forked from stmcginnis/gofish
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathcertificate.go
228 lines (205 loc) · 8.18 KB
/
certificate.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
//
// SPDX-License-Identifier: BSD-3-Clause
//
package redfish
import (
"encoding/json"
"github.com/stmcginnis/gofish/common"
)
type CertificateType string
const (
// A Privacy Enhanced Mail (PEM)-encoded single certificate.
PEMCertificateType CertificateType = "PEM"
// A Privacy Enhanced Mail (PEM)-encoded certificate chain.
PEMChainCertificateType CertificateType = "PEMChain"
// A Privacy Enhanced Mail (PEM)-encoded PKCS7 certificate.
PKCS7CertificateType CertificateType = "PKCS7"
)
type CertificateUsageType string
const (
// This certificate is a BIOS certificate like those associated with UEFI.
BIOSCertificateUsageType CertificateUsageType = "BIOS"
// This certificate is a device type certificate like those associated with SPDM and other standards.
DeviceCertificateUsageType CertificateUsageType = "Device"
// This certificate is a platform type certificate like those associated with SPDM and other standards.
PlatformCertificateUsageType CertificateUsageType = "Platform"
// This certificate is used for SSH.
SSHCertificateUsageType CertificateUsageType = "SSH"
// This certificate is a user certificate like those associated with a manager account.
UserCertificateUsageType CertificateUsageType = "User"
// This certificate is a web or HTTPS certificate like those used for event destinations.
WebCertificateUsageType CertificateUsageType = "Web"
)
type KeyUsageExtension string
const (
// TLS WWW client authentication.
ClientAuthenticationKeyUsageExtension KeyUsageExtension = "ClientAuthentication"
// Signs downloadable executable code.
CodeSigningKeyUsageExtension KeyUsageExtension = "CodeSigning"
// Verifies signatures on certificate revocation lists (CRLs).
CRLSigningKeyUsageExtension KeyUsageExtension = "CRLSigning"
// Directly enciphers raw user data without an intermediate symmetric cipher.
DataEnciphermentKeyUsageExtension KeyUsageExtension = "DataEncipherment"
// Deciphers data while performing a key agreement.
DecipherOnlyKeyUsageExtension KeyUsageExtension = "DecipherOnly"
// Verifies digital signatures, other than signatures on certificates and CRLs.
DigitalSignatureKeyUsageExtension KeyUsageExtension = "DigitalSignature"
// Email protection.
EmailProtectionKeyUsageExtension KeyUsageExtension = "EmailProtection"
// Enciphers data while performing a key agreement.
EncipherOnlyKeyUsageExtension KeyUsageExtension = "EncipherOnly"
// Key agreement.
KeyAgreementKeyUsageExtension KeyUsageExtension = "KeyAgreement"
// Verifies signatures on public key certificates.
KeyCertSignKeyUsageExtension KeyUsageExtension = "KeyCertSign"
// Enciphers private or secret keys.
KeyEnciphermentKeyUsageExtension KeyUsageExtension = "KeyEncipherment"
// Verifies digital signatures, other than signatures on certificates and CRLs,
// and provides a non-repudiation service that protects against the signing entity falsely denying some action.
NonRepudiationKeyUsageExtension KeyUsageExtension = "NonRepudiation"
// Signs OCSP responses.
OCSPSigningKeyUsageExtension KeyUsageExtension = "OCSPSigning"
// TLS WWW server authentication.
ServerAuthenticationKeyUsageExtension KeyUsageExtension = "ServerAuthentication"
// Binds the hash of an object to a time.
TimestampingKeyUsageExtension KeyUsageExtension = "Timestamping"
)
type SPDM struct {
// Slot identifier of the certificate.
SlotID int64 `json:"SlotId"`
}
type CertificateIdentifier struct {
// Additional common names of the entity.
AdditionalCommonNames []string
// Additional organizational units of the entity.
AdditionalOrganizationalUnits []string
// The additional host names of the entity.
AlternativeNames []string
// The city or locality of the organization of the entity.
City string
// The common name of the entity.
CommonName string
// The country of the organization of the entity.
Country string
// A human-readable string for this identifier.
DisplayString string
// The domain components of the entity.
