types

package
v0.0.3-beta Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Oct 18, 2023 License: Apache-2.0 Imports: 7 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	// Context Metadata
	ServiceAuthenticationContextKey     ContextKey = iota
	ProvisionerAuthenticationContextKey ContextKey = iota
	UserAuthenticationContextKey        ContextKey = iota
	EnrollmentAuthenticationContextKey  ContextKey = iota

	// User Permissions
	ADMIN      = "ADMIN"
	PRIVILEGED = "PRIVILEGED"
	READ       = "READ"
)

Variables

View Source 
var Attestation = Node{
	AWS_IID: "AWS_IID",
}
View Source 
var CertificateRequestExtension = map[string]Extensions{
	"EndEntityClientAuthCertificate": {
		KeyUsage:         x509.KeyUsageDigitalSignature | x509.KeyUsageKeyEncipherment,
		ExtendedKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth},
		TemplateArn:      "arn:aws:acm-pca:::template/EndEntityClientAuthCertificate/V1",
	},
	"EndEntityServerAuthCertificate": {
		KeyUsage:         x509.KeyUsageDigitalSignature | x509.KeyUsageKeyEncipherment,
		ExtendedKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth},
		TemplateArn:      "arn:aws:acm-pca:::template/EndEntityServerAuthCertificate/V1",
	},
	"CodeSigningCertificate": {
		KeyUsage:         x509.KeyUsageDigitalSignature,
		ExtendedKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageCodeSigning},
		TemplateArn:      "arn:aws:acm-pca:::template/CodeSigningCertificate/V1",
	},
}
View Source 
var PublicKeyAlgorithms = map[string]Algorithm{
	"RSA": {
		Algorithm: x509.RSA,
		KeySize: map[int]any{
			2048: true,
			4096: true,
		},
		Signature: map[string]bool{
			"SHA256WITHRSA": true,
			"SHA384WITHRSA": true,
			"SHA512WITHRSA": true,
		},
		SigningAlgorithm: map[x509.SignatureAlgorithm]bool{
			x509.SHA256WithRSA: true,
			x509.SHA384WithRSA: true,
			x509.SHA512WithRSA: true,
		},
	},
	"ECDSA": {
		Algorithm: x509.ECDSA,
		KeySize: map[int]any{
			256: elliptic.P256(),
			384: elliptic.P384(),
			521: elliptic.P521(),
		},
		Signature: map[string]bool{
			"SHA256WITHECDSA": true,
			"SHA384WITHECDSA": true,
			"SHA512WITHECDSA": true,
		},
		SigningAlgorithm: map[x509.SignatureAlgorithm]bool{
			x509.ECDSAWithSHA256: true,
			x509.ECDSAWithSHA384: true,
			x509.ECDSAWithSHA512: true,
		},
	},

	"Ed25519": {
		Algorithm: x509.Ed25519,
		KeySize: map[int]any{
			256: true,
		},
	},
}
View Source 
var SubordinatePath string
View Source 
var ValidNodeAttestation = map[string]bool{
	"None": false,
	"AWS":  true,
}
View Source 
var ValidSignatures = map[string]SignatureAlgorithm{
	"SHA256WITHECDSA": {
		Common: x509.ECDSAWithSHA256,
		PCA:    types.SigningAlgorithmSha256withecdsa,
	},
	"SHA384WITHECDSA": {
		Common: x509.ECDSAWithSHA384,
		PCA:    types.SigningAlgorithmSha384withecdsa,
	},
	"SHA512WITHECDSA": {
		Common: x509.ECDSAWithSHA512,
		PCA:    types.SigningAlgorithmSha512withecdsa,
	},
	"SHA256WITHRSA": {
		Common: x509.SHA256WithRSA,
		PCA:    types.SigningAlgorithmSha256withrsa,
	},
	"SHA384WITHRSA": {
		Common: x509.SHA384WithRSA,
		PCA:    types.SigningAlgorithmSha384withrsa,
	},
	"SHA512WITHRSA": {
		Common: x509.SHA512WithRSA,
		PCA:    types.SigningAlgorithmSha512withrsa,
	},
}

Functions

This section is empty.

