The highest tagged major version is
Documentation
¶
Index ¶
Constants ¶
View Source
const SDKName = "Venafi VCert-Go"
Variables ¶
View Source
var LocalIP string
Functions ¶
This section is empty.
Types ¶
type AllowedKeyConfiguration ¶
type AllowedKeyConfiguration struct {
KeyType certificate.KeyType
KeySizes []int
KeyCurves []certificate.EllipticCurve
}
AllowedKeyConfiguration contains an allowed key type with its sizes or curves
type Authentication ¶
type Authentication struct {
User string
Password string
APIKey string
RefreshToken string
Scope string
ClientId string
AccessToken string
ClientPKCS12 bool
}
Authentication provides a struct for authentication data. Either specify User and Password for Trust Platform or specify an APIKey for Cloud.
type Connector ¶
type Connector interface {
// GetType returns a connector type (cloud/TPP/fake). Can be useful because some features are not supported by a Cloud connection.
GetType() ConnectorType
// SetZone sets a zone (by name) for requests with this connector.
SetZone(z string)
// GetZonesByParent returns a list of valid zones specified by parent
GetZonesByParent(parent string) ([]string, error)
Ping() (err error)
// Authenticate is usually called by NewClient and it is not required that you manually call it.
Authenticate(auth *Authentication) (err error)
// ReadPolicyConfiguration returns information about zone policies. It can be used for checking request compatibility with policies.
ReadPolicyConfiguration() (policy *Policy, err error)
// ReadZoneConfiguration returns the zone configuration. A zone configuration includes zone policy and additional zone information.
ReadZoneConfiguration() (config *ZoneConfiguration, err error)
// GenerateRequest update certificate.Request with data from zone configuration.
GenerateRequest(config *ZoneConfiguration, req *certificate.Request) (err error)
// RequestCertificate makes a request to the server with data for enrolling the certificate.
RequestCertificate(req *certificate.Request) (requestID string, err error)
// RetrieveCertificate immediately returns an enrolled certificate. Otherwise, RetrieveCertificate waits and retries during req.Timeout.
RetrieveCertificate(req *certificate.Request) (certificates *certificate.PEMCollection, err error)
IsCSRServiceGenerated(req *certificate.Request) (bool, error)
RevokeCertificate(req *certificate.RevocationRequest) error
RenewCertificate(req *certificate.RenewalRequest) (requestID string, err error)
// ImportCertificate adds an existing certificate to Venafi Platform even if the certificate was not issued by Venafi Cloud or Venafi Platform. For information purposes.
ImportCertificate(req *certificate.ImportRequest) (*certificate.ImportResponse, error)
// SetHTTPClient allows to set custom http.Client to this Connector.
SetHTTPClient(client *http.Client)
// ListCertificates
ListCertificates(filter Filter) ([]certificate.CertificateInfo, error)
SetPolicy(name string, ps *policy.PolicySpecification) (string, error)
GetPolicy(name string) (*policy.PolicySpecification, error)
RequestSSHCertificate(req *certificate.SshCertRequest) (response *certificate.SshCertificateObject, err error)
RetrieveSSHCertificate(req *certificate.SshCertRequest) (response *certificate.SshCertificateObject, err error)
RetrieveSshConfig(ca *certificate.SshCaTemplateRequest) (*certificate.SshConfig, error)
SearchCertificates(req *certificate.SearchRequest) (*certificate.CertSearchResponse, error)
// Returns a valid certificate
//
// If it returns no error, the certificate returned should be the latest [1]
// exact matching zone [2], CN and sans.DNS [3] provided, with a minimum
// validity of `certMinTimeLeft`
//
// [1] the one with longest validity; field named ValidTo for TPP and
// validityEnd for VaaS
// [2] application name for VaaS
// [3] an array of strings representing the DNS names
SearchCertificate(zone string, cn string, sans *certificate.Sans, certMinTimeLeft time.Duration) (*certificate.CertificateInfo, error)
