4.开始使用
4.1 导入依赖模块
Copied!
import (
"fmt"
"os"
"github.com/huaweicloud/huaweicloud-sdk-go-v3/core/auth/global"
"github.com/huaweicloud/huaweicloud-sdk-go-v3/core/config"
ccmV1 "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/ccm/v1"
ccmModel "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/ccm/v1/model"
"github.com/huaweicloud/huaweicloud-sdk-go-v3/services/ccm/v1/region"
"log"
)
4.2 初始化认证信息
Copied!
credentials := global.NewCredentialsBuilder().
WithAk(ak).
WithSk(sk).
WithDomainId(domainId).
Build()
4.3 初始化云证书管理服务客户端
Copied!
ccmClient := ccmV1.NewCcmClient(ccmV1.CcmClientBuilder().
WithCredential(credentials).
WithEndpoint(ccmEndpoint).
WithHttpConfig(config.DefaultHttpConfig()).
Build())
4.4 示例代码
Copied!
package main
import (
"fmt"
"os"
"github.com/huaweicloud/huaweicloud-sdk-go-v3/core/auth/global"
"github.com/huaweicloud/huaweicloud-sdk-go-v3/core/config"
ccmV1 "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/ccm/v1"
ccmModel "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/ccm/v1/model"
"github.com/huaweicloud/huaweicloud-sdk-go-v3/services/ccm/v1/region"
"log"
)
func main() {
ak := os.Getenv("HUAWEICLOUD_SDK_AK")
sk := os.Getenv("HUAWEICLOUD_SDK_SK")
domainId := "your domainId"
ccmEndpoint := "ccm endpoint"
credentials := global.NewCredentialsBuilder().
WithAk(ak).
WithSk(sk).
WithDomainId(domainId).
Build()
ccmClient := ccmV1.NewCcmClient(
ccmV1.CcmClientBuilder().
WithCredential(credentials).
WithEndpoint(ccmEndpoint).
WithHttpConfig(config.DefaultHttpConfig()).
Build())
issuerId := "0a6a48db-cadb-445f-a8ed-a38df0b457e8"
keyAlgorithm := "RSA2048"
signatureAlgorithm := "SHA512"
validity := ccmModel.Validity{Type: "YEAR", Value: 1}
Organization := "your organization"
OrganizationalUnit := "your unit"
Country := "CN"
State := "your state"
Locality := "your locality"
CommonName := "common name"
subjectInfo := ccmModel.CertDistinguishedName{
Organization: &Organization,
OrganizationalUnit: &OrganizationalUnit,
Country: &Country,
State: &State,
Locality: &Locality,
CommonName: CommonName}
var keyUsages = []string{"digitalSignature", "keyAgreement"}
alterNameDNS := ccmModel.SubjectAlternativeName{Type: "DNS", Value: "*.example.com"}
alterNameIP := ccmModel.SubjectAlternativeName{Type: "IP", Value: "192.168.9.1"}
alterNameEmail := ccmModel.SubjectAlternativeName{Type: "EMAIL", Value: "yourEmail"}
var subjectAlternativeName = []ccmModel.SubjectAlternativeName{alterNameDNS, alterNameIP, alterNameEmail}
var ServerAuth = true
var ClientAuth = true
extendedKeyUsage := ccmModel.ExtendedKeyUsage{ServerAuth: &ServerAuth, ClientAuth: &ClientAuth}
requestBody := ccmModel.CreateCertificateRequestBody{
IssuerId: issuerId,
KeyAlgorithm: keyAlgorithm,
SignatureAlgorithm: signatureAlgorithm,
Validity: &validity,
DistinguishedName: &subjectInfo,
KeyUsages: &keyUsages,
SubjectAlternativeNames: &subjectAlternativeName,
ExtendedKeyUsage: &extendedKeyUsage}
request := ccmModel.CreateCertificateRequest{Body: &requestBody}
response, err := ccmClient.CreateCertificate(&request)
if err != nil {
fmt.Println(err)
return
}
log.Println(response.String())
}
1.简介
本示例基于华为云SDK V3.0版本开发,华为云提供了CCM服务端SDK,您可以直接集成服务端SDK来调用CCM的相关API,从而实现对CCM的快速操作。 该示例展示如何通过CCM服务创建终端实体证书。
2.开发前准备
3.安装sdk
参考华为云CCM开发工具包(SDK)引入CCM Go SDK,具体的SDK版本号请参见 SDK开发中心 。
4.开始使用
4.1 导入依赖模块
import ( "fmt" "os" "github.com/huaweicloud/huaweicloud-sdk-go-v3/core/auth/global" "github.com/huaweicloud/huaweicloud-sdk-go-v3/core/config" ccmV1 "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/ccm/v1" ccmModel "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/ccm/v1/model" "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/ccm/v1/region" "log" )
4.2 初始化认证信息
4.3 初始化云证书管理服务客户端
4.4 示例代码
