README
¶
go-vice
go-vice is a Golang binding for the Symantec Vice API.
Usage
import "github.com/sapcc/go-vice"
Create a new client, then use the exposed services to access the different parts of the API.
Authentication
The Vice API requires authentication via client certificates. Creating a client using such a keypair:
cert, err := tls.LoadX509KeyPair("symantec.pem", "symantec-key.pem")
viceClient := vice.New(cert)
Examples
Enrolling a New Certificate
In order to enroll for a new certificate, the API requires a CSR and RSA key.
go-vice includes a few utility methods to easy this dance.
key, _ := rsa.GenerateKey(rand.Reader, 2048)
sans := []string{"vice.sap.com", "certificates.sap.com"}
csr := vice.CreateCSR(
pkix.Name{
CommonName: "vice.sap.com",
Country: []string{"DE"},
Province: []string{"BERLIN"},
Locality: []string{"BERLIN"},
Organization: []string{"SAP SE"},
OrganizationalUnit: []string{"Infrastructure Automation"},
},
"michael02.schmidt@sap.com",
sans,
key)
enrollment, err := viceClient.Certificates.Enroll(
context.TODO(),
&vice.EnrollRequest{
Challenge: "Passwort1!",
CertProductType: vice.CertProductType.Server,
FirstName: "Michael",
MiddleInitial: "J",
LastName: "Schmidt",
Email: "michael.schmidt@email.com",
CSR: string(csr),
ServerType: vice.ServerType.OpenSSL,
EmployeeId: "d038720",
SignatureAlgorithm: vice.SignatureAlgorithm.SHA256WithRSAEncryption,
SubjectAltNames: sans,
ValidityPeriod: vice.ValidityPeriod.OneYear,
}
)
// With Auto-Approval turned on, the certificate is returned
certificate := enrollment.Certificate
// Otherwise, you can approve it with the returned transactionID
tid := enrollment.TransactionID
Approving a Certificate
Certificates requested via API can be auto-approved. Or using a manual approval step:
approval, err := viceClient.Certificates.Approve(
context.TODO(),
&vice.ApprovalRequest{
TransactionID: enrollment.TransactionID
}
)
certificate := approval.Certificate
Picking up a Certificate
You can pick up issues certificates at a later time. Given you still know the TransactionID.
pickup, err := viceClient.Certificates.Pickup(
context.TODO(),
&vice.PickupRequest{
TransactionID: tid
}
)
certificate := pickup.Certificate
Renewing a Certificate
Renewing an existing cerificate is nearly identical to enrolling for a new certificate. In addition the original certificate or the transaction ID needs to be provided.
renewal, err := viceClient.Certificates.Renew(
context.TODO(),
&vice.RenewRequest{
FirstName: "Michael",
LastName: "Schmidt",
Email: "michael.schmidt@email.com",
CSR: string(csr),
SubjectAltNames: sans,
OriginalCertificate: certificate,
OriginalChallenge: "Passwort1!",
Challenge: "Passwort2!",
CertProductType: vice.CertProductType.Server,
ServerType: vice.ServerType.OpenSSL,
ValidityPeriod: vice.ValidityPeriod.OneYear,
SignatureAlgorithm: vice.SignatureAlgorithm.SHA256WithRSAEncryption,
}
)
// With Auto-Approval turned on, the certificate is returned
certificate := renewal.Certificate
// Otherwise, you can approve it with the returned transactionID
tid := renewal.TransactionID
Revoking a Certificate
Revoking a valid certificate. Given you still know the serial number of the certificate. In addition you have to provide a reason and a password, if it was set for the certificate.
revokement, err := viceClient.Certificates.Revoke(
context.Background(),
&vice.RevokeRequest{
CertSerial: "04be916823d7asd1908acc9f982a4ccf12",
Reason: vice.CertRevokementType.Unspecified,
Challenge: "password",
})
Documentation
¶
Index ¶
- Variables
- func CreateCSR(name pkix.Name, email string, sans []string, key *rsa.PrivateKey) ([]byte, error)
- type Approval
- type ApprovalRequest
- type CertificatesService
- type CertificatesServiceOp
- func (c *CertificatesServiceOp) Approve(ctx context.Context, r *ApprovalRequest) (*Approval, error)
- func (c *CertificatesServiceOp) Enroll(ctx context.Context, er *EnrollRequest) (*Enrollment, error)
- func (c *CertificatesServiceOp) GetOrganizationInfo(ctx context.Context) (*OrganizationInfo, error)
- func (c *CertificatesServiceOp) GetTokenCount(ctx context.Context) (*TokenCount, error)
- func (c *CertificatesServiceOp) Pickup(ctx context.Context, r *PickupRequest) (*Pickup, error)
- func (c *CertificatesServiceOp) Renew(ctx context.Context, er *RenewRequest) (*Renewal, error)
- func (c *CertificatesServiceOp) Replace(ctx context.Context, er *ReplaceRequest) (*Replacement, error)
- func (c *CertificatesServiceOp) Revoke(ctx context.Context, er *RevokeRequest) (*Revokement, error)
- type Client
- type Date
- type EnrollRequest
- type Enrollment
- type OrganizationInfo
- type Pickup
- type PickupRequest
- type RenewRequest
- type Renewal
- type ReplaceRequest
- type Replacement
- type RevokeRequest
- type Revokement
- type SimpleTime
- type TokenCount
- type ViceError
- type ViceResponse
Constants ¶
This section is empty.
Variables ¶
View Source
var CTLogOption = struct {
Public _CTLogOption
NoLog _CTLogOption
}{
"public",
"nolog",
}
View Source
var CertProductType = struct {
HAServer _CertProductType
HAGlobalServer _CertProductType
Server _CertProductType
GlobalServer _CertProductType
IntranetServer _CertProductType
IntranetGlobalServer _CertProductType
PrivateServer _CertProductType
GeotrustServer _CertProductType
CodeSigning _CertProductType
JavaCodeSigning _CertProductType
EVCodeSigning _CertProductType
OFXServer _CertProductType
}{
"HAServer",
"HAGlobalServer",
"Server",
"GlobalServer",
"IntranetServer",
"IntranetGlobalServer",
"PrivateServer",
"GeotrustServer",
"CodeSigning",
"JavaCodeSigning",
"EVCodeSigning",
"OFXServer",
}
View Source
var CertRevokementType = struct {
KeyCompromise _CertRevokementType
CACompromise _CertRevokementType
AffiliationChanged _CertRevokementType
Superseded _CertRevokementType
CessationOfOperation _CertRevokementType
CertificateHold _CertRevokementType
RemoveFromCRL _CertRevokementType
PrivilegeWithdrawn _CertRevokementType
AACompromise _CertRevokementType
Unspecified _CertRevokementType
}{
KeyCompromise: "Key compromise",
CACompromise: "CA compromise",
AffiliationChanged: "Affiliation changed",
Superseded: "Superseded",
CessationOfOperation: "Cessation of operation",
CertificateHold: "Certificate hold",
RemoveFromCRL: "Remove from CRL",
PrivilegeWithdrawn: "Privilege withdrawn",
AACompromise: "AA compromise",
Unspecified: "Unspecified",
}
View Source
var ServerType = struct {
Microsoft _ServerType
OpenSSL _ServerType
}{
"Microsoft",
"Apache",
}
View Source
var SignatureAlgorithm = struct {
SHA1WithRSAEncryption _SignatureAlgorithm
SHA256WithRSAEncryption _SignatureAlgorithm
SHA256WithRSAEncryptionFull _SignatureAlgorithm
DSAwithSHA256 _SignatureAlgorithm
ECDSAwithSHA256 _SignatureAlgorithm
ECDSAwithSHA256andRSAroot _SignatureAlgorithm
}{
"sha1WithRSAEncryption",
"sha256WithRSAEncryption",
"sha256WithRSAEncryptionFull",
"DSAwithSHA256",
"ECDSAwithSHA256",
"ECDSAwithSHA256andRSAroot",
}
View Source
var ValidityPeriod = struct {
OneYear _ValidityPeriod
TwoYears _ValidityPeriod
ThreeYears _ValidityPeriod
}{
"1Y",
"2Y",
"3Y",
}
Functions ¶
Types ¶
type Approval ¶
type Approval struct {
ViceResponse
Certificate string `xml:"Certificate,omitempty"`
}
type ApprovalRequest ¶
type ApprovalRequest struct {
TransactionID string `url:"transaction_id"`
}
type CertificatesService ¶
type CertificatesService interface {
Enroll(context.Context, *EnrollRequest) (*Enrollment, error)
Pickup(context.Context, *PickupRequest) (*Pickup, error)
Approve(context.Context, *ApprovalRequest) (*Approval, error)
Renew(context.Context, *RenewRequest) (*Renewal, error)
Replace(context.Context, *ReplaceRequest) (*Replacement, error)
Revoke(context.Context, *RevokeRequest) (*Revokement, error)
GetTokenCount(context.Context) (*TokenCount, error)
GetOrganizationInfo(context.Context) (*OrganizationInfo, error)
}
type CertificatesServiceOp ¶
type CertificatesServiceOp struct {
// contains filtered or unexported fields
}
func (*CertificatesServiceOp) Approve ¶
func (c *CertificatesServiceOp) Approve(ctx context.Context, r *ApprovalRequest) (*Approval, error)
func (*CertificatesServiceOp) Enroll ¶
func (c *CertificatesServiceOp) Enroll(ctx context.Context, er *EnrollRequest) (*Enrollment, error)
func (*CertificatesServiceOp) GetOrganizationInfo ¶
func (c *CertificatesServiceOp) GetOrganizationInfo(ctx context.Context) (*OrganizationInfo, error)
func (*CertificatesServiceOp) GetTokenCount ¶
func (c *CertificatesServiceOp) GetTokenCount(ctx context.Context) (*TokenCount, error)
func (*CertificatesServiceOp) Pickup ¶
func (c *CertificatesServiceOp) Pickup(ctx context.Context, r *PickupRequest) (*Pickup, error)
func (*CertificatesServiceOp) Renew ¶
func (c *CertificatesServiceOp) Renew(ctx context.Context, er *RenewRequest) (*Renewal, error)
func (*CertificatesServiceOp) Replace ¶
func (c *CertificatesServiceOp) Replace(ctx context.Context, er *ReplaceRequest) (*Replacement, error)