RetrieveAvailableSSHTemplates() ([]certificate.SshAvaliableTemplate, error)
RetrieveCertificateMetaData(dn string) (*certificate.CertificateMetaData, error)
RetrieveSystemVersion() (string, error)
}
Connector provides a common interface for external communications with TPP or Venafi Cloud
type ConnectorType ¶
type ConnectorType int
ConnectorType represents the available connectors
const ( ConnectorTypeUndefined ConnectorType = iota // ConnectorTypeFake is a fake connector for tests ConnectorTypeFake // ConnectorTypeCloud represents the Cloud connector type ConnectorTypeCloud // ConnectorTypeTPP represents the TPP connector type ConnectorTypeTPP )
func (ConnectorType) String ¶
func (t ConnectorType) String() string
type ErrCertificatePending ¶
todo: replace with verror ErrCertificatePending provides a common error structure for a timeout while retrieving a certificate
func (ErrCertificatePending) Error ¶
func (err ErrCertificatePending) Error() string
type ErrCertificateRejected ¶ added in v4.15.0
func (ErrCertificateRejected) Error ¶ added in v4.15.0
func (err ErrCertificateRejected) Error() string
type ErrRetrieveCertificateTimeout ¶
type ErrRetrieveCertificateTimeout struct {
CertificateID string
}
todo: replace with verror ErrRetrieveCertificateTimeout provides a common error structure for a timeout while retrieving a certificate
func (ErrRetrieveCertificateTimeout) Error ¶
func (err ErrRetrieveCertificateTimeout) Error() string
type Policy ¶
type Policy struct {
SubjectCNRegexes []string
SubjectORegexes []string
SubjectOURegexes []string
SubjectSTRegexes []string
SubjectLRegexes []string
SubjectCRegexes []string
// AllowedKeyConfigurations lists all allowed key configurations. Certificate key configuration have to be listed in this list.
// For example: If key has type RSA and length 2048 bit for satisfying the policy, that list must contain AT LEAST ONE configuration with type RSA and value 2048 in KeySizes list of this configuration.
AllowedKeyConfigurations []AllowedKeyConfiguration
// DnsSanRegExs is a list of regular expressions that show allowable DNS names in SANs.
DnsSanRegExs []string
// IpSanRegExs is a list of regular expressions that show allowable DNS names in SANs.
IpSanRegExs []string
EmailSanRegExs []string
UriSanRegExs []string
UpnSanRegExs []string
AllowWildcards bool
AllowKeyReuse bool
}
Policy is struct that contains restrictions for certificates. Most of the fields contains list of regular expression. For satisfying policies, all values in the certificate field must match AT LEAST ONE regular expression in corresponding policy field.
func (*Policy) SimpleValidateCertificateRequest ¶
func (p *Policy) SimpleValidateCertificateRequest(request certificate.Request) error
SimpleValidateCertificateRequest functions just check Common Name and SANs mathching with policies
func (*Policy) ValidateCertificateRequest ¶
func (p *Policy) ValidateCertificateRequest(request *certificate.Request) error
ValidateCertificateRequest validates the request against the Policy
type ZoneConfiguration ¶
type ZoneConfiguration struct {
Organization string
OrganizationalUnit []string
Country string
Province string
Locality string
Policy
HashAlgorithm x509.SignatureAlgorithm
CustomAttributeValues map[string]string
KeyConfiguration *AllowedKeyConfiguration
}
ZoneConfiguration provides a common structure for certificate request data provided by the remote endpoint
func NewZoneConfiguration ¶
func NewZoneConfiguration() *ZoneConfiguration
NewZoneConfiguration creates a new zone configuration which creates the map used in the configuration
func (*ZoneConfiguration) UpdateCertificateRequest ¶
func (z *ZoneConfiguration) UpdateCertificateRequest(request *certificate.Request)
UpdateCertificateRequest updates a certificate request based on the zone configuration retrieved from the remote endpoint
Source Files
Click to show internal directories.
Click to hide internal directories.