github.com/fastly/go-fastly/v6@v6.8.0/fastly/platform_tls.go (about) 1 package fastly 2 3 import ( 4 "fmt" 5 "reflect" 6 "strconv" 7 "time" 8 9 "github.com/google/jsonapi" 10 ) 11 12 // BulkCertificate represents a bulk certificate. 13 type BulkCertificate struct { 14 ID string `jsonapi:"primary,tls_bulk_certificate"` 15 Configurations []*TLSConfiguration `jsonapi:"relation,tls_configurations,tls_configuration"` 16 Domains []*TLSDomain `jsonapi:"relation,tls_domains,tls_domain"` 17 NotAfter *time.Time `jsonapi:"attr,not_after,iso8601"` 18 NotBefore *time.Time `jsonapi:"attr,not_before,iso8601"` 19 CreatedAt *time.Time `jsonapi:"attr,created_at,iso8601"` 20 UpdatedAt *time.Time `jsonapi:"attr,updated_at,iso8601"` 21 Replace bool `jsonapi:"attr,replace"` 22 } 23 24 // TLSConfiguration represents the dedicated IP address pool that will be used to route traffic from the TLSDomain. 25 type TLSConfiguration struct { 26 ID string `jsonapi:"primary,tls_configuration"` 27 Type string `jsonapi:"attr,type"` 28 } 29 30 // TLSDomain represents a domain (including wildcard domains) that is listed on a certificate's Subject Alternative Names (SAN) list. 31 type TLSDomain struct { 32 ID string `jsonapi:"primary,tls_domain"` 33 Type string `jsonapi:"attr,type"` 34 Activations []*TLSActivation `jsonapi:"relation,tls_activations,omitempty"` 35 Certificates []*CustomTLSCertificate `jsonapi:"relation,tls_certificates,omitempty"` 36 Subscriptions []*TLSSubscription `jsonapi:"relation,tls_subscriptions,omitempty"` 37 } 38 39 // ListBulkCertificatesInput is used as input to the ListBulkCertificates function. 40 type ListBulkCertificatesInput struct { 41 PageNumber int // The page index for pagination. 42 PageSize int // The number of keys per page. 43 FilterTLSDomainsIDMatch string // Filter certificates by their matching, fully-qualified domain name. Returns all partial matches. Must provide a value longer than 3 characters. 44 Sort string // The order in which to list certificates. Valid values are created_at, not_before, not_after. May precede any value with a - for descending. 45 } 46 47 // formatFilters converts user input into query parameters for filtering. 48 func (i *ListBulkCertificatesInput) formatFilters() map[string]string { 49 result := map[string]string{} 50 pairings := map[string]interface{}{ 51 "filter[tls_domains.id][match]": i.FilterTLSDomainsIDMatch, 52 "page[size]": i.PageSize, 53 "page[number]": i.PageNumber, 54 "sort": i.Sort, 55 } 56 for key, value := range pairings { 57 switch v := value.(type) { 58 case int: 59 if v != 0 { 60 result[key] = strconv.Itoa(v) 61 } 62 case string: 63 if v != "" { 64 result[key] = v 65 } 66 } 67 } 68 return result 69 } 70 71 // ListBulkCertificates list all certificates. 72 func (c *Client) ListBulkCertificates(i *ListBulkCertificatesInput) ([]*BulkCertificate, error) { 73 p := "/tls/bulk/certificates" 74 filters := &RequestOptions{ 75 Params: i.formatFilters(), 76 Headers: map[string]string{ 77 "Accept": "application/vnd.api+json", // this is required otherwise the filters don't work 78 }, 79 } 80 81 r, err := c.Get(p, filters) 82 if err != nil { 83 return nil, err 84 } 85 defer r.Body.Close() 86 87 data, err := jsonapi.UnmarshalManyPayload(r.Body, reflect.TypeOf(new(BulkCertificate))) 88 if err != nil { 89 return nil, err 90 } 91 92 bc := make([]*BulkCertificate, len(data)) 93 for i := range data { 94 typed, ok := data[i].(*BulkCertificate) 95 if !ok { 96 return nil, fmt.Errorf("got back a non-BulkCertificate response") 97 } 98 bc[i] = typed 99 } 100 101 return bc, nil 102 } 103 104 // GetBulkCertificateInput is used as input to the GetBulkCertificate function. 