-
Notifications
You must be signed in to change notification settings - Fork 440
/
requests.go
138 lines (119 loc) · 3.87 KB
/
requests.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
package apiv1
import (
"crypto"
"crypto/x509"
"time"
"github.com/smallstep/certificates/kms/apiv1"
)
// CertificateAuthorityType indicates the type of Certificate Authority to
// create.
type CertificateAuthorityType int
const (
// RootCA is the type used to create a self-signed certificate suitable for
// use as a root CA.
RootCA CertificateAuthorityType = iota + 1
// IntermediateCA is the type used to create a subordinated certificate that
// can be used to sign additional leaf certificates.
IntermediateCA
)
// SignatureAlgorithm used for cryptographic signing.
type SignatureAlgorithm int
const (
// Not specified.
UnspecifiedSignAlgorithm SignatureAlgorithm = iota
// RSASSA-PKCS1-v1_5 key and a SHA256 digest.
SHA256WithRSA
// RSASSA-PKCS1-v1_5 key and a SHA384 digest.
SHA384WithRSA
// RSASSA-PKCS1-v1_5 key and a SHA512 digest.
SHA512WithRSA
// RSASSA-PSS key with a SHA256 digest.
SHA256WithRSAPSS
// RSASSA-PSS key with a SHA384 digest.
SHA384WithRSAPSS
// RSASSA-PSS key with a SHA512 digest.
SHA512WithRSAPSS
// ECDSA on the NIST P-256 curve with a SHA256 digest.
ECDSAWithSHA256
// ECDSA on the NIST P-384 curve with a SHA384 digest.
ECDSAWithSHA384
// ECDSA on the NIST P-521 curve with a SHA512 digest.
ECDSAWithSHA512
// EdDSA on Curve25519 with a SHA512 digest.
PureEd25519
)
// CreateCertificateRequest is the request used to sign a new certificate.
type CreateCertificateRequest struct {
Template *x509.Certificate
Lifetime time.Duration
Backdate time.Duration
RequestID string
}
// CreateCertificateResponse is the response to a create certificate request.
type CreateCertificateResponse struct {
Certificate *x509.Certificate
CertificateChain []*x509.Certificate
}
// RenewCertificateRequest is the request used to re-sign a certificate.
type RenewCertificateRequest struct {
Template *x509.Certificate
Lifetime time.Duration
Backdate time.Duration
RequestID string
}
// RenewCertificateResponse is the response to a renew certificate request.
type RenewCertificateResponse struct {
Certificate *x509.Certificate
CertificateChain []*x509.Certificate
}
// RevokeCertificateRequest is the request used to revoke a certificate.
type RevokeCertificateRequest struct {
Certificate *x509.Certificate
Reason string
ReasonCode int
RequestID string
}
// RevokeCertificateResponse is the response to a revoke certificate request.
type RevokeCertificateResponse struct {
Certificate *x509.Certificate
CertificateChain []*x509.Certificate
}
// GetCertificateAuthorityRequest is the request used to get the root
// certificate from a CAS.
type GetCertificateAuthorityRequest struct {
Name string
}
// GetCertificateAuthorityResponse is the response that contains
// the root certificate.
type GetCertificateAuthorityResponse struct {
RootCertificate *x509.Certificate
}
// CreateCertificateAuthorityRequest is the request used to generate a root or
// intermediate certificate.
type CreateCertificateAuthorityRequest struct {
Name string
Type CertificateAuthorityType
Template *x509.Certificate
Lifetime time.Duration
Backdate time.Duration
RequestID string
Project string
Location string
// Parent is the signer of the new CertificateAuthority.
Parent *CreateCertificateAuthorityResponse
// CreateKey defines the KMS CreateKeyRequest to use when creating a new
// CertificateAuthority. If CreateKey is nil, a default algorithm will be
// used.
CreateKey *apiv1.CreateKeyRequest
}
// CreateCertificateAuthorityResponse is the response for
// CreateCertificateAuthority method and contains the root or intermediate
// certificate generated as well as the CA chain.
type CreateCertificateAuthorityResponse struct {
Name string
Certificate *x509.Certificate
CertificateChain []*x509.Certificate
PublicKey crypto.PublicKey
PrivateKey crypto.PrivateKey
Signer crypto.Signer
}