Documentation ¶
Index ¶
- type Client
- func (c Client) GetCertificate(id []byte) (*x509.Certificate, error)
- func (c Client) GetCertificateBySerial(id []byte) (*x509.Certificate, error)
- func (c Client) GetCertificates(id []byte) ([]x509.Certificate, error)
- func (c Client) GetConfiguration() (*Configuration, error)
- func (c Client) GetEntities() ([]Entity, error)
- func (c Client) GetEntity(id []byte) (*Entity, error)
- func (c Client) GetEntityBySerial(id []byte) (*Entity, error)
- func (c Client) HasClientCertificate() bool
- func (c Client) IssueCertificate(id []byte) (*x509.Certificate, error)
- func (c Client) Register(csr x509.CertificateRequest) ([]byte, error)
- func (c Client) Renew() (*x509.Certificate, error)
- func (c Client) SetEntityExpiry(id []byte, expiry *time.Time) error
- func (c Client) SetEntityLongevity(id []byte, longevity string) error
- func (c Client) SetEntityStateApproved(id []byte) error
- func (c Client) SetEntityStateOneOff(id []byte) error
- func (c Client) SetEntityStatePending(id []byte) error
- func (c Client) SetEntityStateRejected(id []byte) error
- func (c Client) SetEntityStateRevoked(id []byte) error
- type Configuration
- func (c Configuration) CertPool() (*x509.CertPool, error)
- func (c Configuration) Certificates() ([]*x509.Certificate, error)
- func (c Configuration) Entity() (*Entity, error)
- func (co Configuration) HostTemplate() (*pkix.Name, error)
- func (c Configuration) Name() string
- func (c Configuration) Peer() (*x509.Certificate, error)
- func (c Configuration) Template() pkix.Name
- type Entity
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Client ¶
Encapsulation that holds internal state data. The only publically accessable member is the underlying Store, if access to that is helpful, it may be safely used.
func New ¶
Create a new CYBERCOM Client. Connect to the given `server` (with the server Certificate validated out of `certPool`), authenticating to the server as `cyberStore`, if the Store has been Initalized.
This returns a tripple of a `Client`, a function to close the open connection (usually by `defer`ing the call, if err is nil), and any errors we hit during the bringup of the client.
func (Client) GetCertificate ¶
func (c Client) GetCertificate(id []byte) (*x509.Certificate, error)
Get the most recently issued Certificate for the Entity.
func (Client) GetCertificateBySerial ¶
func (c Client) GetCertificateBySerial(id []byte) (*x509.Certificate, error)
Get the most recently issued Certificate for the Entity.
func (Client) GetCertificates ¶
func (c Client) GetCertificates(id []byte) ([]x509.Certificate, error)
Get a list of all known issued Certifciates for the Entity.
func (Client) GetConfiguration ¶
func (c Client) GetConfiguration() (*Configuration, error)
Get the Configuration the Server has sent us. This will contain goodies like the Subject template, CYBERCOM Server name, and our Certificate, if the server liked it.
func (Client) GetEntities ¶
Get a list of all known Entities.
func (Client) GetEntityBySerial ¶
Get the most recently issued Certificate for the Entity.
func (Client) HasClientCertificate ¶
Check to see if we sent a TLS Peer Certificate for use during mutual authentication. If this is `true`, the server may have still rejected our certifciate. To check what the Server thinks of us, you may request information on ourselves using the `GetConfiguration` RPC, reading the peer certificate off that.
func (Client) IssueCertificate ¶
func (c Client) IssueCertificate(id []byte) (*x509.Certificate, error)
Issue a new Certificate for the Entity. The exact rules for what this means are up to the server, but commonly this will throw an error if the Entity is not entitled to a new Certificate, or if the user preforming this action is not authorized to do so.
func (Client) Register ¶
func (c Client) Register(csr x509.CertificateRequest) ([]byte, error)
Push a CSR to the Server, and dump your Entity ID back. Future calls with this ID will return information regarding the new Entity. Commonly, Administrators of the CYBERCOM instance will have to approve your Entity, and issue your first Certificate. After that point, you will be able to get your latest Certificate, and authenticate future requests.
func (Client) Renew ¶
func (c Client) Renew() (*x509.Certificate, error)
Either issue a new Certificate, if the Enity can be granted a new one, or get the existing one. This is a safe method to call repeatedly, and can be used to "pull" your Certificate from the server as needed.
func (Client) SetEntityExpiry ¶
Set the Expiry of the Entity. This means that after this point, this Entity is not suitable to be granted an active Certificate. Any Certificate issued near the end of this time will be capped at the Expiry.
func (Client) SetEntityLongevity ¶
Set the Longevity of the Entity. This means that the Certificate we issue will have a NotAfter this time in the future from the given duration.
func (Client) SetEntityStateApproved ¶
Set the entity with the ID of `id` to `APPROVED`. The exact nature of what this means is entirely up to the server, but commonly implies that the entity is fit to be issued a Certificate.
func (Client) SetEntityStateOneOff ¶
Set the entity with the ID of `id` to `ONEOFF`. The exact nature of what this means is entirely up to the server, but commonly implies that the entity is only entitled to a single Certificate. This can be useful to grant an Entity time-limited access to the network, and would likely be used in conjuction with an end-date.
func (Client) SetEntityStatePending ¶
Set the entity with the ID of `id` to `PENDING`. The exact nature of what this means is entirely up to the server, but commonly implies that the entity is new, and has not been processed by an administrator.
func (Client) SetEntityStateRejected ¶
Set the entity with the ID of `id` to `REJECTED`. The exact nature of what this means is entirely up to the server, but commonly implies that the entity is unfit to be issued a Certificate and has never passed a basic check.
func (Client) SetEntityStateRevoked ¶
Set the entity with the ID of `id` to `REVOKED`. The exact nature of what this means is entirely up to the server, but commonly implies that the entity was valid, but due to some issue (leaked private key, removal from the organization) is no longer suitable.
type Configuration ¶
type Configuration struct {
// contains filtered or unexported fields
}
Configuration type. Most fields on this will be pulled from an underlying protobuf.
func (Configuration) Certificates ¶
func (c Configuration) Certificates() ([]*x509.Certificate, error)
func (Configuration) Entity ¶
func (c Configuration) Entity() (*Entity, error)
Get the Entity it thinks we are back.
func (Configuration) HostTemplate ¶
func (co Configuration) HostTemplate() (*pkix.Name, error)
Get back the `configuration.Template()`, but additionally, auto-populate the `CommonName` with some values we can guess from the local environment.
func (Configuration) Peer ¶
func (c Configuration) Peer() (*x509.Certificate, error)
Get our Certificate back from the server, if the Server thinks it's a good Certificate.
func (Configuration) Template ¶
func (c Configuration) Template() pkix.Name
Get the Configuration `pkix.Name` from the Server, pre-filled with organization-wide defaults.