client

package

v0.0.0-...-d1cd67c Latest Latest Go to latest Published: Feb 9, 2018 License: MIT Imports: 16 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/paultag/cybercom

Links

Open Source Insights

Documentation ¶

Index ¶

type Client
- func New(server string, cyberStore store.Store, insecure bool) (*Client, func() error, error)
type Configuration
type Entity

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type Client ¶

type Client struct {
	Store store.Store
	// contains filtered or unexported fields
}

Encapsulation that holds internal state data. The only publically accessable member is the underlying Store, if access to that is helpful, it may be safely used.

func New ¶

func New(server string, cyberStore store.Store, insecure bool) (*Client, func() error, error)

Create a new CYBERCOM Client. Connect to the given `server` (with the server Certificate validated out of `certPool`), authenticating to the server as `cyberStore`, if the Store has been Initalized.

This returns a tripple of a `Client`, a function to close the open connection (usually by `defer`ing the call, if err is nil), and any errors we hit during the bringup of the client.

func (Client) GetCertificate ¶

func (c Client) GetCertificate(id []byte) (*x509.Certificate, error)

Get the most recently issued Certificate for the Entity.

func (Client) GetCertificateBySerial ¶

func (c Client) GetCertificateBySerial(id []byte) (*x509.Certificate, error)

Get the most recently issued Certificate for the Entity.

func (Client) GetCertificates ¶

func (c Client) GetCertificates(id []byte) ([]x509.Certificate, error)

Get a list of all known issued Certifciates for the Entity.

func (Client) GetConfiguration ¶

func (c Client) GetConfiguration() (*Configuration, error)

Get the Configuration the Server has sent us. This will contain goodies like the Subject template, CYBERCOM Server name, and our Certificate, if the server liked it.

func (Client) GetEntities ¶

func (c Client) GetEntities() ([]Entity, error)

Get a list of all known Entities.

func (Client) GetEntity ¶

func (c Client) GetEntity(id []byte) (*Entity, error)

Get the Entity known by the ID `id`.

func (Client) GetEntityBySerial ¶

func (c Client) GetEntityBySerial(id []byte) (*Entity, error)

Get the most recently issued Certificate for the Entity.

func (Client) HasClientCertificate ¶

func (c Client) HasClientCertificate() bool

Check to see if we sent a TLS Peer Certificate for use during mutual authentication. If this is `true`, the server may have still rejected our certifciate. To check what the Server thinks of us, you may request information on ourselves using the `GetConfiguration` RPC, reading the peer certificate off that.

func (Client) IssueCertificate ¶

func (c Client) IssueCertificate(id []byte) (*x509.Certificate, error)

Issue a new Certificate for the Entity. The exact rules for what this means are up to the server, but commonly this will throw an error if the Entity is not entitled to a new Certificate, or if the user preforming this action is not authorized to do so.

func (Client) Register ¶

func (c Client) Register(csr x509.CertificateRequest) ([]byte, error)

Push a CSR to the Server, and dump your Entity ID back. Future calls with this ID will return information regarding the new Entity. Commonly, Administrators of the CYBERCOM instance will have to approve your Entity, and issue your first Certificate. After that point, you will be able to get your latest Certificate, and authenticate future requests.

func (Client) Renew ¶

func (c Client) Renew() (*x509.Certificate, error)

Either issue a new Certificate, if the Enity can be granted a new one, or get the existing one. This is a safe method to call repeatedly, and can be used to "pull" your Certificate from the server as needed.

func (Client) SetEntityExpiry ¶

func (c Client) SetEntityExpiry(id []byte, expiry *time.Time) error

Set the Expiry of the Entity. This means that after this point, this Entity is not suitable to be granted an active Certificate. Any Certificate issued near the end of this time will be capped at the Expiry.

func (Client) SetEntityLongevity ¶

func (c Client) SetEntityLongevity(id []byte, longevity string) error

Set the Longevity of the Entity. This means that the Certificate we issue will have a NotAfter this time in the future from the given duration.

func (Client) SetEntityStateApproved ¶

func (c Client) SetEntityStateApproved(id []byte) error

Set the entity with the ID of `id` to `APPROVED`. The exact nature of what this means is entirely up to the server, but commonly implies that the entity is fit to be issued a Certificate.

func (Client) SetEntityStateOneOff ¶

func (c Client) SetEntityStateOneOff(id []byte) error

Set the entity with the ID of `id` to `ONEOFF`. The exact nature of what this means is entirely up to the server, but commonly implies that the entity is only entitled to a single Certificate. This can be useful to grant an Entity time-limited access to the network, and would likely be used in conjuction with an end-date.

func (Client) SetEntityStatePending ¶

func (c Client) SetEntityStatePending(id []byte) error

Set the entity with the ID of `id` to `PENDING`. The exact nature of what this means is entirely up to the server, but commonly implies that the entity is new, and has not been processed by an administrator.

func (Client) SetEntityStateRejected ¶

func (c Client) SetEntityStateRejected(id []byte) error

Set the entity with the ID of `id` to `REJECTED`. The exact nature of what this means is entirely up to the server, but commonly implies that the entity is unfit to be issued a Certificate and has never passed a basic check.

func (Client) SetEntityStateRevoked ¶

func (c Client) SetEntityStateRevoked(id []byte) error

Set the entity with the ID of `id` to `REVOKED`. The exact nature of what this means is entirely up to the server, but commonly implies that the entity was valid, but due to some issue (leaked private key, removal from the organization) is no longer suitable.

type Configuration ¶

type Configuration struct {
	// contains filtered or unexported fields
}

Configuration type. Most fields on this will be pulled from an underlying protobuf.

func (Configuration) CertPool ¶

func (c Configuration) CertPool() (*x509.CertPool, error)

func (Configuration) Certificates ¶

func (c Configuration) Certificates() ([]*x509.Certificate, error)

func (Configuration) Entity ¶

func (c Configuration) Entity() (*Entity, error)

Get the Entity it thinks we are back.

func (Configuration) HostTemplate ¶

func (co Configuration) HostTemplate() (*pkix.Name, error)

Get back the `configuration.Template()`, but additionally, auto-populate the `CommonName` with some values we can guess from the local environment.

func (Configuration) Name ¶

func (c Configuration) Name() string

Get the CYBERCOM name back.

func (Configuration) Peer ¶

func (c Configuration) Peer() (*x509.Certificate, error)

Get our Certificate back from the server, if the Server thinks it's a good Certificate.

func (Configuration) Template ¶

func (c Configuration) Template() pkix.Name

Get the Configuration `pkix.Name` from the Server, pre-filled with organization-wide defaults.

type Entity ¶

type Entity struct {
	Id        []byte
	CSR       x509.CertificateRequest
	State     pb.Entity_State
	Email     string
	Longevity *string
	Expires   *time.Time
}

Client's view of the Entity.

Source Files ¶

View all Source files

cybercom.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL