certificates/kms/apiv1/options.go

93 lines
2.2 KiB
Go
Raw Normal View History

2020-01-10 02:41:13 +00:00
package apiv1
import (
"crypto"
"crypto/x509"
2020-01-10 02:41:13 +00:00
"strings"
"github.com/pkg/errors"
)
// KeyManager is the interface implemented by all the KMS.
type KeyManager interface {
GetPublicKey(req *GetPublicKeyRequest) (crypto.PublicKey, error)
CreateKey(req *CreateKeyRequest) (*CreateKeyResponse, error)
CreateSigner(req *CreateSignerRequest) (crypto.Signer, error)
Close() error
}
// CertificateManager is the interface implemented by the KMS that can load and
// store x509.Certificates.
type CertificateManager interface {
LoadCerticate(req *LoadCertificateRequest) (*x509.Certificate, error)
StoreCertificate(req *StoreCertificateRequest) error
}
2020-01-10 02:41:13 +00:00
// ErrNotImplemented
type ErrNotImplemented struct {
msg string
}
func (e ErrNotImplemented) Error() string {
if e.msg != "" {
return e.msg
}
return "not implemented"
}
// Type represents the KMS type used.
type Type string
const (
// DefaultKMS is a KMS implementation using software.
DefaultKMS Type = ""
// SoftKMS is a KMS implementation using software.
SoftKMS Type = "softkms"
2020-01-10 02:41:13 +00:00
// CloudKMS is a KMS implementation using Google's Cloud KMS.
CloudKMS Type = "cloudkms"
2020-01-10 02:41:13 +00:00
// AmazonKMS is a KMS implementation using Amazon AWS KMS.
AmazonKMS Type = "awskms"
2020-01-10 02:41:13 +00:00
// PKCS11 is a KMS implementation using the PKCS11 standard.
PKCS11 Type = "pkcs11"
2020-05-08 01:22:09 +00:00
// YubiKey is a KMS implementation using a YubiKey PIV.
YubiKey Type = "yubikey"
2020-01-10 02:41:13 +00:00
)
type Options struct {
// The type of the KMS to use.
Type string `json:"type"`
// Path to the credentials file used in CloudKMS and AmazonKMS.
2020-01-10 02:41:13 +00:00
CredentialsFile string `json:"credentialsFile"`
// Path to the module used with PKCS11 KMS.
Module string `json:"module"`
// Pin used to access the PKCS11 module.
Pin string `json:"pin"`
// Region to use in AmazonKMS.
Region string `json:"region"`
// Profile to use in AmazonKMS.
Profile string `json:"profile"`
2020-01-10 02:41:13 +00:00
}
// Validate checks the fields in Options.
func (o *Options) Validate() error {
if o == nil {
return nil
}
switch Type(strings.ToLower(o.Type)) {
case DefaultKMS, SoftKMS, CloudKMS, AmazonKMS:
2020-05-08 01:22:09 +00:00
case YubiKey:
2020-01-10 02:41:13 +00:00
case PKCS11:
return ErrNotImplemented{"support for PKCS11 is not yet implemented"}
default:
return errors.Errorf("unsupported kms type %s", o.Type)
}
return nil
}