Documentation
¶
Index ¶
- Variables
- func DefaultCACertSerialGenerator() func(CSR) (uint64, error)
- func DefaultCAGetHostCertSigner(c *DefaultCA) (ssh.Signer, error)
- func DefaultCAGetUserCertSigner(c *DefaultCA) (ssh.Signer, error)
- func DefaultCAMaxValidityForCertificates(seconds uint64) uint64
- func DefaultCARandomProvider() (io.Reader, error)
- func DefaultCARefreshKeys(c *DefaultCA) error
- func SignCert(ca CA, csr CSR) (*ssh.Certificate, error)
- type CA
- type CAMaxValidityForCertificates
- type CSR
- type CSRCriticalOptions
- type CSRExtensions
- type CSRValidity
- type DefaultCA
- func (c *DefaultCA) CertSerialGenerator() func(CSR) (uint64, error)
- func (c *DefaultCA) GetCAMaxValidityForHostCertificates() uint64
- func (c *DefaultCA) GetCAMaxValidityForUserCertificates() uint64
- func (c *DefaultCA) GetHostCertSigner(CSR) (ssh.Signer, error)
- func (c *DefaultCA) GetUserCertSigner(CSR) (ssh.Signer, error)
- func (c *DefaultCA) RandomProvider() (io.Reader, error)
- func (c *DefaultCA) RefreshKeys() error
- func (c *DefaultCA) SignCert(csr CSR) (*ssh.Certificate, error)
- type DefaultCSR
- func (c *DefaultCSR) GetCertType() uint32
- func (c *DefaultCSR) GetCriticalOptions() map[string]string
- func (c *DefaultCSR) GetExtensions() map[string]string
- func (c *DefaultCSR) GetPrincipals() []string
- func (c *DefaultCSR) GetPubKey() *ssh.PublicKey
- func (c *DefaultCSR) GetValidAfter() uint64
- func (c *DefaultCSR) GetValidBefore() uint64
- func (c *DefaultCSR) SetCertType(certType uint32)
- func (c *DefaultCSR) SetCriticalOptions(options map[string]string)
- func (c *DefaultCSR) SetExtensions(extensions map[string]string)
- func (c *DefaultCSR) SetPrincipals(principals []string)
- func (c *DefaultCSR) SetPubkey(key *ssh.PublicKey)
- func (c *DefaultCSR) SetValidAfter(validAfter uint64)
- func (c *DefaultCSR) SetValidBefore(validBefore uint64)
Constants ¶
This section is empty.
Variables ¶
var DefaultCertValidityPeriodInSeconds = uint64(5 * 24 * 3600)
Functions ¶
func DefaultCACertSerialGenerator ¶
DefaultCACertSerialGenerator is a helper implementation of CertSerialGenerator provided for the benefit of CA implementations modeled after DefaultCA using an alias type definition
func DefaultCAGetHostCertSigner ¶
DefaultCAGetHostCertSigner is a helper implementation of GetHostCertSigner provided for the benefit of CA implementations modeled after DefaultCA using an alias type definition
func DefaultCAGetUserCertSigner ¶
DefaultCAGetUserCertSigner is a helper implementation of GetUserCertSigner provided for the benefit of CA implementations modeled after DefaultCA using an alias type definition
func DefaultCAMaxValidityForCertificates ¶
DefaultCAMaxValidityForCertificates is a helper implementation of CAMaxValidityForCertificates provided for the benefit of CA implementations modeled after DefaultCA using an alias type definition
func DefaultCARandomProvider ¶
DefaultCARandomProvider is a helper implementation of RandomProvider provided for the benefit of CA implementations modeled after DefaultCA using an alias type definition
func DefaultCARefreshKeys ¶
DefaultCARefreshKeys is a helper implementation of RefreshKeys provided for the benefit of CA implementations modeled after DefaultCA using an alias type definition
Types ¶
type CA ¶
type CA interface {
RandomProvider() (io.Reader, error)
RefreshKeys() error
SignCert(CSR) (*ssh.Certificate, error)
GetHostCertSigner(CSR) (ssh.Signer, error)
GetUserCertSigner(CSR) (ssh.Signer, error)
CertSerialGenerator() func(CSR) (uint64, error)
}
CA interface is the de-facto interface for all CA implementations to follow
type CAMaxValidityForCertificates ¶
type CAMaxValidityForCertificates interface {
GetCAMaxValidityInSecondsForUserCertificates() uint64
GetCAMaxValidityInSecondsForHostCertificates() uint64
}
CAMaxValidityForCertificates is an interface that CA implementations can implement to set a max validity duration for certs signed by them
type CSRCriticalOptions ¶
type CSRExtensions ¶
type CSRValidity ¶
type DefaultCA ¶
type DefaultCA struct {
HostSigner ssh.Signer
UserSigner ssh.Signer
RefreshSigners func(*DefaultCA) error
HostCertsMaxValidity uint64
UserCertsMaxValidity uint64
}
DefaultCA is a default model implementation of the CA interface.
