Documentation
¶
Index ¶
- func ConvertSerialIntToOctetString(intSerialNum *big.Int) (string, error)
- func ConvertSerialOctetStringToInt(octetSerialNum string) (*big.Int, error)
- func CreateCert(certReq types.CreateCertReq, backend backend.Storage) (types.CreateCertificateResponse, httperror.HTTPError)
- func CreateIntermediateCSR(signRequest x509.CertificateRequest, signPrivKey crypto.PrivateKey) (types.PEMIntermediate, httperror.HTTPError)
- func CreateSelfSignedCert(certTemplate x509.Certificate, signPrivKey crypto.PrivateKey, ...) (types.PEMIntermediate, httperror.HTTPError)
- func CreateTemplate(newTemplate types.Template, backend backend.Storage) httperror.HTTPError
- func DeleteTemplate(templateName string, backend backend.Storage) httperror.HTTPError
- func GenerateIntermediate(intermediateRequest types.IntermediateRequest, selfSigned bool, ...) (types.PEMIntermediate, httperror.HTTPError)
- func GenerateKeys(keyAlgo string, keySize string) (crypto.PrivateKey, crypto.PublicKey, error)
- func GenerateSerialNumber(backend backend.Storage) (*big.Int, error)
- func GetCA(backend backend.Storage) ([]byte, httperror.HTTPError)
- func GetCAChain(backend backend.Storage) (types.PEMCertificateBundle, httperror.HTTPError)
- func GetCRL(backend backend.Storage) ([]byte, httperror.HTTPError)
- func GetCert(serialNumber string, backend backend.Storage) (types.PEMCertificate, httperror.HTTPError)
- func GetTemplate(templateName string, backend backend.Storage) (types.Template, httperror.HTTPError)
- func ListCerts(backend backend.Storage) (types.CertificateListResponse, httperror.HTTPError)
- func ListTemplate(backend backend.Storage) (types.TemplateListResponse, httperror.HTTPError)
- func PrepareCertificateParameters(templateName string, reqTTL int64, backend backend.Storage) (types.Template, *big.Int, int64, x509.SignatureAlgorithm, *x509.Certificate, ...)
- func ProcessExtKeyUsages(extKeyUsages []string) ([]x509.ExtKeyUsage, error)
- func ProcessKeyUsages(keyUsages []string) (x509.KeyUsage, error)
- func ProcessPolicyIdentifiers(policyIdentifiers []string) ([]asn1.ObjectIdentifier, error)
- func ProcessSubjectAltNames(altNames []string) ([]string, []string, []net.IP, []*url.URL, error)
- func ReturnReasonCode(reasonString string) (int, error)
- func RevokeCert(crlReq types.RevokeRequest, backend backend.Storage) httperror.HTTPError
- func SetCAChain(pemBundle types.PEMCertificateBundle, backend backend.Storage) httperror.HTTPError
- func SetCertSubject(subject types.SubjectFields, commonName string) (pkix.Name, error)
- func SetIntermediateCertificate(signedCert types.PEMCertificate, backend backend.Storage) httperror.HTTPError
- func SignCert(signReq types.SignRequest, backend backend.Storage) (types.CreateCertificateResponse, httperror.HTTPError)
- func ValidateCommonName(commonName string, template types.Template) error
- func ValidateContentType(headers http.Header, expected string) bool
- func ValidateDNSSAN(dnsNames []string, template types.Template) error
- func ValidateEmailSAN(emailAddresses []string, template types.Template) error
- func ValidateExtKeyUsageConstraints(csrExtKeyUsage []byte, templateExtKeyUsage []string) ([]x509.ExtKeyUsage, error)
- func ValidateIPSAN(ipAddresses []net.IP, template types.Template) error
- func ValidateKeyAlgoAndSize(keyAlgo string, keySize string) error
- func ValidateKeyUsageConstraints(csrKeyUsage []byte, templateKeyUsage []string) (x509.KeyUsage, error)
- func ValidateURISAN(URIs []*url.URL, template types.Template) error
- type Pki
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func ConvertSerialIntToOctetString ¶
ConvertSerialIntToOctetString -------------------------------------------------------- Receives a X.509 certificate serial number as an integer and converts it to an ASN.1 compliant octet string
func ConvertSerialOctetStringToInt ¶
ConvertSerialOctetStringToInt ------------------------------------------------- Receives a X.509 certificate serial number as an ASN.1 octet string and converts it to an integer
func CreateCert ¶
func CreateCert(certReq types.CreateCertReq, backend backend.Storage) (types.CreateCertificateResponse, httperror.HTTPError)
CreateCert ------------------------
func CreateIntermediateCSR ¶
func CreateIntermediateCSR(signRequest x509.CertificateRequest, signPrivKey crypto.PrivateKey) (types.PEMIntermediate, httperror.HTTPError)
CreateIntermediateCSR Generates a CSR used for the intermediate signing CA and returns HTTPError if it fails
func CreateSelfSignedCert ¶
func CreateSelfSignedCert(certTemplate x509.Certificate, signPrivKey crypto.PrivateKey, signPubKey crypto.PublicKey, backend backend.Storage) (types.PEMIntermediate, httperror.HTTPError)
CreateSelfSignedCert Generates a self signed CA certificate for the PKI service and returns HTTPError if it fails
func CreateTemplate ¶
CreateTemplate -----------------------------------------------------
func DeleteTemplate ¶
DeleteTemplate --------------------------------------------------
func GenerateIntermediate ¶
func GenerateIntermediate(intermediateRequest types.IntermediateRequest, selfSigned bool, backend backend.Storage) (types.PEMIntermediate, httperror.HTTPError)
GenerateIntermediate -------------------------------
func GenerateKeys ¶
GenerateKeys ----------------------------------------------------------------- Accepts a key algorithm and key bit size as arguments, and then generates the appropriate private and public key based on inputs.
