forked from TrueCloudLab/certificates
Cleanup types and add initial support for the options required for PKCS11.
This commit is contained in:
Mariano Cano
parent
9641ab33b8
commit
3f8de17a40
2 changed files with 24 additions and 24 deletions
|
|
@ -25,18 +25,27 @@ const (
|
|||
// DefaultKMS is a KMS implementation using software.
|
||||
DefaultKMS Type = ""
|
||||
// SoftKMS is a KMS implementation using software.
|
||||
SoftKMS = "softkms"
|
||||
SoftKMS Type = "softkms"
|
||||
// CloudKMS is a KMS implementation using Google's Cloud KMS.
|
||||
CloudKMS = "cloudkms"
|
||||
CloudKMS Type = "cloudkms"
|
||||
// AmazonKMS is a KMS implementation using Amazon AWS KMS.
|
||||
AmazonKMS = "awskms"
|
||||
AmazonKMS Type = "awskms"
|
||||
// PKCS11 is a KMS implementation using the PKCS11 standard.
|
||||
PKCS11 = "pkcs11"
|
||||
PKCS11 Type = "pkcs11"
|
||||
)
|
||||
|
||||
type Options struct {
|
||||
// The type of the KMS to use.
|
||||
Type string `json:"type"`
|
||||
|
||||
// Path to the credentials file used in CloudKMS.
|
||||
CredentialsFile string `json:"credentialsFile"`
|
||||
|
||||
// Path to the module used with PKCS11 KMS.
|
||||
Module string `json:"module"`
|
||||
|
||||
// Pin used to access the PKCS11 module.
|
||||
Pin string `json:"pin"`
|
||||
}
|
||||
|
||||
// Validate checks the fields in Options.
|
||||
|
|
|
|||
|
|
@ -5,18 +5,6 @@ import (
|
|||
"fmt"
|
||||
)
|
||||
|
||||
type KeyType int
|
||||
|
||||
const (
|
||||
// nolint:camelcase
|
||||
RSA_2048 KeyType = iota
|
||||
RSA_3072
|
||||
RSA_4096
|
||||
EC_P256
|
||||
EC_P384
|
||||
EC_P512
|
||||
)
|
||||
|
||||
// ProtectionLevel specifies on some KMS how cryptographic operations are
|
||||
// performed.
|
||||
type ProtectionLevel int
|
||||
|
|
@ -112,11 +100,9 @@ type GetPublicKeyResponse struct {
|
|||
}
|
||||
|
||||
type CreateKeyRequest struct {
|
||||
Parent string
|
||||
Name string
|
||||
Type KeyType
|
||||
Bits int
|
||||
SignatureAlgorithm SignatureAlgorithm
|
||||
Bits int
|
||||
|
||||
// ProtectionLevel specifies how cryptographic operations are performed.
|
||||
// Used by: cloudkms
|
||||
|
|
@ -127,10 +113,15 @@ type CreateKeyResponse struct {
|
|||
Name string
|
||||
PublicKey crypto.PublicKey
|
||||
PrivateKey crypto.PrivateKey
|
||||
CreateSignerRequest CreateSignerRequest
|
||||
}
|
||||
|
||||
type CreateSignerRequest struct {
|
||||
Signer crypto.Signer
|
||||
SigningKey string
|
||||
SigningKeyPEM []byte
|
||||
Password string
|
||||
TokenLabel string
|
||||
PublicKey string
|
||||
PublicKeyPEM []byte
|
||||
Password []byte
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in a new issue