certs

package
v0.0.0-...-b7efc31 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Oct 26, 2020 License: MIT Imports: 11 Imported by: 0

Documentation

Overview

Package certs provides a client for REST operations involving certificates. This implemenets calls from this API: https://docs.microsoft.com/en-us/rest/api/keyvault/#certificate-operations

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type Action 

type Action struct {
	// ActionType is the type of action.
	ActionType ActionType `json:"action_type"`
}

Action is the action that will be executed by Keyvault.

type ActionType 

type ActionType struct {
	AutoRenew     string `json:"AutoRenew"`
	EmailContacts string `json:"EmailContacts"`
}

ActionType is the type of action. What goes in the fields is not documented: https://docs.microsoft.com/en-us/rest/api/keyvault/createcertificate/createcertificate#actiontype

type AdminDetails 

type AdminDetails struct {
	// Email provides the email address of an administrator.
	Email string `json:"email"`
	// First is the admin's first name.
	First string `json:"first_name"`
	// Last is the admin's last name.
	Last string `json:"last_name"`
	// Phone is the amdin's phone number.
	Phone string `json:"phone"`
}

AdminDetails provides contact information for an org's administrator.

type Attributes 

type Attributes struct {
	// RecoveryLevel is the level of recovery for this password when deleted.  See the description of
	// DeletionRecoveryLevel above.
	RecoveryLevel DeletionRecoveryLevel `json:"recoveryLevel,omitempty"`
	// RecoverableDays is the soft delete data retention days. Must be >=7 and <=90, otherwise 0.
	RecoverableDays int `json:"recoverableDays,omitempty"`
	// Enabled indicates if the secret is currently enabled.
	Enabled bool `json:"enabled,omitempty"`
	// Created indicates the time the secret was created in UTC. If set to the zero value, it indicates
	// this was not set.
	Created *values.Time `json:"created,omitempty"`
	// NotBefore indicate that the key isn"t valid before this time in UTC. If set to the zero value, it indicates
	// this was not set.
	NotBefore values.Time `json:"nbf,omitempty"`
	// Updated indicates the last time the secret was updated in UTC. If set to the zero value, it indicates
	// this was not set.
	Updated values.Time `json:"updated,omitempty"`
	// Expiry is the expiry date of the certificate.
	Expiry values.Time `json:"exp,omitempty"`
}

Attributes are attributes associated with a certificate.

type Base 

type Base struct {
	Attributes Attributes `json:"attributes,omitempty"`
	// ID is the id of the certificate.
	ID string `json:"id"`
	// Tags are application specific metadata key/value pairs.
	Tags map[string]string `json:"tags,omitempty"`
	// Thumbprint is the thumbprint of the certificate.
	Thumbprint string `json:"x5t,omitempty"`
}

Base is base attributes of a certificate bundle.

type Bundle 

type Bundle struct {
	Base
	// CER is the PEM contents of the x509 certificate.
	CER string `json:"cer"`
	// Certs are the X509 certificates converted from the CER field.
	Certs []*x509.Certificate `json:"-"`
	// ContentType is the content type of the secret.
	// TODO(jdoak): I think this is a copy paste bug in their documentation.
	// Unless it is telling me the private key archive format that is in the secret store.
	ContentType string `json:"contentType,omitempty"`
	// KID is the key id.
	KID string `json:"kid,omitempty"`
	// Policy is the management policy.
	Policy Policy `json:"policy,omitempty"`
	// SID is the secret id that stores the private key.
	SID string `json:"sid,omitempty"`
}

Bundle is a certificate bundle.

func (Bundle) X509 

func (b Bundle) X509() error

X590 takes the .CER attribute and decodes it into X509 certificates so that users may inspect the certificates for information, adds certs to certificate pools, etc...

type CertificateIssuerItem 

type CertificateIssuerItem struct {
	// ID is the ID of the issuer.
	ID string `json:"id"`
	// Provider is the issuer provider.
	Provider string `json:"provider"`
}

CertificateIssuerItem is a certificate issuer for a keyvault.

type Client 

type Client struct {
	// Conn is the connection to the keyvault service.
	Conn *conn.Conn
}

Client is a client for making calls to Certificate operations on Keyvault.

func (*Client) Backup 

func (c *Client) Backup(ctx context.Context, name string) (string, error)

Backup requests that a backup of the specified certificate be downloaded to the client. All versions of the certificate will be downloaded. The backups are encapsulated in the returned string. The format is not specified.