105 type GetBulkCertificateInput struct { 106 ID string 107 } 108 109 // GetBulkCertificate retrieve a single certificate. 110 func (c *Client) GetBulkCertificate(i *GetBulkCertificateInput) (*BulkCertificate, error) { 111 if i.ID == "" { 112 return nil, ErrMissingID 113 } 114 115 p := fmt.Sprintf("/tls/bulk/certificates/%s", i.ID) 116 117 r, err := c.Get(p, nil) 118 if err != nil { 119 return nil, err 120 } 121 defer r.Body.Close() 122 123 var bc BulkCertificate 124 if err := jsonapi.UnmarshalPayload(r.Body, &bc); err != nil { 125 return nil, err 126 } 127 128 return &bc, nil 129 } 130 131 // CreateBulkCertificateInput is used as input to the CreateBulkCertificate function. 132 type CreateBulkCertificateInput struct { 133 CertBlob string `jsonapi:"attr,cert_blob"` 134 IntermediatesBlob string `jsonapi:"attr,intermediates_blob"` 135 AllowUntrusted bool `jsonapi:"attr,allow_untrusted_root,omitempty"` 136 Configurations []*TLSConfiguration `jsonapi:"relation,tls_configurations,tls_configuration"` 137 } 138 139 // CreateBulkCertificate create a TLS private key. 140 func (c *Client) CreateBulkCertificate(i *CreateBulkCertificateInput) (*BulkCertificate, error) { 141 if i.CertBlob == "" { 142 return nil, ErrMissingCertBlob 143 } 144 if i.IntermediatesBlob == "" { 145 return nil, ErrMissingIntermediatesBlob 146 } 147 148 p := "/tls/bulk/certificates" 149 150 r, err := c.PostJSONAPI(p, i, nil) 151 if err != nil { 152 return nil, err 153 } 154 defer r.Body.Close() 155 156 var bc BulkCertificate 157 if err := jsonapi.UnmarshalPayload(r.Body, &bc); err != nil { 158 return nil, err 159 } 160 161 return &bc, nil 162 } 163 164 // UpdateBulkCertificateInput is used as input to the UpdateBulkCertificate function. 165 type UpdateBulkCertificateInput struct { 166 ID string `jsonapi:"attr,id"` 167 CertBlob string `jsonapi:"attr,cert_blob"` 168 IntermediatesBlob string `jsonapi:"attr,intermediates_blob,omitempty"` 169 AllowUntrusted bool `jsonapi:"attr,allow_untrusted_root"` 170 } 171 172 // UpdateBulkCertificate replace a certificate with a newly reissued certificate. 173 // By using this endpoint, the original certificate will cease to be used for future TLS handshakes. 174 // Thus, only SAN entries that appear in the replacement certificate will become TLS enabled. 175 // Any SAN entries that are missing in the replacement certificate will become disabled. 176 func (c *Client) UpdateBulkCertificate(i *UpdateBulkCertificateInput) (*BulkCertificate, error) { 177 if i.ID == "" { 178 return nil, ErrMissingID 179 } 180 181 if i.CertBlob == "" { 182 return nil, ErrMissingCertBlob 183 } 184 185 if i.IntermediatesBlob == "" { 186 return nil, ErrMissingIntermediatesBlob 187 } 188 189 path := fmt.Sprintf("/tls/bulk/certificates/%s", i.ID) 190 resp, err := c.PatchJSONAPI(path, i, nil) 191 if err != nil { 192 return nil, err 193 } 194 defer resp.Body.Close() 195 196 var bc BulkCertificate 197 if err := jsonapi.UnmarshalPayload(resp.Body, &bc); err != nil { 198 return nil, err 199 } 200 return &bc, nil 201 } 202 203 // DeleteBulkCertificateInput used for deleting a certificate. 204 type DeleteBulkCertificateInput struct { 205 ID string 206 } 207 208 // DeleteBulkCertificate destroy a certificate. This disables TLS for all domains listed as SAN entries. 209 func (c *Client) DeleteBulkCertificate(i *DeleteBulkCertificateInput) error { 210 if i.ID == "" { 211 return ErrMissingID 212 } 213 214 path := fmt.Sprintf("/tls/bulk/certificates/%s", i.ID) 215 _, err := c.Delete(path, nil) 216 return err 217 }