Types

type AWSInstanceIdentityDocument 

type AWSInstanceIdentityDocument struct {
	RoleArn        string            `json:"instance_profile_arn,omitempty"`
	AssumeRole     string            `json:"assume_role,omitempty"`
	SecurityGroups []string          `json:"security_groups,omitempty"`
	Region         string            `json:"region,omitempty"`
	InstanceID     string            `json:"instance_id,omitempty"`
	ImageID        string            `json:"image_id,omitempty"`
	InstanceTags   map[string]string `json:"instance_tags,omitempty"`
}

type Algorithm 

type Algorithm struct {
	Algorithm        x509.PublicKeyAlgorithm
	KeySize          map[int]any
	Signature        map[string]bool
	SigningAlgorithm map[x509.SignatureAlgorithm]bool
}

type AsymmetricKey 

type AsymmetricKey interface {
	KeyPair() any
	Sign(data []byte) ([]byte, error)
}

type CertificateAuthority 

type CertificateAuthority struct {
	Certificate             *x509.Certificate
	AsymmetricKey           *AsymmetricKey
	SerialNumber            string
	CertificateAuthorityArn string
}

type CertificateMetadata 

type CertificateMetadata struct {
	SerialNumber            string
	CommonName              string
	SubjectAlternativeName  []string
	ExpirationDate          time.Time
	IssuedDate              time.Time
	CaSerialNumber          string
	CertificateAuthorityArn string
	Revoked                 bool
	RevokedBy               string
	RevokeDate              time.Time
}

type CertificateParameters 

type CertificateParameters struct {
	Region     string
	CaArn      string
	AssumeRole bool
	RoleArn    string
	Validity   int
	RootCa     bool
}

type CertificateRequest 

type CertificateRequest struct {
	CommonName            string
	SubjectAlternateNames []string
	DistinguishedName     DistinguishedName
	SigningAlgorithm      x509.SignatureAlgorithm
	PublicKeyAlgorithm    x509.PublicKeyAlgorithm
	KeySize               int
	Output                Output
}

type ContextKey 

type ContextKey int

type DeviceEnrollmentRequest 

type DeviceEnrollmentRequest struct {
	SerialNumber string `json:"serial_number" binding:"required"`
	Environment  string `json:"environment" binding:"required,ca_environment"`
}

type DeviceEnrollmentResponse 

type DeviceEnrollmentResponse struct {
	SerialNumber string `json:"serial_number"`
	Credentials  string `json:"credentials"`
}

type DistinguishedName 

type DistinguishedName struct {
	Country            []string
	Province           []string
	Locality           []string
	Organization       []string
	OrganizationalUnit []string
}

type EC2InstanceMetadata 

type EC2InstanceMetadata struct {
	InstanceIdentityDocument  []byte `json:"instance_identity_document"`
	InstanceIdentitySignature []byte `json:"instance_identity_signature"`
}

type EndpointCertificateIssueRequest 

type EndpointCertificateIssueRequest struct {
}

type Extensions 

type Extensions struct {
	KeyUsage         x509.KeyUsage
	ExtendedKeyUsage []x509.ExtKeyUsage
	TemplateArn      string
}

type Node 

type Node struct {
	AWS_IID string
}

type NodeAttestation 

type NodeAttestation struct {
	AWSInstanceIdentityDocument AWSInstanceIdentityDocument `json:"aws_iid"`
}

type Output 

type Output struct {
	CertificateSigningRequest string
	Certificate               string
	CertificateChain          string
	PrivateKey                string
}

type ProvisionerAccountPayload 

type ProvisionerAccountPayload struct {
	ClientId                   uuid.UUID `json:"client_id"`
	ProvisionerAccount         string    `json:"provisioner_account"`
	Environments               []string  `json:"environments"`
	ValidSubjectAlternateNames []string  `json:"subject_alternate_names"`
	MaxCertificateValidity     uint32    `json:"max_certificate_validity"`
	ExtendedKeys               []string  `json:"certificate_request_extension"`
	RegularExpression          string    `json:"regular_expression"`
}

type ServiceAccountPayload 

type ServiceAccountPayload struct {
	ServiceID                   uuid.UUID `json:"service_id"`
	ServiceAccount              string    `json:"service_account"`
	Environment                 string    `json:"environment"`
	ValidSubjectAlternateName   []string  `json:"subject_alternate_name"`
	ValidCertificateAuthorities []string  `json:"certificate_authorities"`
	CertificateValidity         int16     `json:"certificate_validity"`
	SubordinateCa               string    `json:"subordinate_ca"`
	ExtendedKey                 string    `json:"certificate_request_extension"`
	SANRegularExpression        string    `json:"regular_expression"`
}

type SignatureAlgorithm 

type SignatureAlgorithm struct {
	Common x509.SignatureAlgorithm
	PCA    types.SigningAlgorithm
}

type SignedCertificate 

type SignedCertificate struct {
	CertificatePath                  string
	IntermediateCertificateChainPath string
	RootCertificateChainPath         string
}

type SigningRequest 

type SigningRequest struct {
	CSR        *bytes.Buffer
	PrivateKey *pem.Block
}

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.