server

package
v1.7.7 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 17, 2024 License: MIT Imports: 34 Imported by: 0

Documentation

Overview

Package server implements a lightweight Sectigo mock server that can be used in staging to issue mock certificates and perform integration tests. This server implements a subset of the Sectigo IoT API that targets GDS-specific usage. All state is held in-memory and is periodically flushed so this service should not be relied on for anything other than staging and systems integration tests.

Index

Constants

View Source 
const (
	EcosystemID = 21
	UserID      = 295
)

Variables

This section is empty.

Functions

func Err 

func Err(e interface{}) gin.H

func InitCA 

func InitCA(commonName string) (cert *x509.Certificate, priv crypto.PrivateKey, err error)

func ParseID 

func ParseID(c *gin.Context) (id int, err error)

func SerialNumber 

func SerialNumber() *big.Int

Types

type AuthConfig 

type AuthConfig struct {
	Username string   `required:"true"`
	Password string   `required:"true"`
	Issuer   string   `default:"https://cathy.test-net.io"`
	Subject  string   `default:"/account/42/user/staging"`
	Scopes   []string `default:"ROLE_USER"`
	Secret   string   `required:"false"`
}

func (AuthConfig) ParseSecret 

func (c AuthConfig) ParseSecret() []byte

func (AuthConfig) Validate 

func (c AuthConfig) Validate() error

type Batch 

type Batch struct {
	BatchID       int
	OrderNumber   int
	CreationDate  string
	Profile       string
	Size          int
	Status        string
	BatchName     string
	RejectReason  string
	UserID        string
	Active        int
	Failed        int
	SerialNumbers []string
	Params        Params
	Expires       time.Time
	Cleaned       bool
}

type Certificate 

type Certificate struct {
	DeviceID     string
	CommonName   string
	SerialNumber string
	CreationDate string
	Status       string
	Data         []byte
}

type Certs 

type Certs struct {
	// contains filtered or unexported fields
}

func NewCerts 

func NewCerts(conf Config) (certs *Certs, err error)

TODO: create a different CA for each profile

func (*Certs) Issue 

func (c *Certs) Issue(sub pkix.Name) (_ []byte, err error)

TODO: handle dNSNames

type Claims 

type Claims struct {
	jwt.RegisteredClaims
	Scopes     []string `json:"scopes,omitempty"`
	FirstLogin bool     `json:"first-login"`
}

type Config 

type Config struct {
	BindAddr   string              `split_words:"true" default:":8831"`
	Mode       string              `split_words:"true" default:"release"`
	LogLevel   logger.LevelDecoder `split_words:"true" default:"info"`
	ConsoleLog bool                `split_words:"true" default:"false"`
	CAPath     string              `split_words:"true"`
	Auth       AuthConfig
	// contains filtered or unexported fields
}

Configure the server in a lightweight fashion by fetching environment variables.

func NewConfig 

func NewConfig() (conf Config, err error)

func (Config) CA 

func (c Config) CA() (cert *x509.Certificate, priv crypto.PrivateKey, err error)

func (Config) GetLogLevel 

func (c Config) GetLogLevel() zerolog.Level

func (Config) IsZero 

func (c Config) IsZero() bool

func (Config) Mark 

func (c Config) Mark() (Config, error)

func (Config) Validate 

func (c Config) Validate() error

type Params 

type Params map[string]string

func (Params) Get 

func (p Params) Get(name, defaultValue string) string

type Server 

type Server struct {
	sync.RWMutex
	// contains filtered or unexported fields
}

func New 

func New(conf Config) (s *Server, err error)

New is the primary entry point to creating a Sectigo Integration API Server.

func (*Server) Authenticate 

func (s *Server) Authenticate(c *gin.Context)

func (*Server) AuthorityAvailableBalance 

func (s *Server) AuthorityAvailableBalance(c *gin.Context)

func (*Server) Available 

func (s *Server) Available() gin.HandlerFunc

Available is middleware that checks the healthy boolean and returns service unavailable if the server is shutting down.