func (*Client) Certificate 

func (c *Client) Certificate(ctx context.Context, name, version string) (Bundle, error)

Certificate gets the named verion of a certificate's information.

func (*Client) Contacts 

func (c *Client) Contacts(ctx context.Context) (Contacts, error)

Contacts returns a list of contact information.

func (*Client) Create 

func (c *Client) Create(ctx context.Context, name string, attr Attributes, policy Policy, tags map[string]string) (Operation, error)

Create creates a new certificate. If this is the first version, the certificate resource is created.

func (*Client) Delete 

func (c *Client) Delete(ctx context.Context, name string) (DeletedBundle, error)

Delete deletes the named certificate.

func (*Client) DeleteIssuer 

func (c *Client) DeleteIssuer(ctx context.Context, name string) (Issuer, error)

DeleteIssuer removes the specified issuer from the vault.

func (*Client) Deleted 

func (c *Client) Deleted(ctx context.Context, name string) (DeletedBundle, error)

Deleted retrieves information about the specified deleted certificate.

func (*Client) Import 

func (c *Client) Import(ctx context.Context, name string, value string, options ...ImportOption) (Bundle, error)

Import imports a certificate into Keyvault. This can be either a PKCS12 file or PEM file. If it is PKCS12, must be base64 encoded and use option ImportPassword() if it has a passsword associated with it.

func (*Client) Issuer 

func (c *Client) Issuer(ctx context.Context, name string) (Issuer, error)

Issuer lists the specified certificate issuer. Name is the name of the issuer.

func (*Client) Issuers 

func (c *Client) Issuers(ctx context.Context) ([]CertificateIssuerItem, error)

Issuers returns a list of Issuers for this Keyvault.

func (*Client) ListCertificates 

func (c *Client) ListCertificates(ctx context.Context, includePending bool, maxResults int32) ([]Base, error)

ListCertificates lists certificates in the vault. includePending indicates if the list should include certificates that are pending. maxResults, if not set, will be 25.

func (*Client) ListDeleted 

func (c *Client) ListDeleted(ctx context.Context, includePending bool, maxResults int32) ([]DeletedCertMeta, error)

func (*Client) Merge 

func (c *Client) Merge(ctx context.Context, name string, x5c []string, options ...MergeOption) (Bundle, error)

Merge merges a certificate or chain with a key pair existing on the server. Name is the name of the certificate. x5c is the certificate or chain to merge.

func (*Client) Policy 

func (c *Client) Policy(ctx context.Context, name string) (Policy, error)

Policy lists the policy for a certificate.

func (*Client) Purge 

func (c *Client) Purge(ctx context.Context, name string) error

Purge permanently deletes the specified deleted certificate without possibility for recovery.

func (*Client) Recover 

func (c *Client) Recover(ctx context.Context, name string) (Bundle, error)

Recover recovers the deleted certificate back to its current version.

func (*Client) Restore 

func (c *Client) Restore(ctx context.Context, backup string) (Bundle, error)

Restore restores a backed up certificate to the vault. backup is the string provided by keyvault when calling Backup().

func (*Client) SetContacts 

func (c *Client) SetContacts(ctx context.Context, contacts []Contact) (Contacts, error)

SetContacts sets the certificate contacts for the vault.

func (*Client) SetIssuer 

func (c *Client) SetIssuer(ctx context.Context, issuer Issuer) (Issuer, error)

SetIssuer sets the specified certificate issuer.

func (*Client) UpdateCert 

func (c *Client) UpdateCert(ctx context.Context, name, version string, attr Attributes, pol Policy, tags map[string]string) (Bundle, error)

UpdateCert updates the specified attributes associated with the given certificate.

func (*Client) UpdateIssuer 

func (c *Client) UpdateIssuer(ctx context.Context, name string, issuer Issuer) (Issuer, error)

UpdateIssuer updates the issuer.

func (*Client) UpdatePolicy 

func (c *Client) UpdatePolicy(ctx context.Context, name string, pol Policy) (Policy, error)

UpdatePolicy updates the policy for a certificate.

func (*Client) Versions 

func (c *Client) Versions(ctx context.Context, name string) ([]Base, error)

Versions returns information about versions of a certificate.

type Contact 

type Contact struct {
	// Name is the person's name.
	Name string `json:"name"`
	// Email is the contact's email.
	Email string `json:"email"`
	// Phone is the contact's phone.
	Phone string `json:"phone"`
}

Contact contains the contact information for the vault certificates.

