-
Notifications
You must be signed in to change notification settings - Fork 1
/
intermediatecacertificates.go
339 lines (270 loc) · 13.5 KB
/
intermediatecacertificates.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
package intermediatecacertificates
import (
"errors"
"fmt"
"net/http"
"strings"
"github.com/zscaler/zscaler-sdk-go/zia/services/common"
)
const (
intermediateCaCertificatesEndpoint = "/intermediateCaCertificate"
intCADownloadAttestationEndpoint = "/intermediateCaCertificate/downloadAttestation"
intCADownloadCSREndpoint = "/intermediateCaCertificate/downloadCsr"
intCADownloadPublicKeyEndpoint = "/intermediateCaCertificate/downloadPublicKey"
intCAGenerateCSREndpoint = "/intermediateCaCertificate/generateCsr"
intCAFinalizeCSREndpoint = "/intermediateCaCertificate/finalizeCert"
intCAKeyPairEndpoint = "/intermediateCaCertificate/keyPair"
intCACertMakeDefaultEndpoint = "/intermediateCaCertificate/makeDefault"
intCAReadyToUseEndpoint = "/intermediateCaCertificate/readyToUse"
intCAShowCertEndpoint = "/intermediateCaCertificate/showCert"
intCAShowCSREndpoint = "/intermediateCaCertificate/showCsr"
intCAUploadCert = "/intermediateCaCertificate/uploadCert"
intCAUploadCertChain = "/intermediateCaCertificate/uploadCertChain"
intCAVerifyKeyAttestation = "/intermediateCaCertificate/verifyKeyAttestation"
)
type IntermediateCACertificate struct {
// Unique identifier for the intermediate CA certificat
ID int `json:"id"`
// Name of the intermediate CA certificate
Name string `json:"name,omitempty"`
// Description for the intermediate CA certificate
Description string `json:"description,omitempty"`
// Type of the intermediate CA certificate. Available types: Zscaler’s intermediate CA certificate (provided by Zscaler), custom intermediate certificate with software protection, and custom intermediate certificate with cloud HSM protection.
Type string `json:"type,omitempty"`
// Location of the HSM resources. Required for custom intermediate CA certificates with cloud HSM protection
Region string `json:"region,omitempty"`
// Determines whether the intermediate CA certificate is enabled or disabled for SSL inspection. Subscription to cloud HSM protection allows a maximum of four active certificates for SSL inspection at a time, whereas software protection subscription allows only one active certificate
Status string `json:"status,omitempty"`
// If set to true, the intermediate CA certificate is the default intermediate certificate. Only one certificate can be marked as the default intermediate certificate at a time
DefaultCertificate bool `json:"defaultCertificate,omitempty"`
// Start date of the intermediate CA certificate’s validity period
CertStartDate int `json:"certStartDate,omitempty"`
// Expiration date of the intermediate CA certificate’s validity period
CertExpDate int `json:"certExpDate,omitempty"`
// Tracks the progress of the intermediate CA certificate in the configuration workflow
CurrentState string `json:"currentState,omitempty"`
// Public key in the HSM key pair generated for the intermediate CA certificate
PublicKey string `json:"publicKey,omitempty"`
// Timestamp when the HSM key was generated
KeyGenerationTime int `json:"keyGenerationTime,omitempty"`
// Timestamp when the attestation for the HSM key was verified
HSMAttestationVerifiedTime int `json:"hsmAttestationVerifiedTime,omitempty"`
// Certificate Signing Request (CSR) file name
CSRFileName string `json:"csrFileName,omitempty"`
// Timestamp when the Certificate Signing Request (CSR) was generated
CSRGenerationTime int `json:"csrGenerationTime,omitempty"`
}
type CertSigningRequest struct {
// Unique identifier for the intermediate CA certificate
CertID int `json:"certId"`
// Name of the CSR file
CSRFileName string `json:"csrFileName,omitempty"`
// Common Name (CN) of your organization’s domain, such as zscaler.com
CommName string `json:"commName,omitempty"`
// Name of your organization or company
ORGName string `json:"orgName,omitempty"`
// Name of your department or division
DeptName string `json:"deptName,omitempty"`
// Name of the city or town where your organization is located
City string `json:"city,omitempty"`
// State, province, region, or county where your organization is located
State string `json:"state,omitempty"`
// Country where your organization is located
Country string `json:"country,omitempty"`
// Key size to be used in the encryption algorithm in bits. Default size: 2048 bits
KeySize int `json:"keySize,omitempty"`
