ejbca

package
v1.3.7 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 13, 2023 License: Apache-2.0 Imports: 18 Imported by: 1

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type CAInfo 

type CAInfo struct {
	CertificateAuthorities []CertificateAuthorities `json:"certificate_authorities"`
}

type CertificateAuthorities 

type CertificateAuthorities struct {
	Id             int    `json:"id,omitempty"`
	Name           string `json:"name,omitempty"`
	SubjectDn      string `json:"subject_dn,omitempty"`
	IssuerDn       string `json:"issuer_dn,omitempty"`
	ExpirationDate string `json:"expiration_date,omitempty"`
}

type CertificateData added in v1.2.3 

type CertificateData struct {
	Certificate        *x509.Certificate
	SerialNumber       string
	CertificateChain   []*x509.Certificate
	PrivateKey         interface{}
	CertificateProfile string
	EndEntityProfile   string
}

type CertificatesRestResponse 

type CertificatesRestResponse struct {
	Certificates []certificateDataResponse
}

type Client 

type Client struct {
	RESTClient
	EST *ESTClient
}

type Config 

type Config struct {

	// Path to client certificate in PEM format. This certificate must contain a client certificate that
	// is recognized by the EJBCA instance represented by Hostname. This PEM file may also contain the private
	// key associated with the certificate, but KeyFile can also be set to configure the private key.
	CertificateFile string

	// Path to private key in PEM format. This file should contain the private key associated with the
	// client certificate configured in CertificateFile.
	KeyFile string

	// Password that protects private key (if encrypted)
	KeyPassword string

	// Path to the root CA that signed the certificate passed to the client for HTTPS connection.
	// This is not required if the CA is trusted by the host operating system. This should be a PEM
	// formatted certificate, and doesn't necessarily have to be the CA that signed CertificateFile.
	// Note that GoLang searches the following locations for CA certificates, and configuring a CAFile has the same
	// effect as adding the CA certificate to one of the paths:
	// from https://go.dev/src/crypto/x509/root_linux.go
	//
	// Possible certificate files; stop after finding one.
	//	var certFiles = []string{
	//		"/etc/ssl/certs/ca-certificates.crt",                // Debian/Ubuntu/Gentoo etc.
	//		"/etc/pki/tls/certs/ca-bundle.crt",                  // Fedora/RHEL 6
	//		"/etc/ssl/ca-bundle.pem",                            // OpenSUSE
	//		"/etc/pki/tls/cacert.pem",                           // OpenELEC
	//		"/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem", // CentOS/RHEL 7
	//		"/etc/ssl/cert.pem",                                 // Alpine Linux
	//  }
	//
	//	// Possible directories with certificate files; all will be read.
	//	var certDirectories = []string{
	//		"/etc/ssl/certs",               // SLES10/SLES11, https://golang.org/issue/12139
	//		"/etc/pki/tls/certs",           // Fedora/RHEL
	//		"/system/etc/security/cacerts", // Android
	//	}
	CAFile string

	// Optional default values for REST client
	DefaultCertificateProfileName   string
	DefaultEndEntityProfileName     string
	DefaultCertificateAuthorityName string

	// Optional default values for EST client
	DefaultESTAlias string
}

Config is a struct holding all necessary client configuration data for communicating with the EJBCA API. This includes the hostname, and configuration for the client certificate. Required field options:

  • Hostname and CertificateFile and KeyFile
  • Hostname and PKCS12Path

type Criteria 

type Criteria struct {
	Property  string `json:"property"`
	Value     string `json:"value"`
	Operation string `json:"operation"`
}

Criteria contains search criteria used to query various EJBCA endpoints.

type ESTClient 

type ESTClient struct {
	// contains filtered or unexported fields
}

func (*ESTClient) CaCerts 

func (e *ESTClient) CaCerts(alias string) ([]*x509.Certificate, error)

func (*ESTClient) SimpleEnroll 

func (e *ESTClient) SimpleEnroll(alias string, csr string) ([]*x509.Certificate, error)

SimpleEnroll uses the EJBCA EST endpoint with an optional alias to perform a simple CSR enrollment. * alias - optional EJBCA EST alias * csr - Base64 encoded PKCS#10 CSR

func (*ESTClient) SimpleReEnroll 

func (e *ESTClient) SimpleReEnroll(alias string, csr *x509.CertificateRequest) (string, error)

type EndEntity 

type EndEntity struct {
	Username       string          `json:"username"`
	Dn             string          `json:"dn"`
	SubjectAltName string          `json:"subject_alt_name"`
	Email          *string         `json:"email"`
	Status         string          `json:"status"`
	Token          string          `json:"token"`
	ExtensionData  []ExtensionData `json:"extension_data"`
}

type EndEntitySearch 

type EndEntitySearch struct {
	Search
}

EndEntitySearch is used to search for specific end entities supported by an EJBCA instance.