type Contacts 

type Contacts struct {
	// Contacts is the list of contacts for the vault certificates.
	Contacts []Contact `json:"contacts"`
	// ID is the identifier for the contacts collection.
	ID string `json:"id"`
}

Contacts contas the contacts for the vault certificates.

type CurveName 

type CurveName struct {
	P256  string `json:"P-256"`
	P256K string `json:"P-256K"`
	P384  string `json:"P-384"`
	P521  string `json:"P-521"`
}

CurveName is the elliptical curve name. There is virtually no data on the fields or what they contain in the documentation. https://docs.microsoft.com/en-us/rest/api/keyvault/createcertificate/createcertificate#jsonwebkeycurvename

type DeletedBundle 

type DeletedBundle struct {
	Bundle
	// Deleted is the time when the certificate was deleted.
	Deleted values.Time `json:"deletedDate"`
	// ScheduledPurge is when the certificate is scheduled to be purged.
	ScheduledPurge values.Time `json:"scheduledPurgeDate"`
	// RecoveryID is the url of the recovery object used to recovery the deleted certificate.
	RecoveryID string `json:"recoveryId"`
}

DeletedBundle is a deleted certificate consisting of its previous ID, attributes, tags and all information on when it will be purged.

type DeletedCertMeta 

type DeletedCertMeta struct {
	Attributes Attributes        `json:"attributes"`
	Deleted    values.Time       `json:"deletedDate"`
	ID         string            `json:"id"`
	RecoveryID string            `json:"recoveryId"`
	Scheduled  values.Time       `json:"scheduledPurgeDate"`
	Tags       map[string]string `json:"tags"`
	Thumbprint string            `json:"x5t"`
}

DeletedCertMeta provides data about a deleted certificate.

type DeletionRecoveryLevel 

type DeletionRecoveryLevel string

DeletionRecoveryLevel indicates what level of recovery is associated with a particular certificate. Details at: https://docs.microsoft.com/en-us/rest/api/keyvault/getcertificate/getcertificate#deletionrecoverylevel 

const (
	// Customized indicates a vault state in which deletion is
	// recoverable without the possibility for immediate and
	// permanent deletion (i.e. purge when 7<=
	// SoftDeleteRetentionInDays < 90).This level guarantees
	// the recoverability of the deleted entity during the
	// retention interval and while the subscription is still
	// available.
	Customized DeletionRecoveryLevel = "CustomizedRecoverable"

	// CustomizedProtected indicates a vault and subscription
	// state in which deletion is recoverable, immediate
	// and permanent deletion (i.e. purge) is not permitted,
	// and in which the subscription itself cannot be
	// permanently canceled when 7<= SoftDeleteRetentionInDays
	// < 90. This level guarantees the recoverability of the
	// deleted entity during the retention interval, and also
	// reflects the fact that the subscription itself cannot
	// be cancelled.
	CustomizedProtected = "CustomizedRecoverable+ProtectedSubscription"

	// CustomizedPurgeable indicates a vault state in which
	// deletion is recoverable, and which also permits
	// immediate and permanent deletion (i.e. purge when
	// 7<= SoftDeleteRetentionInDays < 90). This level
	// guarantees the recoverability of the deleted entity
	// during the retention interval, unless a Purge operation
	// is requested, or the subscription is cancelled.
	CustomizedPurgeable = "CustomizedRecoverable+Purgeable"

	// Purgeable indicates a vault state in which deletion is
	// an irreversible operation, without the possibility for
	// recovery. This level corresponds to no protection
	// being available against a Delete operation; the data is
	// irretrievably lost upon accepting a Delete operation at
	// the entity level or higher (vault, resource group,
	// subscription etc.)
	Purgeable DeletionRecoveryLevel = "Purgeable"
	// Recoverable indicates a vault state in which deletion
	// is recoverable without the possibility for immediate
	// and permanent deletion (i.e. purge). This level
	// guarantees the recoverability of the deleted entity
	// during the retention interval(90 days) and while the
	// subscription is still available. System wil permanently
	// delete it after 90 days, if not recovered.
	Recoverable DeletionRecoveryLevel = "Recoverable"
	// RecoverableProtectedSubscription indicates a vault
	// and subscription state in which deletion is recoverable
	// within retention interval (90 days), immediate and
	// permanent deletion (i.e. purge) is not permitted, and
	// in which the subscription itself cannot be permanently
	// canceled. System wil permanently delete it after
	// 90 days, if not recovered.
	RecoverableProtectedSubscription DeletionRecoveryLevel = "Recoverable+ProtectedSubscription"
	// RecoverablePurgeable indicates a vault state in which
	// deletion is recoverable, and which also permits immediate
	// and permanent deletion (i.e. purge). This level guarantees
	// the recoverability of the deleted entity during the
	// retention interval (90 days), unless a Purge operation
	// is requested, or the subscription is cancelled. System
	// wil permanently delete it after 90 days, if not recovered.
	RecoverablePurgeable DeletionRecoveryLevel = "Recoverable+Purgeable"
)