// Signature algorithm to be used for generating intermediate CA certificate. Default value: SHA256
SignatureAlgorithm string `json:"signatureAlgorithm,omitempty"`
// The path length constraint for the intermediate CA certificate. Default values: 0 for cloud HSM, 1 for software protection
PathLengthConstraint int `json:"pathLengthConstraint,omitempty"`
}
func (service *Service) Get(certID int) (*IntermediateCACertificate, error) {
var intermediateCACertificate IntermediateCACertificate
err := service.Client.Read(fmt.Sprintf("%s/%d", intermediateCaCertificatesEndpoint, certID), &intermediateCACertificate)
if err != nil {
return nil, err
}
service.Client.Logger.Printf("[DEBUG]Returning intermediate ca certificate from Get: %d", intermediateCACertificate.ID)
return &intermediateCACertificate, nil
}
func (service *Service) GetByName(certName string) (*IntermediateCACertificate, error) {
var intermediateCACertificate []IntermediateCACertificate
err := common.ReadAllPages(service.Client, intermediateCaCertificatesEndpoint, &intermediateCACertificate)
if err != nil {
return nil, err
}
for _, certificate := range intermediateCACertificate {
if strings.EqualFold(certificate.Name, certName) {
return &certificate, nil
}
}
return nil, fmt.Errorf("no intermediate ca certificate found with name: %s", certName)
}
func (service *Service) GetDownloadAttestation(certID int) (*IntermediateCACertificate, error) {
var downloadAttestation IntermediateCACertificate
err := service.Client.Read(fmt.Sprintf("%s/%d", intCADownloadAttestationEndpoint, certID), &downloadAttestation)
if err != nil {
return nil, err
}
service.Client.Logger.Printf("[DEBUG]Returning downloaded attestation from Get: %d", downloadAttestation.ID)
return &downloadAttestation, nil
}
func (service *Service) GetDownloadCSR(certID int) (*IntermediateCACertificate, error) {
var downloadCSR IntermediateCACertificate
err := service.Client.Read(fmt.Sprintf("%s/%d", intCADownloadCSREndpoint, certID), &downloadCSR)
if err != nil {
return nil, err
}
service.Client.Logger.Printf("[DEBUG]Returning downloaded csr from Get: %d", downloadCSR.ID)
return &downloadCSR, nil
}
func (service *Service) GetDownloadPublicKey(certID int) (*IntermediateCACertificate, error) {
var downloadPublicKey IntermediateCACertificate
err := service.Client.Read(fmt.Sprintf("%s/%d", intCADownloadPublicKeyEndpoint, certID), &downloadPublicKey)
if err != nil {
return nil, err
}
service.Client.Logger.Printf("[DEBUG]Returning downloaded public key from Get: %d", downloadPublicKey.ID)
return &downloadPublicKey, nil
}
func (service *Service) GetIntCAReadyToUse() (*IntermediateCACertificate, error) {
var readyToUse IntermediateCACertificate
err := service.Client.Read((intCAReadyToUseEndpoint), &readyToUse)
if err != nil {
return nil, err
}
service.Client.Logger.Printf("[DEBUG]Returning downloaded public key from Get: %d", readyToUse.ID)
return &readyToUse, nil
}
func (service *Service) GetShowCert(certID int) (*CertSigningRequest, error) {
var showCert CertSigningRequest
err := service.Client.Read(fmt.Sprintf("%s/%d", intCAShowCertEndpoint, certID), &showCert)
if err != nil {
return nil, err
}
service.Client.Logger.Printf("[DEBUG]Returning info about signed intrermediate CA certificates from Get: %d", showCert.CertID)
return &showCert, nil
}
func (service *Service) GetShowCSR(certID int) (*CertSigningRequest, error) {
var showCSR CertSigningRequest
err := service.Client.Read(fmt.Sprintf("%s/%d", intCAShowCSREndpoint, certID), &showCSR)
if err != nil {
return nil, err
}
service.Client.Logger.Printf("[DEBUG]Returning info about signed intermediate CA certificates from Get: %d", showCSR.CertID)
return &showCSR, nil
}
func (service *Service) GetAll() ([]IntermediateCACertificate, error) {
var intermediateCACertificate []IntermediateCACertificate
err := common.ReadAllPages(service.Client, intermediateCaCertificatesEndpoint, &intermediateCACertificate)
return intermediateCACertificate, err
}
func (service *Service) CreateIntCACertificate(cert *IntermediateCACertificate) (*IntermediateCACertificate, error) {
resp, err := service.Client.Create(intermediateCaCertificatesEndpoint, *cert)
if err != nil {
return nil, err
}
createdIntermediateCACert, ok := resp.(*IntermediateCACertificate)
if !ok {
return nil, errors.New("object returned from api was not an intermediate ca certificate Pointer")
}
service.Client.Logger.Printf("[DEBUG]returning intermediate ca certificate from create: %d", createdIntermediateCACert.ID)
return createdIntermediateCACert, nil
}