package main import ( "fmt" "os" "github.com/huaweicloud/huaweicloud-sdk-go-v3/core/auth/global" "github.com/huaweicloud/huaweicloud-sdk-go-v3/core/config" ccmV1 "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/ccm/v1" ccmModel "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/ccm/v1/model" "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/ccm/v1/region" "log" ) func main() { // 1.基础认证信息: // ak: 华为云账号Access Key // sk: 华为云账号Secret Access Key // domainId: 租户账号ID // ccmEndpoint: 华为云CCM服务(PCA属于CCM下的微服务)的访问终端地址 // 认证用的ak和sk硬编码到代码中或者明文存储都有很大的安全风险,建议在配置文件或者环境变量中密文存放,使用时解密,确保安全; // 本示例以ak和sk保存在环境变量中来实现身份验证为例,运行本示例前请先在本地环境中设置环境变量HUAWEICLOUD_SDK_AK和HUAWEICLOUD_SDK_SK。 ak := os.Getenv("HUAWEICLOUD_SDK_AK") sk := os.Getenv("HUAWEICLOUD_SDK_SK") domainId := "your domainId" ccmEndpoint := "ccm endpoint" // 2.初始化SDK,传入认证信息及CCM局点信息 credentials := global.NewCredentialsBuilder(). WithAk(ak). WithSk(sk). WithDomainId(domainId). Build() ccmClient := ccmV1.NewCcmClient( ccmV1.CcmClientBuilder(). WithCredential(credentials). WithEndpoint(ccmEndpoint). WithHttpConfig(config.DefaultHttpConfig()). Build()) // 3.组装请求体 // (1)用于签发证书的CA的ID,该CA需要处于激活状态(ACTIVED) issuerId := "0a6a48db-cadb-445f-a8ed-a38df0b457e8" // (2)证书密钥算法 keyAlgorithm := "RSA2048" // (3)签名哈希算法 signatureAlgorithm := "SHA512" /* * (4)证书有效期定义 * - type: 时间类型,可选:"YEAR"、"MONTH"、”DAY“、"HOUR" * - value: 对应的值 */ validity := ccmModel.Validity{Type: "YEAR", Value: 1} /* * (5)定义CA证书的唯一标识信息 * - organization: 组织名称 * - organizationalUnit: 部门名称 * - country: 国家缩写,仅限两个字符,如中国-CN * - state: 省市名称 * - locality: 城市名称 * - commonName: 证书域名或IP */ Organization := "your organization" OrganizationalUnit := "your unit" Country := "CN" State := "your state" Locality := "your locality" CommonName := "common name" subjectInfo := ccmModel.CertDistinguishedName{ Organization: &Organization, OrganizationalUnit: &OrganizationalUnit, Country: &Country, State: &State, Locality: &Locality, CommonName: CommonName} /* * (6)密钥用法,服务器证书通常只赋予keyAgreement与digitalSignature,为可选值 * - digitalSignature : 数字签名; * - nonRepudiation : 不可抵赖; * - keyEncipherment : 密钥用于加密密钥数据; * - dataEncipherment : 用于加密数据; * - keyAgreement : 密钥协商; * - keyCertSign : 签发证书; * - cRLSign : 签发吊销列表; * - encipherOnly : 仅用于加密; * - decipherOnly : 仅用于解密。 */ var keyUsages = []string{"digitalSignature", "keyAgreement"} /* * (7)主体备用名称: 暂时支持DNS、IP、URI与EMAIL,为可选值 * SubjectAlternativeName: * type:类型 * value:对应值 */ // a、添加备用DNS alterNameDNS := ccmModel.SubjectAlternativeName{Type: "DNS", Value: "*.example.com"} // b、添加备用IP alterNameIP := ccmModel.SubjectAlternativeName{Type: "IP", Value: "192.168.9.1"} // b、添加备用email alterNameEmail := ccmModel.SubjectAlternativeName{Type: "EMAIL", Value: "yourEmail"} var subjectAlternativeName = []ccmModel.SubjectAlternativeName{alterNameDNS, alterNameIP, alterNameEmail} /* * (8)增强型密钥用法: * - server_auth : 服务器身份验证,OID为:1.3.6.1.5.5.7.3.1,默认false * - client_auth : 客户端身份验证,OID为:1.3.6.1.5.5.7.3.2,默认false * - code_signing : 代码签名,OID为:1.3.6.1.5.5.7.3.3,默认false * - email_protection : 安全电子邮件,OID为:1.3.6.1.5.5.7.3.4,默认false * - time_stamping : 时间戳,OID为:1.3.6.1.5.5.7.3.8,默认false */ var ServerAuth = true var ClientAuth = true extendedKeyUsage := ccmModel.ExtendedKeyUsage{ServerAuth: &ServerAuth, ClientAuth: &ClientAuth} // (9)请求体各属性赋值 requestBody := ccmModel.CreateCertificateRequestBody{ IssuerId: issuerId, KeyAlgorithm: keyAlgorithm, SignatureAlgorithm: signatureAlgorithm, Validity: &validity, DistinguishedName: &subjectInfo, KeyUsages: &keyUsages, SubjectAlternativeNames: &subjectAlternativeName, ExtendedKeyUsage: &extendedKeyUsage} request := ccmModel.CreateCertificateRequest{Body: &requestBody} // 4.发起请求 response, err := ccmClient.CreateCertificate(&request) if err != nil { fmt.Println(err) return } log.Println(response.String()) }
5.参考
更多信息请参考API Explorer
6.修订记录