scepserver

package
v1.0.2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Aug 2, 2023 License: MIT Imports: 26 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func DecodeSCEPResponse 

func DecodeSCEPResponse(ctx context.Context, r *http.Response) (interface{}, error)

DecodeSCEPResponse decodes a SCEP response

func EncodeSCEPRequest 

func EncodeSCEPRequest(ctx context.Context, r *http.Request, request interface{}) error

EncodeSCEPRequest encodes a SCEP HTTP Request. Used by the client.

func EndpointLoggingMiddleware 

func EndpointLoggingMiddleware(logger log.Logger) endpoint.Middleware

func MakeHTTPHandler 

func MakeHTTPHandler(e *Endpoints, svc Service, logger kitlog.Logger) http.Handler

func MakeSCEPEndpoint 

func MakeSCEPEndpoint(svc Service) endpoint.Endpoint

Types

type CSRSigner 

type CSRSigner interface {
	SignCSR(*scep.CSRReqMessage) (*x509.Certificate, error)
}

CSRSigner is a handler for CSR signing by the CA/RA

SignCSR should take the CSR in the CSRReqMessage and return a Certificate signed by the CA.

type CSRSignerFunc 

type CSRSignerFunc func(*scep.CSRReqMessage) (*x509.Certificate, error)

CSRSignerFunc is an adapter for CSR signing by the CA/RA

func ChallengeMiddleware 

func ChallengeMiddleware(challenge string, next CSRSigner) CSRSignerFunc

ChallengeMiddleware wraps next in a CSRSigner that validates the challenge from the CSR

func NopCSRSigner 

func NopCSRSigner() CSRSignerFunc

NopCSRSigner does nothing

func (CSRSignerFunc) SignCSR 

func (f CSRSignerFunc) SignCSR(m *scep.CSRReqMessage) (*x509.Certificate, error)

SignCSR calls f(m)

type Endpoints 

type Endpoints struct {
	GetEndpoint  endpoint.Endpoint
	PostEndpoint endpoint.Endpoint
	// contains filtered or unexported fields
}

func MakeClientEndpoints 

func MakeClientEndpoints(instance string) (*Endpoints, error)

MakeClientEndpoints returns an Endpoints struct where each endpoint invokes the corresponding method on the remote instance, via a transport/http.Client. Useful in a SCEP client.

func MakeServerEndpoints 

func MakeServerEndpoints(svc Service) *Endpoints

func (*Endpoints) GetCACaps 

func (e *Endpoints) GetCACaps(ctx context.Context) ([]byte, error)

func (*Endpoints) GetCACert 

func (e *Endpoints) GetCACert(ctx context.Context, message string) ([]byte, int, error)

func (*Endpoints) GetNextCACert 

func (e *Endpoints) GetNextCACert(ctx context.Context) ([]byte, error)

func (*Endpoints) PKIOperation 

func (e *Endpoints) PKIOperation(ctx context.Context, msg []byte) ([]byte, error)

func (*Endpoints) Supports 

func (e *Endpoints) Supports(cap string) bool

type SCEPRequest 

type SCEPRequest struct {
	Operation string
	Message   []byte
}

SCEPRequest is a SCEP server request.

type SCEPResponse 

type SCEPResponse struct {
	CACertNum int
	Data      []byte
	Err       error
	// contains filtered or unexported fields
}

SCEPResponse is a SCEP server response. Business errors will be encoded as a CertRep message with pkiStatus FAILURE and a failInfo attribute.

type Service 

type Service interface {
	// GetCACaps returns a list of options
	// which are supported by the server.
	GetCACaps(ctx context.Context) ([]byte, error)

	// GetCACert returns CA certificate or
	// a CA certificate chain with intermediates
	// in a PKCS#7 Degenerate Certificates format
	// message is an optional string for the CA
	GetCACert(ctx context.Context, message string) ([]byte, int, error)

	// PKIOperation handles incoming SCEP messages such as PKCSReq and
	// sends back a CertRep PKIMessag.
	PKIOperation(ctx context.Context, msg []byte) ([]byte, error)

	// GetNextCACert returns a replacement certificate or certificate chain
	// when the old one expires. The response format is a PKCS#7 Degenerate
	// Certificates type.
	GetNextCACert(ctx context.Context) ([]byte, error)
}

Service is the interface for all supported SCEP server operations.

func NewLoggingService 

func NewLoggingService(logger log.Logger, s Service) Service

NewLoggingService creates adds logging to the SCEP service

func NewService 

func NewService(crt *x509.Certificate, key *rsa.PrivateKey, signer CSRSigner, opts ...ServiceOption) (Service, error)

NewService creates a new scep service

type ServiceOption 

type ServiceOption func(*service) error

ServiceOption is a server configuration option

func WithAddlCA 

func WithAddlCA(ca *x509.Certificate) ServiceOption

WithAddlCA appends an additional certificate to the slice of CA certs

func WithLogger 

func WithLogger(logger log.Logger) ServiceOption

WithLogger configures a logger for the SCEP Service. By default, a no-op logger is used.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.