func (service *Service) CreateIntCAGenerateCSR(cert *IntermediateCACertificate) (*IntermediateCACertificate, error) {
resp, err := service.Client.Create(intCAGenerateCSREndpoint, *cert)
if err != nil {
return nil, err
}
createdIntCAGenerateCSR, ok := resp.(*IntermediateCACertificate)
if !ok {
return nil, errors.New("object returned from api was not an intermediate ca certificate Pointer")
}
service.Client.Logger.Printf("[DEBUG]returning intermediate ca certificate from create: %d", createdIntCAGenerateCSR.ID)
return createdIntCAGenerateCSR, nil
}
func (service *Service) CreateIntCAFinalizeCert(cert *IntermediateCACertificate) (*IntermediateCACertificate, error) {
resp, err := service.Client.Create(intCAFinalizeCSREndpoint, *cert)
if err != nil {
return nil, err
}
createdIntCAFinalizeCSR, ok := resp.(*IntermediateCACertificate)
if !ok {
return nil, errors.New("object returned from api was not an intermediate ca certificate Pointer")
}
service.Client.Logger.Printf("[DEBUG]returning intermediate ca certificate from create: %d", createdIntCAFinalizeCSR.ID)
return createdIntCAFinalizeCSR, nil
}
func (service *Service) CreateIntCAKeyPair(keyPair *IntermediateCACertificate) (*IntermediateCACertificate, error) {
resp, err := service.Client.Create(intCAKeyPairEndpoint, *keyPair)
if err != nil {
return nil, err
}
createdIntCAKeyPair, ok := resp.(*IntermediateCACertificate)
if !ok {
return nil, errors.New("object returned from api was not an intermediate ca certificate Pointer")
}
service.Client.Logger.Printf("[DEBUG]returning intermediate ca certificate from create: %d", createdIntCAKeyPair.ID)
return createdIntCAKeyPair, nil
}
func (service *Service) CreateUploadCert(certID *IntermediateCACertificate) (*IntermediateCACertificate, error) {
resp, err := service.Client.Create(intCAUploadCert, *certID)
if err != nil {
return nil, err
}
createdIntCAUploadCert, ok := resp.(*IntermediateCACertificate)
if !ok {
return nil, errors.New("object returned from api was not an intermediate ca certificate Pointer")
}
service.Client.Logger.Printf("[DEBUG]returning uploaded customer intermediate ca certificate from create: %d", createdIntCAUploadCert.ID)
return createdIntCAUploadCert, nil
}
func (service *Service) CreateUploadCertChain(certID *IntermediateCACertificate) (*IntermediateCACertificate, error) {
resp, err := service.Client.Create(intCAUploadCertChain, *certID)
if err != nil {
return nil, err
}
createdIntCAUploadChain, ok := resp.(*IntermediateCACertificate)
if !ok {
return nil, errors.New("object returned from api was not an intermediate ca certificate Pointer")
}
service.Client.Logger.Printf("[DEBUG]returning uploaded certificate chain from create: %d", createdIntCAUploadChain.ID)
return createdIntCAUploadChain, nil
}
func (service *Service) CreateVerifyKeyAttestation(certID *IntermediateCACertificate) (*IntermediateCACertificate, error) {
resp, err := service.Client.Create(intCAVerifyKeyAttestation, *certID)
if err != nil {
return nil, err
}
createdVerifyKeyAttestation, ok := resp.(*IntermediateCACertificate)
if !ok {
return nil, errors.New("object returned from api was not an intermediate ca certificate Pointer")
}
service.Client.Logger.Printf("[DEBUG]returning key attestation from create: %d", createdVerifyKeyAttestation.ID)
return createdVerifyKeyAttestation, nil
}
func (service *Service) Update(certID int, certificates *IntermediateCACertificate) (*IntermediateCACertificate, error) {
resp, err := service.Client.UpdateWithPut(fmt.Sprintf("%s/%d", intermediateCaCertificatesEndpoint, certID), *certificates)
if err != nil {
return nil, err
}
updatedIntermediateCaCert, _ := resp.(*IntermediateCACertificate)
service.Client.Logger.Printf("[DEBUG]returning intermediate ca certificate from update: %d", updatedIntermediateCaCert.ID)
return updatedIntermediateCaCert, nil
}
func (service *Service) UpdateMakeDefault(certID int, certificates *IntermediateCACertificate) (*IntermediateCACertificate, error) {
resp, err := service.Client.UpdateWithPut(fmt.Sprintf("%s/%d", intCACertMakeDefaultEndpoint, certID), *certificates)
if err != nil {
return nil, err
}
updatedIntermediateCaCert, _ := resp.(*IntermediateCACertificate)
service.Client.Logger.Printf("[DEBUG]returning default certificate from update: %d", updatedIntermediateCaCert.ID)
return updatedIntermediateCaCert, nil
}
func (service *Service) Delete(certID int) (*http.Response, error) {
err := service.Client.Delete(fmt.Sprintf("%s/%d", intermediateCaCertificatesEndpoint, certID))
if err != nil {
return nil, err
}
return nil, nil
}