func (*Server) BatchDetail 

func (s *Server) BatchDetail(c *gin.Context)

func (*Server) BatchStatus 

func (s *Server) BatchStatus(c *gin.Context)

func (*Server) CreateCerts 

func (s *Server) CreateCerts(params Params, profile string, batchID int)

func (*Server) CreateSingleCertBatch 

func (s *Server) CreateSingleCertBatch(c *gin.Context)

func (*Server) Download 

func (s *Server) Download(c *gin.Context)

func (*Server) FindCertificate 

func (s *Server) FindCertificate(c *gin.Context)

func (*Server) LicensesUsed 

func (s *Server) LicensesUsed(c *gin.Context)

func (*Server) Login 

func (s *Server) Login(c *gin.Context)

func (*Server) NotAllowed 

func (s *Server) NotAllowed(c *gin.Context)

NotAllowed returns a JSON 405 response for the API.

func (*Server) NotFound 

func (s *Server) NotFound(c *gin.Context)

NotFound returns a JSON 404 response for the API

func (*Server) Organization 

func (s *Server) Organization(c *gin.Context)

func (*Server) ProcessingInfo 

func (s *Server) ProcessingInfo(c *gin.Context)

func (*Server) ProfileDetail 

func (s *Server) ProfileDetail(c *gin.Context)

func (*Server) ProfileParams 

func (s *Server) ProfileParams(c *gin.Context)

func (*Server) Profiles 

func (s *Server) Profiles(c *gin.Context)

func (*Server) Refresh 

func (s *Server) Refresh(c *gin.Context)

func (*Server) RevokeCertificate 

func (s *Server) RevokeCertificate(c *gin.Context)

func (*Server) Serve 

func (s *Server) Serve() (err error)

func (*Server) SetHealth 

func (s *Server) SetHealth(health bool)

func (*Server) Shutdown 

func (s *Server) Shutdown() error

func (*Server) Status 

func (s *Server) Status(c *gin.Context)

Status implements the heartbeat endpoint of the API server.

func (*Server) URL 

func (s *Server) URL() string

func (*Server) UploadCSRBatch 

func (s *Server) UploadCSRBatch(c *gin.Context)

func (*Server) UserAuthorities 

func (s *Server) UserAuthorities(c *gin.Context)

type Store 

type Store struct {
	sync.RWMutex
	// contains filtered or unexported fields
}

In-memory store to hold information about batches and certificates.

func NewStore 

func NewStore() (*Store, error)

func (*Store) AddBatch 

func (s *Store) AddBatch(profile string, info *sectigo.CreateSingleCertBatchRequest) (Batch, error)

func (*Store) AddCert 

func (s *Store) AddCert(batchID int, data []byte) error

func (*Store) Find 

func (s *Store) Find(commonName, serialNumber string) []Certificate

func (*Store) GetBatch 

func (s *Store) GetBatch(id int) (Batch, error)

func (*Store) GetCertData 

func (s *Store) GetCertData(serialNumber string) (cert *trust.Provider, err error)

func (*Store) Issued 

func (s *Store) Issued() int

func (*Store) RejectBatch 

func (s *Store) RejectBatch(batchID int, rejectReason string) error

func (*Store) Revoke 

func (s *Store) Revoke(serialNumber string) error

type StringSet 

type StringSet map[string]struct{}

type Tokens 

type Tokens struct {
	// contains filtered or unexported fields
}

A simple token manager that returns jwt.RegisteredClaims with HS512 signatures.

func NewTokens 

func NewTokens(conf AuthConfig) (*Tokens, error)

func (*Tokens) CreateAccessToken 

func (tm *Tokens) CreateAccessToken() (_ *jwt.Token, err error)

CreateAccessToken from the verified Google credential payload or from an previous token if the access token is being reauthorized from previous credentials. Note that the returned token only contains the claims and is unsigned.

func (*Tokens) CreateRefreshToken 

func (tm *Tokens) CreateRefreshToken(accessToken *jwt.Token) (refreshToken *jwt.Token, err error)

CreateRefreshToken from the Access token claims with predefined expiration. Note that the returned token only contains the claims and is unsigned.

func (*Tokens) Sign 

func (tm *Tokens) Sign(token *jwt.Token) (tks string, err error)

Sign an access or refresh token and return the token string.

func (*Tokens) SignedTokenPair 

func (tm *Tokens) SignedTokenPair() (accessToken, refreshToken string, err error)

Create signed token pair - an access and refresh token.

func (*Tokens) Verify 

func (tm *Tokens) Verify(tks string) (claims *Claims, err error)

Verify an access or refresh token after parsing and return its claims.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.