type EndEntitySearchResponse 

type EndEntitySearchResponse struct {
	EndEntities []EndEntity `json:"end_entities"`
	MoreResults bool        `json:"more_results"`
}

type EnrollCertificateRequest 

type EnrollCertificateRequest struct {
	CertificateRequest       string `json:"certificate_request,omitempty"`
	Username                 string `json:"username,omitempty"`
	Password                 string `json:"password,omitempty"`
	IncludeChain             bool   `json:"include_chain,omitempty"`
	CertificateAuthorityName string `json:"certificate_authority_name,omitempty"`
}

EnrollCertificateRequest contains configuration data required to enroll a certificate request with EJBCA.

type EnrollKeystore 

type EnrollKeystore struct {
	Username string `json:"username,omitempty"`
	Password string `json:"password,omitempty"`
	KeyAlg   string `json:"key_alg,omitempty"`
	KeySpec  string `json:"key_spec,omitempty"`
}

EnrollKeystore contains configuration data required to enroll a keystore with EJBCA.

type ExpiringCertificates 

type ExpiringCertificates struct {
	PaginationRestResponseComponent PaginationRestResponseComponent
	CertificatesRestResponse        []*CertificateData
}

The ExpiringCertificates struct is returned by the GetExpiringCertificates() method.

type ExtensionData 

type ExtensionData struct {
	Name  string `json:"name"`
	Value string `json:"value"`
}

type GetRevocationStatusResponse 

type GetRevocationStatusResponse struct {
	RevokeCertificateResponse
}

GetRevocationStatusResponse contains response data returned by the CheckRevocationStatus() method.

type LatestCRL 

type LatestCRL struct {
	CRL            string `json:"crl,omitempty"`
	ResponseFormat string `json:"response_format,omitempty"`
}

type PKCS10CSREnrollment 

type PKCS10CSREnrollment struct {
	CertificateRequest string `json:"certificate_request,omitempty"`

	// Certificate profile name that EJBCA will enroll the CSR with. Leave this blank to use default
	// certificate profile configured with client.
	CertificateProfileName string `json:"certificate_profile_name,omitempty"`

	// End entity profile that EJBCA will enroll the CSR with. Leave this blank to use default
	// end entity profile configured with client.
	EndEntityProfileName string `json:"end_entity_profile_name,omitempty"`

	// Name of EJBCA certificate authority that will enroll CSR. Leave this blank to use default
	// certificate authority configured with client.
	CertificateAuthorityName string `json:"certificate_authority_name,omitempty"`
	Username                 string `json:"username,omitempty"`
	Password                 string `json:"password,omitempty"`
	AccountBindingId         string `json:"account_binding_id,omitempty"`
	IncludeChain             bool   `json:"include_chain,omitempty"`
}

PKCS10CSREnrollment contains configuration data required to enroll a PKCS10 CSR in PEM format, and is a required argument for the EnrollPKCS10() method.

type PaginationRestResponseComponent 

type PaginationRestResponseComponent struct {
	MoreResults     bool `json:"more_results,omitempty"`
	NextOffset      int  `json:"next_offset,omitempty"`
	NumberOfResults int  `json:"number_of_results,omitempty"`
}

PaginationRestResponseComponent is a structure that is contained within the ExpiringCertificates struct and is used to modularize response content.

type RESTClient 

type RESTClient struct {
	// contains filtered or unexported fields
}

func (*RESTClient) CheckRevocationStatus 

func (c *RESTClient) CheckRevocationStatus(issuerDn string, certificateSerialNumber string) (*GetRevocationStatusResponse, error)

CheckRevocationStatus checks if the certificate issued by issuerDn with serial number certificateSerialNumber is revoked. Give certificateSerialNumber a hex encoded serial number. IE hex representation of a really large unsigned integer.