func (DeletionRecoveryLevel) MarshalJSON 

func (d DeletionRecoveryLevel) MarshalJSON() ([]byte, error)

func (*DeletionRecoveryLevel) UnmarshalJSON 

func (d *DeletionRecoveryLevel) UnmarshalJSON(s []byte) error

type ImportOption 

type ImportOption func(i *importReq)

ImportOption is an option for Import().

func ImportAttr 

func ImportAttr(a Attributes) ImportOption

ImportAttr provides attributes for an imported certificate.

func ImportPassword 

func ImportPassword(s string) ImportOption

ImportPassword provides a password if the private key is encrypted for a PFX(PKCS12) certificate.

func ImportPolicy 

func ImportPolicy(p Policy) ImportOption

ImportPolicy provides a policy for an imported certificate.

func ImportTags 

func ImportTags(t map[string]string) ImportOption

ImportTags are tags to be attached to the certificate in Keyvault.

type Issuer 

type Issuer struct {
	// Attributes is the attributes of the issuer.
	Attributes IssuerAttr `json:"attributes"`
	// Credentials is the credentials to be used for the issuer.
	Credentials IssuerCreds `json:"credentials"`
	// ID is issuer id.
	ID string `json:"id"`
	// Org details the organization provided to the issuer.
	Org Org `json:"org_details"`
	// Provider is the issuer provider.
	Provider string `json:"provider"`
}

Issuer details information about the certificate issuer.

type IssuerAttr 

type IssuerAttr struct {
	// Created is the time the issuer was created.
	Created values.Time `json:"created"`
	// Updated is the last time the issuer was updatd.
	Updated values.Time `json:"updated"`
	// Enabled indicates if the issuer is enabled.
	Enabled bool `json:"enabled"`
}

IssuerAttr represents attributes of an Issuer.

type IssuerCreds 

type IssuerCreds struct {
	// ID is the username/account name/account id.
	ID string `json:"account_id"`
	// Secret is the password/secret/account key.
	Secret string `json:"pwd"`
}

IssuerCreds is the credentials to be used for the certificate issuer.

type IssuerParams 

type IssuerParams struct {
	// Transparency indicates if the certificates generated under this policy should be published to certificate transparency logs.
	Transparency bool `json:"cert_transparency"`
	// Type is the certificate type as supported by the provider (optional); for example 'OV-SSL', 'EV-SSL'.
	Type string `json:"cty"`
	// Name of the referenced issuer object or reserved names; for example, 'Self' or 'Unknown'.
	Name string
}

IssuerParams is the parameters of the X509 component of a certificate.

type KVError 

type KVError struct {
	// Code is the error code.
	Code string `json:"code"`
	// InnerError is the inner error.
	InnerError *KVError `json:"innererror"`
	// Message is the error message.
	Message string `json:"message"`
}

KVError is a keyvault error. KVError implements error.

func (KVError) Error 

func (k KVError) Error() string

Error implements error.Error().

func (KVError) Unwrap 

func (k KVError) Unwrap() error

Unwrap implements errors.Unwrap().

type KeyProps 

type KeyProps struct {
	// CurveName is the elliptical curve name.
	CurveName CurveName `json:"crv"`
	// Exportable indicates if the private key can be exported.
	Exportable bool `json:"exportable"`
	// Size is the key size in bits. For example: 2048, 3072, or 4096 for RSA.
	Size int `json:"key_size"`
	// Type is the type of key pair to be used for the certificate.
	Type KeyType `json:"kty"`
	// ReuseKey indicates if the same key pair will be used on certificate renewal.
	ReuseKey bool `json:"reuse_key"`
}

KeyProps is the properties of the key pair backing a certificate.

type KeyType 

type KeyType struct {
	EC     string `json:"EC"`
	ECHSM  string `json:"EC-HSM"`
	RSA    string `json:"RSA"`
	RSAHSM string `json:"RSA-HSM"`
	OCT    string `json:"oct"`
}

KeyType is the type of key pair to be used for the certificate. There is vritually no data on the fields or what they contain in the documentation. https://docs.microsoft.com/en-us/rest/api/keyvault/createcertificate/createcertificate#jsonwebkeytype

type LifetimeAction 

type LifetimeAction struct {
	// Action is the action that will be executed.
	Action Action `json:"action"`
	// Trigger is the trigger that will trigger the action.
	Trigger Trigger `json:"trigger"`
}

LifetimeAction is an action and a trigger that will be performed over the lifetime of a certificate.

type MergeOption 

type MergeOption func(m *mergeReq)

MergeOption is an option to Merge().

func MergeAttr 

func MergeAttr(a Attributes) MergeOption

MergeAttr provides attributes for a Merge().

func MergeTags 

func MergeTags(t map[string]string) MergeOption

MergeTags provides tags for a Merge().

type Operation 

type Operation struct {
	// Cancellation indicates if cancellation was requested on the certificate operation.
	Cancellation bool `json:"cancellation_requested"`
	// CSR is the certificate signing request (CSR) that is being used in the certificate operation.
	CSR string `json:"csr"`
	// Error is the error encountered, if any, during the certificate operation.
	Error KVError `json:"error"`
	// ID is the certificate ID.
	ID string `json:"id"`
	// Issuer is the parameters for the issuer of the X509 component of a certificate.
	Issuer IssuerParams `json:"issuer"`
	// RequestID is the identifier for the certificate operation.
	RequestID string `json:"request_id"`
	// Status is the status of the certificate operation.
	Status string `json:"status"`
	// StatusDetails is the details of the certificate operation.
	StatusDetails string `json:"status_details"`
	// Target is the location which contains the result of the certificate operation.
	Target string `json:"target"`
}

Operation provides details on the certificate operation performed.

type Org 

type Org struct {
	// AdminDetails provides details about the org's administrators.
	AdminDetails []AdminDetails `json:"admin_details"`
	// ID is the id of the organization.
	ID string `json:"id"`
}

Org provides details on an organization's certificate issuer.

type Policy 

type Policy struct {
	// Attributes are the certificate attributes.
	Attributes Attributes `json:"attributes,omitempty"`
	// ID is the id of the certificate.
	ID string `json:"id"`
	// Issuer is parameters for the issuer of the X509 component of a certificate.
	Issuer IssuerParams `json:"issuer"`
	// KeyProps is the properties of the key backing a certificate.
	KeyProps KeyProps `json:"key_props"`
	// LifetimeActions are actions that will be performed by Key Vault over the lifetime of a certificate.
	LifetimeActions []LifetimeAction `json:"lifetime_actions"`
	// SecretPops is properites of the secret backing a certificate.
	SecretProps SecretProps `json:"secret_props"`
	// X509Props are properties of the X509 component of a certificate.
	X509Props X509Props `json:"x509_props"`
}

Policy is the management policy for a certificate.

type SecretProps 

type SecretProps struct {
	// ContentType is the media type (MIME type) of the secret key (also known as the private key).
	ContentType string `json:"contentType"`
}

SecretProps is the properties of the secret holding the private key.

type SubjectAlternativeNames 

type SubjectAlternativeNames struct {
	// DNSNames are DNS names.
	DNSNames []string `json:"dns_names"`
	// Emails are email addresses.
	Emails []string `json:"emails"`
	// UPNS are user principal names.
	UPNS []string `json:"upns"`
}

SubjectAlternativeNames are the subject alternate names of a X509 object.

type Trigger 

type Trigger struct {
	// DaysUntilExpiry is the days before expiry to attempt renewal.
	// Value should be between 1 and validity_in_months multiplied by 27.
	// If validity_in_months is 36, then value should be between 1 and 972 (36 * 27).
	DaysUntilExpiry int `json:"days_before_expiry"`
	// LifetimePercentage is the percentage of lifetime at which to trigger. Value should be between 1 and 99.
	LifetimePercentage int `json:"lifetime_percentage"`
}

Trigger represents a condition to be satisfied for an action to be executed.

type X509Props 

type X509Props struct {
	// EKUS is the enhanced key usage.
	EKUS []string `json:"ekus"`
	// KeyUsage is a list of key usages.
	KeyUsage []string `json:"key_usage"`
	// SANS is the subject alternative names.
	SANS SubjectAlternativeNames `json:"sans"`
	// Subject is the subject name. Should be a valid x509 distiguished name.
	Subject string `json:"subject"`
	// ValidityMonths is the duration in months that the certificate is valid.
	ValidityMonths int `json:"validity_months"`
}

X509Props is the properties of the X509 certificate.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.