mirror of
https://github.com/smallstep/certificates.git
synced 2024-11-15 18:12:59 +00:00
6d644880bd
CloudKMS keys signs data using an specific signature algorithm, in RSA keys, this can be PKCS#1 RSA or RSA-PSS, if the later is used, x509.CreateCertificate will fail unless the template SignatureCertificate is properly set. On contrast, AWSKMS RSA keys, are just RSA keys, and can sign with PKCS#1 or RSA-PSS schemes, so right now the way to enforce one or the other is to used templates.
79 lines
2.4 KiB
Go
79 lines
2.4 KiB
Go
package apiv1
|
|
|
|
import (
|
|
"crypto/x509"
|
|
"net/http"
|
|
"strings"
|
|
)
|
|
|
|
// CertificateAuthorityService is the interface implemented to support external
|
|
// certificate authorities.
|
|
type CertificateAuthorityService interface {
|
|
CreateCertificate(req *CreateCertificateRequest) (*CreateCertificateResponse, error)
|
|
RenewCertificate(req *RenewCertificateRequest) (*RenewCertificateResponse, error)
|
|
RevokeCertificate(req *RevokeCertificateRequest) (*RevokeCertificateResponse, error)
|
|
}
|
|
|
|
// CertificateAuthorityGetter is an interface implemented by a
|
|
// CertificateAuthorityService that has a method to get the root certificate.
|
|
type CertificateAuthorityGetter interface {
|
|
GetCertificateAuthority(req *GetCertificateAuthorityRequest) (*GetCertificateAuthorityResponse, error)
|
|
}
|
|
|
|
// CertificateAuthorityCreator is an interface implamented by a
|
|
// CertificateAuthorityService that has a method to create a new certificate
|
|
// authority.
|
|
type CertificateAuthorityCreator interface {
|
|
CreateCertificateAuthority(req *CreateCertificateAuthorityRequest) (*CreateCertificateAuthorityResponse, error)
|
|
}
|
|
|
|
// SignatureAlgorithmGetter is an optional implementation in a crypto.Signer
|
|
// that returns the SignatureAlgorithm to use.
|
|
type SignatureAlgorithmGetter interface {
|
|
SignatureAlgorithm() x509.SignatureAlgorithm
|
|
}
|
|
|
|
// Type represents the CAS type used.
|
|
type Type string
|
|
|
|
const (
|
|
// DefaultCAS is a CertificateAuthorityService using software.
|
|
DefaultCAS = ""
|
|
// SoftCAS is a CertificateAuthorityService using software.
|
|
SoftCAS = "softcas"
|
|
// CloudCAS is a CertificateAuthorityService using Google Cloud CAS.
|
|
CloudCAS = "cloudcas"
|
|
// StepCAS is a CertificateAuthorityService using another step-ca instance.
|
|
StepCAS = "stepcas"
|
|
)
|
|
|
|
// String returns a string from the type. It will always return the lower case
|
|
// version of the Type, as we need a standard type to compare and use as the
|
|
// registry key.
|
|
func (t Type) String() string {
|
|
if t == "" {
|
|
return SoftCAS
|
|
}
|
|
return strings.ToLower(string(t))
|
|
}
|
|
|
|
// ErrNotImplemented is the type of error returned if an operation is not
|
|
// implemented.
|
|
type ErrNotImplemented struct {
|
|
Message string
|
|
}
|
|
|
|
// ErrNotImplemented implements the error interface.
|
|
func (e ErrNotImplemented) Error() string {
|
|
if e.Message != "" {
|
|
return e.Message
|
|
}
|
|
return "not implemented"
|
|
}
|
|
|
|
// StatusCode implements the StatusCoder interface and returns the HTTP 501
|
|
// error.
|
|
func (e ErrNotImplemented) StatusCode() int {
|
|
return http.StatusNotImplemented
|
|
}
|