func (*RESTClient) EndEntitySearch 

func (c *RESTClient) EndEntitySearch(criteria *EndEntitySearch) (*EndEntitySearchResponse, error)

func (*RESTClient) EnrollCertificateRequest 

func (c *RESTClient) EnrollCertificateRequest(certificateRequest *EnrollCertificateRequest) (*CertificateData, error)

func (*RESTClient) EnrollKeystore 

func (c *RESTClient) EnrollKeystore(keystore *EnrollKeystore) (*CertificateData, error)

func (*RESTClient) EnrollPKCS10 

func (c *RESTClient) EnrollPKCS10(enrollment *PKCS10CSREnrollment) (*CertificateData, error)

func (*RESTClient) FinalizeCertificateEnrollment 

func (c *RESTClient) FinalizeCertificateEnrollment(requestId int, password string) (*CertificateData, error)

func (*RESTClient) GetCACertificate added in v1.2.3 

func (c *RESTClient) GetCACertificate(subjectDn string) ([]*x509.Certificate, error)

func (*RESTClient) GetCRLByIssuerDn 

func (c *RESTClient) GetCRLByIssuerDn(issuerDn string) (*LatestCRL, error)

func (*RESTClient) GetEJBCACAList 

func (c *RESTClient) GetEJBCACAList() (*CAInfo, error)

func (*RESTClient) GetExpiringCertificates 

func (c *RESTClient) GetExpiringCertificates(days int, offset int, maxNumberOfResults int) (*ExpiringCertificates, error)

func (*RESTClient) GetV1CAStatus 

func (c *RESTClient) GetV1CAStatus() (*V1CARestResourceStatus, error)

func (*RESTClient) GetV1CertificateStatus 

func (c *RESTClient) GetV1CertificateStatus() (*V1CertificateEndpointStatus, error)

func (*RESTClient) GetV1EndEntityStatus 

func (c *RESTClient) GetV1EndEntityStatus() (*V1EndEntityStatus, error)

func (*RESTClient) RevokeCertificate 

func (c *RESTClient) RevokeCertificate(rca *RevokeCertificate) (*RevokeCertificateResponse, error)

func (*RESTClient) SearchCertificates 

func (c *RESTClient) SearchCertificates(criteria *SearchCertificate) ([]*CertificateData, bool, error)

type RevokeCertificate 

type RevokeCertificate struct {
	// Subject DN of the issuing CA
	IssuerDn string `json:"-"`

	// Hex serial number (without prefix, e.g. ‘00’)
	CertificateSerialNumber string `json:"-"`

	// Reason must be a valid RFC5280 reason. One of
	// NOT_REVOKED, UNSPECIFIED ,KEY_COMPROMISE,
	// CA_COMPROMISE, AFFILIATION_CHANGED, SUPERSEDED, CESSATION_OF_OPERATION,
	// CERTIFICATE_HOLD, REMOVE_FROM_CRL, PRIVILEGES_WITHDRAWN, AA_COMPROMISE
	Reason string `json:"-"`

	// ISO 8601 Date string, eg. ‘2018-06-15T14:07:09Z’
	Date string `json:"-"`
}

RevokeCertificate contains configuration data required for revoking certificates enrolled by an EJBCA CA, and is required to use the RevokeCertificate() method.

type RevokeCertificateResponse 

type RevokeCertificateResponse struct {
	IssuerDn         string `json:"issuer_dn,omitempty"`
	SerialNumber     string `json:"serial_number,omitempty"`
	RevocationReason string `json:"revocation_reason,omitempty"`
	RevocationDate   string `json:"revocation_date,omitempty"`
	Message          string `json:"message,omitempty"`
	Revoked          bool   `json:"revoked,omitempty"`
}

RevokeCertificateResponse contains the response returned by the RevokeCertificate() method. 

type Search struct {
	MaxNumberOfResults int        `json:"max_number_of_results"`
	Criteria           []Criteria `json:"criteria"`
}

Search is a generic struct created for easy reuse of EJBCA endpoints that require queries.

type SearchCertificate 

type SearchCertificate struct {
	Search
}

SearchCertificate contains search criteria required to search for certificates enrolled by EJBCA.

type SharedClientFactory 

type SharedClientFactory struct {
	// contains filtered or unexported fields
}

func ClientFactory 

func ClientFactory(hostname string, config *Config) (*SharedClientFactory, error)

func (*SharedClientFactory) NewEJBCAClient 

func (f *SharedClientFactory) NewEJBCAClient() (*Client, error)

func (*SharedClientFactory) NewESTClient 

func (f *SharedClientFactory) NewESTClient(username string, password string) (*Client, error)

type V1CARestResourceStatus 

type V1CARestResourceStatus struct {
	Status   string `json:"status,omitempty"`
	Version  string `json:"version,omitempty"`
	Revision string `json:"revision,omitempty"`
}

type V1CertificateEndpointStatus 

type V1CertificateEndpointStatus struct {
	Status   string `json:"status,omitempty"`
	Version  string `json:"version,omitempty"`
	Revision string `json:"revision,omitempty"`
}

V1CertificateEndpointStatus contains status information about the V1 certificate endpoint.

type V1EndEntityStatus 

type V1EndEntityStatus struct {
	V1CertificateEndpointStatus
}

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.