types

package
v0.0.6-beta Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 21, 2024 License: Apache-2.0 Imports: 5 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var CertificateRequestExtension = map[string]Extensions{
	"EndEntityClientAuthCertificate": {
		KeyUsage:         x509.KeyUsageDigitalSignature | x509.KeyUsageKeyEncipherment,
		ExtendedKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth},
		TemplateArn:      "arn:aws:acm-pca:::template/EndEntityClientAuthCertificate/V1",
	},
	"EndEntityServerAuthCertificate": {
		KeyUsage:         x509.KeyUsageDigitalSignature | x509.KeyUsageKeyEncipherment,
		ExtendedKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth},
		TemplateArn:      "arn:aws:acm-pca:::template/EndEntityServerAuthCertificate/V1",
	},
	"CodeSigningCertificate": {
		KeyUsage:         x509.KeyUsageDigitalSignature,
		ExtendedKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageCodeSigning},
		TemplateArn:      "arn:aws:acm-pca:::template/CodeSigningCertificate/V1",
	},
}
View Source 
var Methods = map[string]AuthenticationKey{
	"/grpc.health.v1.Health/Check":                       PassAuthentication,
	"/baseca.v1.Account/LoginUser":                       PassAuthentication,
	"/baseca.v1.Account/UpdateUserCredentials":           PassAuthentication,
	"/baseca.v1.Certificate/SignCSR":                     ServiceAuthentication,
	"/baseca.v1.Certificate/OperationsSignCSR":           ProvisionerAuthentication,
	"/baseca.v1.Certificate/QueryCertificateMetadata":    ProvisionerAuthentication,
	"/baseca.v1.Service/ProvisionServiceAccount":         ProvisionerAuthentication,
	"/baseca.v1.Service/GetServiceAccountByMetadata":     ProvisionerAuthentication,
	"/baseca.v1.Service/DeleteProvisionedServiceAccount": ProvisionerAuthentication,
}
View Source 
var SubordinatePath string
View Source 
var ValidNodeAttestation = map[string]bool{
	"Local": false,
	"AWS":   true,
}

Functions

This section is empty.

Types

type Algorithm 

type Algorithm struct {
	Algorithm        x509.PublicKeyAlgorithm
	KeySize          map[int]interface{}
	Signature        map[string]bool
	SigningAlgorithm map[x509.SignatureAlgorithm]bool
}

type Attestation 

type Attestation uint
const (
	AWS_IID Attestation = iota
)

func (Attestation) String 

func (a Attestation) String() string

type AuthenticationKey 

type AuthenticationKey uint
const (
	PassAuthentication AuthenticationKey = iota
	ServiceAuthentication
	ProvisionerAuthentication
)

type CertificateAuthority 

type CertificateAuthority struct {
	Certificate             *x509.Certificate
	PrivateKey              *pem.Block
	SerialNumber            string
	CertificateAuthorityArn string
}

type CertificateMetadata 

type CertificateMetadata struct {
	SerialNumber            string
	CommonName              string
	SubjectAlternativeName  []string
	ExpirationDate          time.Time
	IssuedDate              time.Time
	CaSerialNumber          string
	CertificateAuthorityArn string
	Revoked                 bool
	RevokedBy               string
	RevokeDate              time.Time
}

type CertificateParameters 

type CertificateParameters struct {
	Region     string
	CaArn      string
	AssumeRole bool
	RoleArn    string
	Validity   int
	RootCa     bool
}

type CertificateResponseData 

type CertificateResponseData struct {
	Certificate                  string              `json:"certificate"`
	IntermediateCertificateChain string              `json:"intermediate_certificate_chain,omitempty"`
	RootCertificateChain         string              `json:"root_certificate_chain,omitempty"`
	Metadata                     CertificateMetadata `json:"metadata"`
}

type ContextKey 

type ContextKey uint
const (
	// Context Metadata
	ServiceAuthenticationContextKey ContextKey = iota
	ProvisionerAuthenticationContextKey
	UserAuthenticationContextKey
)

type EC2InstanceMetadata 

type EC2InstanceMetadata struct {
	InstanceIdentityDocument  []byte `json:"instance_identity_document"`
	InstanceIdentitySignature []byte `json:"instance_identity_signature"`
}

type EC2NodeAttestation 

type EC2NodeAttestation struct {
	ClientID       uuid.UUID         `json:"client_id"`
	RoleArn        string            `json:"instance_profile_arn,omitempty"`
	AssumeRole     string            `json:"assume_role,omitempty"`
	SecurityGroups []string          `json:"security_groups,omitempty"`
	Region         string            `json:"region,omitempty"`
	InstanceID     string            `json:"instance_id,omitempty"`
	ImageID        string            `json:"image_id,omitempty"`
	InstanceTags   map[string]string `json:"instance_tags,omitempty"`
}

Node Attestation Configured in Database

type EnvironmentKey 

type EnvironmentKey uint
const (
	// Environments
	Production EnvironmentKey = iota
	PreProduction
	Staging
	Development
	Sandbox
	Local
	Corporate
)

func (EnvironmentKey) String 

func (u EnvironmentKey) String() string

type Extensions 

type Extensions struct {
	KeyUsage         x509.KeyUsage
	ExtendedKeyUsage []x509.ExtKeyUsage
	TemplateArn      string
}

type InstanceIdentityDocument 

type InstanceIdentityDocument struct {
	AccountId        string `json:"accountId"`
	Architecture     string `json:"architecture"`
	AvailabilityZone string `json:"availabilityZone"`
	ImageId          string `json:"imageId"`
	InstanceId       string `json:"instanceId"`
	InstanceType     string `json:"instanceType"`
	PrivateIp        string `json:"privateIp"`
	Region           string `json:"region"`
	Version          string `json:"version"`
}

type NodeAttestation 

type NodeAttestation struct {
	EC2NodeAttestation EC2NodeAttestation `json:"aws_iid"`
}

type NodeIIDAttestation 

type NodeIIDAttestation struct {
	Uuid                uuid.UUID
	EC2InstanceMetadata aws_iid.EC2InstanceMetadata
	Attestation         EC2NodeAttestation
}

type ProvisionerAccountPayload 

type ProvisionerAccountPayload struct {
	ClientId                   uuid.UUID `json:"client_id"`
	ProvisionerAccount         string    `json:"provisioner_account"`
	Environments               []string  `json:"environments"`
	ValidSubjectAlternateNames []string  `json:"subject_alternate_names"`
	MaxCertificateValidity     uint32    `json:"max_certificate_validity"`
	ExtendedKeys               []string  `json:"certificate_request_extension"`
	RegularExpression          string    `json:"regular_expression"`
}

type ServiceAccountPayload 

type ServiceAccountPayload struct {
	ServiceID                   uuid.UUID `json:"service_id"`
	ServiceAccount              string    `json:"service_account"`
	Environment                 string    `json:"environment"`
	ValidSubjectAlternateName   []string  `json:"subject_alternate_name"`
	ValidCertificateAuthorities []string  `json:"certificate_authorities"`
	CertificateValidity         int16     `json:"certificate_validity"`
	SubordinateCa               string    `json:"subordinate_ca"`
	ExtendedKey                 string    `json:"certificate_request_extension"`
	SANRegularExpression        string    `json:"regular_expression"`
}

type UserKey 

type UserKey uint
const (
	// User Permissions
	ADMIN UserKey = iota
	PRIVILEGED
	READ
)

func (UserKey) String 

func (u UserKey) String() string

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.