func GenerateSerialNumber ¶
GenerateSerialNumber --------------------------------------------------------- Generates a new serial number and validates it doesn't already exist in the certificate store
func GetCAChain ¶
GetCAChain -------------
func GetCert ¶
func GetCert(serialNumber string, backend backend.Storage) (types.PEMCertificate, httperror.HTTPError)
GetCert ----------------------
func GetTemplate ¶
func GetTemplate(templateName string, backend backend.Storage) (types.Template, httperror.HTTPError)
GetTemplate -------------------------------------------------------
func ListTemplate ¶
ListTemplate ------------------------------------
func PrepareCertificateParameters ¶
func PrepareCertificateParameters(templateName string, reqTTL int64, backend backend.Storage) (types.Template, *big.Int, int64, x509.SignatureAlgorithm, *x509.Certificate, crypto.PrivateKey, error)
PrepareCertificateParameters --------------------------------------------------- Catch-all helper method to isolate redundant code that is used to set parameters that are used when creating a new certificate
func ProcessExtKeyUsages ¶
func ProcessExtKeyUsages(extKeyUsages []string) ([]x509.ExtKeyUsage, error)
ProcessExtKeyUsages ---------------------------------------------------------- Reads descriptive x509 extended key usage strings from an array and generates an array of x509.ExtKeyUsage types that are converted to from the strings
func ProcessKeyUsages ¶
ProcessKeyUsages ------------------------------------------------------------ Reads descriptive x509 key usage strings from an array and generates a bitwise x509.KeyUsage object with the appropriate bits set
func ProcessPolicyIdentifiers ¶
func ProcessPolicyIdentifiers(policyIdentifiers []string) ([]asn1.ObjectIdentifier, error)
ProcessPolicyIdentifiers ----------------------------------------------------- Converts the array that contains string representations of policy OIDs into ASN.1 format and validates that all policy OID strings that were sent in the request are valid
func ProcessSubjectAltNames ¶
ProcessSubjectAltNames ---------------------------------------------------------
func ReturnReasonCode ¶
ReturnReasonCode -------------------------------------------------------------- Converts a string with a certificate revocation reason from a revoke request to its corresponding RFC reason code
func RevokeCert ¶
RevokeCert -----------------
func SetCAChain ¶
SetCAChain ---------------------
func SetCertSubject ¶
SetCertSubject ----------------------------------------------------------------- Reads the subject fields from a type.SubjectFields object that has been filled with parsed JSON from a HTTP request and converts it, along with a common name, to a pkix.Name object for ingestion by a certificate or certificate request
func SetIntermediateCertificate ¶
func SetIntermediateCertificate(signedCert types.PEMCertificate, backend backend.Storage) httperror.HTTPError
SetIntermediateCertificate ----------------------------------------------------------
func SignCert ¶
func SignCert(signReq types.SignRequest, backend backend.Storage) (types.CreateCertificateResponse, httperror.HTTPError)
SignCert -----------------
func ValidateCommonName ¶
ValidateCommonName ------------------------------------------------------------- Ensure the CommonName passed in a certificate creation request adheres to all the standards defined in the requested template
func ValidateContentType ¶
ValidateContentType --------------------------------------------------------- Helper function to ensure that the Content-Type of a given HTTP request matches what is expected by the API
func ValidateDNSSAN ¶
ValidateDNSSAN Loops through all DNS domains as Subject Alternative Names for a certificate and validates that they are not explicitly excluded from being valid based on the template, as well as ensuring that, if the template has defined permitted SANs, the request is permitted
func ValidateEmailSAN ¶
ValidateEmailSAN Loops through all email addresses as Subject Alternative Names for a certificate and validates that they are not explicitly excluded from being valid based on the template, as well as ensuring that, if the template has defined permitted SANs, the request is permitted
func ValidateExtKeyUsageConstraints ¶
func ValidateExtKeyUsageConstraints(csrExtKeyUsage []byte, templateExtKeyUsage []string) ([]x509.ExtKeyUsage, error)
ValidateExtKeyUsageConstraints ----------------------------------------------- Reads the key extended usages from a CSR and ensures that none of the CSR's requested extended key usage fields have been excluded by the template that is being associated with the certificate signing request
func ValidateIPSAN ¶
ValidateIPSAN Loops through all IP Addresses as Subject Alternative Names for a certificate and validates that they are not explicitly excluded from being valid based on the template, as well as ensuring that, if the template has defined permitted SANs, the request is permitted
func ValidateKeyAlgoAndSize ¶
ValidateKeyAlgoAndSize ------------------------------------------------------ Validates that the request key algorithm is one that is supported by the PKI service and that the key size requested is both pertinent to the requested algorithm and meets minimum size standards
func ValidateKeyUsageConstraints ¶
func ValidateKeyUsageConstraints(csrKeyUsage []byte, templateKeyUsage []string) (x509.KeyUsage, error)
ValidateKeyUsageConstraints -------------------------------------------------- Reads the key usages from a CSR and ensures that none of the CSR's requested key usage fields have been excluded by the template that is being associated with the certificate signing request
func ValidateURISAN ¶
ValidateURISAN Loops through all URIs passed as Subject Alternative Names for a certificate and validates that they are not explicitly excluded from being valid based on the template, as well as ensuring that, if the template has defined permitted SANs, the request is permitted
Source Files