SubjAltNameUriAllowed"`
Subject SubjectResponse `json:"Subject"`
UniqueSubjectEnforced bool `json:"UniqueSubjectEnforced"`
WhitelistedDomains []string `json:"WhitelistedDomains"`
WildcardsAllowed bool `json:"WildcardsAllowed"`
}
type PolicySpecification ¶
type PolicySpecification struct {
Owners []string `json:"owners,omitempty" yaml:"owners,omitempty"`
Users []string `json:"users,omitempty" yaml:"users,omitempty"`
UserAccess string `json:"userAccess,omitempty" yaml:"userAccess,omitempty"`
Approvers []string `json:"approvers,omitempty" yaml:"approvers,omitempty"`
Policy *Policy `json:"policy,omitempty" yaml:"policy,omitempty"`
Default *Default `json:"defaults,omitempty" yaml:"defaults,omitempty"`
}
func BuildPolicySpecificationForTPP ¶
func BuildPolicySpecificationForTPP(checkPolicyResp CheckPolicyResponse) (*PolicySpecification, error)
func GetPolicySpec ¶
func GetPolicySpec() *PolicySpecification
type Product ¶
type Product struct {
CertificateAuthority string `json:"certificateAuthority"`
ProductName string `json:"productName"`
ValidityPeriod string `json:"validityPeriod"`
HashAlgorithm *string `json:"hashAlgorithm,omitempty"`
AutoRenew *bool `json:"autoRenew,omitempty"`
OrganizationId *int64 `json:"organizationId,omitempty"`
}
type ProductDetails ¶
type ProductDetails struct {
ProductTemplate ProductTemplate `json:"productTemplate"`
}
type ProductOption ¶
type ProductOption struct {
ProductName string `json:"productName"`
Id string `json:"id"`
ProductDetails ProductDetails `json:"productDetails"`
}
type ProductTemplate ¶
type ProductTemplate struct {
OrganizationId int64 `json:"organizationId"`
}
type RecommendedSettings ¶
type RecommendedSettings struct {
SubjectCNRegexes []string `json:"subjectCNRegexes"`
SubjectOValue *string `json:"subjectOValue"`
SubjectOUValue *string `json:"subjectOUValue"`
SubjectLValue *string `json:"subjectLValue"`
SubjectSTValue *string `json:"subjectSTValue"`
SubjectCValue *string `json:"subjectCValue"`
SanRegexes []string `json:"sanRegexes"`
Key *Key `json:"key"`
}
type Subject ¶
type Subject struct {
Orgs []string `json:"orgs,omitempty" yaml:"orgs,omitempty"`
OrgUnits []string `json:"orgUnits,omitempty" yaml:"orgUnits,omitempty"`
Localities []string `json:"localities,omitempty" yaml:"localities,omitempty"`
States []string `json:"states,omitempty" yaml:"states,omitempty"`
Countries []string `json:"countries,omitempty" yaml:"countries,omitempty"`
}
type SubjectAltNames ¶
type SubjectAltNames struct {
DnsAllowed *bool `json:"dnsAllowed,omitempty" yaml:"dnsAllowed,omitempty"`
IpAllowed *bool `json:"ipAllowed,omitempty" yaml:"ipAllowed,omitempty"`
EmailAllowed *bool `json:"emailAllowed,omitempty" yaml:"emailAllowed,omitempty"`
UriAllowed *bool `json:"uriAllowed,omitempty" yaml:"uriAllowed,omitempty"`
UpnAllowed *bool `json:"upnAllowed,omitempty" yaml:"uriProtocols,omitempty"`
UriProtocols []string `json:"uriProtocols,omitempty" yaml:"uriProtocols,omitempty"`
IpConstraints []string `json:"ipConstraints,omitempty" yaml:"uriProtocols,omitempty"`
}
type SubjectResponse ¶
type SubjectResponse struct {
City LockedAttribute `json:"City"`
Country LockedAttribute `json:"Country"`
Organization LockedAttribute `json:"Organization"`
OrganizationalUnit LockedArrayAttribute `json:"OrganizationalUnit"`
State LockedAttribute `json:"State"`
}
type TppPolicy ¶
type TppPolicy struct {
//general values
Name *string
//Owners []string "owners": string[],(permissions only) prefixed name/universal
Contact []string
//Permissions string "userAccess": string, (permissions) prefixed name/universal
Approver []string
//policy's values
ProhibitWildcard *int
DomainSuffixWhitelist []string
ProhibitedSANType []string
CertificateAuthority *string
ManagementType *LockedAttribute
//subject attributes
Organization *LockedAttribute
OrganizationalUnit *LockedArrayAttribute
City *LockedAttribute
State *LockedAttribute
Country *LockedAttribute
// KeyPair attributes
PkixParameterSetDefault *LockedAttribute
PkixParameterSet *LockedArrayAttribute
KeyAlgorithm *LockedAttribute //Deprecated in TPP 25.1, use PkixParameterSet
KeyBitStrength *LockedAttribute //Deprecated in TPP 25.1, use PkixParameterSet
EllipticCurve *LockedAttribute //Deprecated in TPP 25.1, use PkixParameterSet
ManualCsr *LockedAttribute
AllowPrivateKeyReuse *int
WantRenewal *int
}
func BuildTppPolicy ¶
func BuildTppPolicy(ps *PolicySpecification) TppPolicy
Source Files
Click to show internal directories.
Click to hide internal directories.