Documentation
¶
Overview ¶
Package certificateauthority implements an x509 certificate authority.
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type CertificateAuthority ¶
type CertificateAuthority struct {
// The amount of allowable clock drift between the systems between
// which certificates are exchanged.
DriftMargin time.Duration
// The keycrypt secret that contains the PEM-encoded private key.
PrivateKey keycrypt.Secret
// Contains the PEM-encoded Certificate.
Certificate string
// The ssh certificate signer. Populated by Init().
Signer ssh.Signer
}
CertificateAuthority is a ssh certificate authority.
func (*CertificateAuthority) Init ¶
func (ca *CertificateAuthority) Init() error
Init initializes the certificate authority. Init extracts the authority certificate and private key from ca.Signer.
func (CertificateAuthority) IssueWithKeyUsage ¶
func (ca CertificateAuthority) IssueWithKeyUsage(cr CertificateRequest) (string, error)
type CertificateRequest ¶
type CertificateRequest struct {
// SSH Public Key that is being signed
SshPublicKey []byte
// List of host names, or usernames that will be added to the cert
Principals []string
// How long this certificate should be valid for
Ttl time.Duration
// What identifier should be included in the request
// This value will be used in logging
KeyID string
CertType string // either "user" or "host"
CriticalOptions []string
// Extensions to assign to the ssh Certificate
// The default allow basic function - permit-pty is usually required
// map[string]string{
// "permit-X11-forwarding": "",
// "permit-agent-forwarding": "",
// "permit-port-forwarding": "",
// "permit-pty": "",
// "permit-user-rc": "",
// }
Extensions []string
}
Source Files
Click to show internal directories.
Click to hide internal directories.