func (*CertificatesServiceOp) Revoke ¶
func (c *CertificatesServiceOp) Revoke(ctx context.Context, er *RevokeRequest) (*Revokement, error)
type Client ¶
type Client struct {
BaseURL *url.URL
UserAgent string
Certificates CertificatesService
// contains filtered or unexported fields
}
func New ¶
func New(cert tls.Certificate) *Client
type EnrollRequest ¶
type EnrollRequest struct {
Challenge string `url:"challenge"`
FirstName string `url:"firstName"`
MiddleInitial string `url:"middleInitial,omitempty"`
LastName string `url:"lastName"`
Email string `url:"email"`
CSR string `url:"csr"`
CertProductType _CertProductType `url:"certProductType"`
ServerType _ServerType `url:"serverType"`
ValidityPeriod _ValidityPeriod `url:"validityPeriod"`
SpecificEndDate Date `url:"specificEndDate,omitempty"`
EmployeeId string `url:"employeeID,omitempty"`
ServerIP string `url:"serverIP,omitempty"`
MailStop string `url:"mailStop,omitempty"`
SignatureAlgorithm _SignatureAlgorithm `url:"signatureAlgorithm,omitempty"`
CTLogOption _CTLogOption `url:"ctLogOption,omitempty"`
AdditionalFields []string `url:"additionalField,numbered,omitempty"`
SubjectAltNames []string `url:"subject_alt_names,comma,omitempty"`
}
type Enrollment ¶
type Enrollment struct {
ViceResponse
Certificate string `xml:"Certificate,omitempty"`
TransactionID string `xml:"Transaction_ID,omitempty"`
}
type OrganizationInfo ¶
type OrganizationInfo struct {
ViceResponse
Organization _Organization `xml:"Organization"`
}
type Pickup ¶
type Pickup struct {
ViceResponse
Certificate string `xml:"Certificate,omitempty"`
}
type PickupRequest ¶
type PickupRequest struct {
TransactionID string `url:"transaction_id"`
}
type RenewRequest ¶
type RenewRequest struct {
Challenge string `url:"challenge"`
FirstName string `url:"firstName"`
LastName string `url:"lastName"`
Email string `url:"email"`
CSR string `url:"csr"`
CertProductType _CertProductType `url:"certProductType"`
ServerType _ServerType `url:"serverType"`
ValidityPeriod _ValidityPeriod `url:"validityPeriod"`
SpecificEndDate Date `url:"specificEndDate,omitempty"`
OriginalCertificate string `url:"original_certificate"`
OriginalTransactionID string `url:"original_transaction_id"`
OriginalChallenge string `url:"original_challenge"`
SignatureAlgorithm _SignatureAlgorithm `url:"signatureAlgorithm,omitempty"`
CTLogOption _CTLogOption `url:"ctLogOption,omitempty"`
SubjectAltNames []string `url:"subject_alt_names,comma,omitempty"`
}
type Renewal ¶
type Renewal struct {
ViceResponse
Certificate string `xml:"Certificate,omitempty"`
TransactionID string `xml:"Transaction_ID,omitempty"`
}
type ReplaceRequest ¶
type ReplaceRequest struct {
OriginalCertificate string `url:"original_certificate"`
OriginalTransactionID string `url:"original_transaction_id,omitempty"`
OriginalChallenge string `url:"original_challenge"`
Challenge string `url:"challenge"`
Reason string `url:"reason"`
CSR string `url:"csr"`
SpecificEndDate Date `url:"specificEndDate,omitempty"`
FirstName string `url:"firstName"`
LastName string `url:"lastName"`
Email string `url:"email"`
ServerType _ServerType `url:"serverType"`
SignatureAlgorithm _SignatureAlgorithm `url:"signatureAlgorithm,omitempty"`
CTLogOption _CTLogOption `url:"ctLogOption,omitempty"`
AdditionalFields []string `url:"additionalField,numbered,omitempty"`
}
type Replacement ¶
type Replacement struct {
ViceResponse
Certificate string `xml:"Certificate,omitempty"`
TransactionID string `xml:"Transaction_ID,omitempty"`
}
type RevokeRequest ¶
type Revokement ¶
type Revokement struct {
ViceResponse ViceResponse
}
type SimpleTime ¶
func NewSimpleTime ¶
func NewSimpleTime(day, month, year int) SimpleTime
func (*SimpleTime) UnmarshalXML ¶
func (sT *SimpleTime) UnmarshalXML(d *xml.Decoder, start xml.StartElement) error
type TokenCount ¶
type TokenCount struct {
ViceResponse
Tokens []_TokenCount `xml:"TokenCount"`
}
Source Files
Click to show internal directories.
Click to hide internal directories.