TrueCloudLab/certificates
17
0
Fork 2
Code Issues 1 Pull requests 1 Releases Activity Actions

Cleanup types and add initial support for the options required for PKCS11.

Browse source
This commit is contained in:
Mariano Cano 2020-01-14 18:42:14 -08:00
parent 9641ab33b8
commit 3f8de17a40
2 changed files with 24 additions and 24 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

17
kms/apiv1/options.go
View file

@ -25,18 +25,27 @@ const (
// DefaultKMS is a KMS implementation using software. // DefaultKMS is a KMS implementation using software.
DefaultKMS Type = "" DefaultKMS Type = ""
// SoftKMS is a KMS implementation using software. // SoftKMS is a KMS implementation using software.
SoftKMS = "softkms" SoftKMS Type = "softkms"
// CloudKMS is a KMS implementation using Google's Cloud KMS. // CloudKMS is a KMS implementation using Google's Cloud KMS.
CloudKMS = "cloudkms" CloudKMS Type = "cloudkms"
// AmazonKMS is a KMS implementation using Amazon AWS KMS. // AmazonKMS is a KMS implementation using Amazon AWS KMS.
AmazonKMS = "awskms" AmazonKMS Type = "awskms"
// PKCS11 is a KMS implementation using the PKCS11 standard. // PKCS11 is a KMS implementation using the PKCS11 standard.
PKCS11 = "pkcs11" PKCS11 Type = "pkcs11"
) )
type Options struct { type Options struct {
// The type of the KMS to use.
Type string `json:"type"` Type string `json:"type"`
// Path to the credentials file used in CloudKMS.
CredentialsFile string `json:"credentialsFile"` CredentialsFile string `json:"credentialsFile"`
// Path to the module used with PKCS11 KMS.
Module string `json:"module"`
// Pin used to access the PKCS11 module.
Pin string `json:"pin"`
} }
// Validate checks the fields in Options. // Validate checks the fields in Options.

23
kms/apiv1/requests.go
View file

@ -5,18 +5,6 @@ import (
"fmt" "fmt"
) )
type KeyType int
const (
// nolint:camelcase
RSA_2048 KeyType = iota
RSA_3072
RSA_4096
EC_P256
EC_P384
EC_P512
)
// ProtectionLevel specifies on some KMS how cryptographic operations are // ProtectionLevel specifies on some KMS how cryptographic operations are
// performed. // performed.
type ProtectionLevel int type ProtectionLevel int
@ -112,11 +100,9 @@ type GetPublicKeyResponse struct {
} }
type CreateKeyRequest struct { type CreateKeyRequest struct {
Parent string
Name string Name string
Type KeyType
Bits int
SignatureAlgorithm SignatureAlgorithm SignatureAlgorithm SignatureAlgorithm
Bits int
// ProtectionLevel specifies how cryptographic operations are performed. // ProtectionLevel specifies how cryptographic operations are performed.
// Used by: cloudkms // Used by: cloudkms
@ -127,10 +113,15 @@ type CreateKeyResponse struct {
Name string Name string
PublicKey crypto.PublicKey PublicKey crypto.PublicKey
PrivateKey crypto.PrivateKey PrivateKey crypto.PrivateKey
CreateSignerRequest CreateSignerRequest
} }
type CreateSignerRequest struct { type CreateSignerRequest struct {
Signer crypto.Signer
SigningKey string SigningKey string
SigningKeyPEM []byte SigningKeyPEM []byte
Password string TokenLabel string
PublicKey string
PublicKeyPEM []byte
Password []byte
} }