DomainComponents []string
// The email address of the contact within the organization of the entity.
Email string
// The name of the organization of the entity.
Organization string
// The name of the unit or division of the organization of the entity.
OrganizationalUnit string
// The state, province, or region of the organization of the entity.
State string
}
type Certificate struct {
common.Entity
Description string
// ODataContext is the odata context.
ODataContext string `json:"@odata.context"`
// ODataType is the odata type.
ODataType string `json:"@odata.type"`
// The string for the certificate.
CertificateString string
// The format of the certificate.
CertificateType CertificateType
// The types or purposes for this certificate.
CertificateUsageTypes []CertificateUsageType
// The fingerprint of the certificate.
Fingerprint string
// The hash algorithm for the fingerprint of the certificate.
FingerprintHashAlgorithm string
// The issuer of the certificate.
Issuer CertificateIdentifier
// The usages of a key contained within a certificate.
KeyUsage []KeyUsageExtension
// The serial number of the certificate.
SerialNumber string
// The algorithm used for creating the signature of the certificate.
SignatureAlgorithm string
// SPDM-related information for the certificate.
SPDM SPDM
// The subject of the certificate.
Subject CertificateIdentifier
// The UEFI signature owner for this certificate.
UefiSignatureOwner string
// The date when the certificate is no longer valid.
ValidNotAfter string
// The date when the certificate becomes valid.
ValidNotBefore string
Oem json.RawMessage
// A link to the certificate of the CA that issued this certificate.
issuer string
// An array of links to certificates that were issued by the CA that is represented by this certificate.
subjects []string
SubjectsCount int
OemLinks json.RawMessage
rekeyTarget string
renewTarget string
// OemActions contains all the vendor specific actions.
// It is vendor responsibility to parse this field accordingly
OemActions json.RawMessage
}
// UnmarshalJSON unmarshals a NetworkAdapter object from the raw JSON.
func (certificate *Certificate) UnmarshalJSON(b []byte) error {
type temp Certificate
type linkReference struct {
Issuer common.Link
Subjects common.Links
SubjectsCount int `json:"[email protected]"`
Oem json.RawMessage
}
type actions struct {
RekeyCertificate common.ActionTarget `json:"#Certificate.Rekey"`
RenewCertificate common.ActionTarget `json:"#Certificate.Renew"`
Oem json.RawMessage // OEM actions will be stored here
}
var t struct {
temp
Links linkReference
Actions actions
}
if err := json.Unmarshal(b, &t); err != nil {
return err
}
// Extract the links to other entities for later
*certificate = Certificate(t.temp)
certificate.issuer = t.Links.Issuer.String()
certificate.subjects = t.Links.Subjects.ToStrings()
certificate.SubjectsCount = t.Links.SubjectsCount
certificate.OemLinks = t.Links.Oem
certificate.rekeyTarget = t.Actions.RekeyCertificate.Target
certificate.renewTarget = t.Actions.RenewCertificate.Target
certificate.OemActions = t.Actions.Oem
return nil
}
// GetCertificate will get a Certificate instance from the Redfish service.
func GetCertificate(c common.Client, uri string) (*Certificate, error) {
return common.GetObject[Certificate](c, uri)
}
// ListReferencedCertificates gets the Certificates collection.
func ListReferencedCertificates(c common.Client, link string) ([]*Certificate, error) {
return common.GetCollectionObjects[Certificate](c, link)
}
func (certificate *Certificate) RekeyCertificate(challengePassword, keyCurveID, keyPairAlgorithm string, keyBitLength int) error {
t := struct {
ChallengePassword string
KeyCurveID string `json:"KeyCurveId"`
KeyPairAlgorithm string
KeyBitLength int
}{
ChallengePassword: challengePassword,
KeyCurveID: keyCurveID,
KeyPairAlgorithm: keyPairAlgorithm,
KeyBitLength: keyBitLength,
}
return certificate.Post(certificate.rekeyTarget, t)
}
func (certificate *Certificate) RenewCertificate(challengePassword string) error {
t := struct {
ChallengePassword string
}{ChallengePassword: challengePassword}
return certificate.Post(certificate.renewTarget, t)
}