func NewAWSDefaultCA ¶
func NewAWSDefaultCA(hostSignerKeyPEMSecretPath string, hostSignerKeySecretSvc secretsmanageriface.SecretsManagerAPI, userSignerKeyPEMSecretPath string, userSignerKeySecretSvc secretsmanageriface.SecretsManagerAPI, maxHostCertsValidityDays int, maxUserCertsValidityDays int) (*DefaultCA, error)
NewAWSDefaultCA is a helper func to bootstrap a DefaultCA with CA keys fetched from AWS' secrets manager service. Requires secret paths for the host cert & user cert signer keys as parameters Requires max certificate validity duration as number of seconds Requires AWS Regions for each of the secrets Requires an AWS session with the appropriate region and credentials to fetch secrets which if nil, the func will try to create one using default configuration made available by the running environment.
func (*DefaultCA) CertSerialGenerator ¶
CertSerialGenerator implementation of the CA interface for DefaultCA
func (*DefaultCA) GetCAMaxValidityForHostCertificates ¶
GetCAMaxValidityForHostCertificates implementation for DefaultCA
func (*DefaultCA) GetCAMaxValidityForUserCertificates ¶
GetCAMaxValidityForUserCertificates implementation for DefaultCA
func (*DefaultCA) GetHostCertSigner ¶
GetHostCertSigner implementation of the CA interface for DefaultCA
func (*DefaultCA) GetUserCertSigner ¶
GetUserCertSigner implementation of the CA interface for DefaultCA
func (*DefaultCA) RandomProvider ¶
RandomProvider implementation of the CA interface for DefaultCA
func (*DefaultCA) RefreshKeys ¶
RefreshKeys implementation of the CA interface for DefaultCA
type DefaultCSR ¶
type DefaultCSR struct {
PublicKey *ssh.PublicKey
Principals []string
CertType uint32
CertExtensions map[string]string
CriticalOptions map[string]string
ValidAfter *uint64
ValidBefore *uint64
}
func (*DefaultCSR) GetCertType ¶
func (c *DefaultCSR) GetCertType() uint32
func (*DefaultCSR) GetCriticalOptions ¶
func (c *DefaultCSR) GetCriticalOptions() map[string]string
func (*DefaultCSR) GetExtensions ¶
func (c *DefaultCSR) GetExtensions() map[string]string
func (*DefaultCSR) GetPrincipals ¶
func (c *DefaultCSR) GetPrincipals() []string
func (*DefaultCSR) GetPubKey ¶
func (c *DefaultCSR) GetPubKey() *ssh.PublicKey
func (*DefaultCSR) GetValidAfter ¶
func (c *DefaultCSR) GetValidAfter() uint64
func (*DefaultCSR) GetValidBefore ¶
func (c *DefaultCSR) GetValidBefore() uint64
func (*DefaultCSR) SetCertType ¶
func (c *DefaultCSR) SetCertType(certType uint32)
func (*DefaultCSR) SetCriticalOptions ¶
func (c *DefaultCSR) SetCriticalOptions(options map[string]string)
func (*DefaultCSR) SetExtensions ¶
func (c *DefaultCSR) SetExtensions(extensions map[string]string)
func (*DefaultCSR) SetPrincipals ¶
func (c *DefaultCSR) SetPrincipals(principals []string)
func (*DefaultCSR) SetPubkey ¶
func (c *DefaultCSR) SetPubkey(key *ssh.PublicKey)
func (*DefaultCSR) SetValidAfter ¶
func (c *DefaultCSR) SetValidAfter(validAfter uint64)
func (*DefaultCSR) SetValidBefore ¶
func (c *DefaultCSR) SetValidBefore(validBefore uint64)
Source Files