forked from TrueCloudLab/certificates
72 lines
2.5 KiB
Go
72 lines
2.5 KiB
Go
|
package webhook
|
||
|
|
||
|
import (
|
||
|
"time"
|
||
|
|
||
|
"go.step.sm/crypto/sshutil"
|
||
|
"go.step.sm/crypto/x509util"
|
||
|
)
|
||
|
|
||
|
// ResponseBody is the body returned by webhook servers.
|
||
|
type ResponseBody struct {
|
||
|
Data any `json:"data"`
|
||
|
Allow bool `json:"allow"`
|
||
|
}
|
||
|
|
||
|
// X509CertificateRequest is the certificate request sent to webhook servers for
|
||
|
// enriching webhooks when signing x509 certificates
|
||
|
type X509CertificateRequest struct {
|
||
|
*x509util.CertificateRequest
|
||
|
PublicKey []byte `json:"publicKey"`
|
||
|
PublicKeyAlgorithm string `json:"publicKeyAlgorithm"`
|
||
|
Raw []byte `json:"raw"`
|
||
|
}
|
||
|
|
||
|
// X509Certificate is the certificate sent to webhook servers for authorizing
|
||
|
// webhooks when signing x509 certificates
|
||
|
type X509Certificate struct {
|
||
|
*x509util.Certificate
|
||
|
PublicKey []byte `json:"publicKey"`
|
||
|
PublicKeyAlgorithm string `json:"publicKeyAlgorithm"`
|
||
|
NotBefore time.Time `json:"notBefore"`
|
||
|
NotAfter time.Time `json:"notAfter"`
|
||
|
}
|
||
|
|
||
|
// SSHCertificateRequest is the certificate request sent to webhook servers for
|
||
|
// enriching webhooks when signing SSH certificates
|
||
|
type SSHCertificateRequest struct {
|
||
|
PublicKey []byte `json:"publicKey"`
|
||
|
Type string `json:"type"`
|
||
|
KeyID string `json:"keyID"`
|
||
|
Principals []string `json:"principals"`
|
||
|
}
|
||
|
|
||
|
// SSHCertificate is the certificate sent to webhook servers for authorizing
|
||
|
// webhooks when signing SSH certificates
|
||
|
type SSHCertificate struct {
|
||
|
*sshutil.Certificate
|
||
|
PublicKey []byte `json:"publicKey"`
|
||
|
SignatureKey []byte `json:"signatureKey"`
|
||
|
ValidBefore uint64 `json:"validBefore"`
|
||
|
ValidAfter uint64 `json:"validAfter"`
|
||
|
}
|
||
|
|
||
|
// AttestationData is data validated by acme device-attest-01 challenge
|
||
|
type AttestationData struct {
|
||
|
PermanentIdentifier string `json:"permanentIdentifier"`
|
||
|
}
|
||
|
|
||
|
// RequestBody is the body sent to webhook servers.
|
||
|
type RequestBody struct {
|
||
|
Timestamp time.Time `json:"timestamp"`
|
||
|
// Only set after successfully completing acme device-attest-01 challenge
|
||
|
AttestationData *AttestationData `json:"attestationData,omitempty"`
|
||
|
// Set for most provisioners, but not acme or scep
|
||
|
// Token any `json:"token,omitempty"`
|
||
|
// Exactly one of the remaining fields should be set
|
||
|
X509CertificateRequest *X509CertificateRequest `json:"x509CertificateRequest,omitempty"`
|
||
|
X509Certificate *X509Certificate `json:"x509Certificate,omitempty"`
|
||
|
SSHCertificateRequest *SSHCertificateRequest `json:"sshCertificateRequest,omitempty"`
|
||
|
SSHCertificate *SSHCertificate `json:"sshCertificate,omitempty"`
|
||
|
}
|