ca

package

v0.1.0 Latest Latest Go to latest Published: Jan 14, 2024 License: Apache-2.0, Apache-2.0 Imports: 14 Imported by: 1

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/epithet-ssh/epithet

Links

Open Source Insights

Documentation ¶

Index ¶

func Verify(pubkey sshcert.RawPublicKey, token, signature string) error
type AuthToken
type CA
- func New(privateKey sshcert.RawPrivateKey, policyURL string, options ...Option) (*CA, error)
type CertParams
type Option
- func WithHTTPClient(httpClient *http.Client) Option

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func Verify ¶ added in v0.1.0

func Verify(pubkey sshcert.RawPublicKey, token, signature string) error

Types ¶

type AuthToken ¶

type AuthToken struct {
	Provider string
	Token    string
}

AuthToken is the token passed from the plugin through to the CA (and to the ca verifier plugin matching Provider) Token is opaque and can hold whatever the plugins need it to

type CA ¶

type CA struct {
	// contains filtered or unexported fields
}

CA performs CA operations

func New ¶

func New(privateKey sshcert.RawPrivateKey, policyURL string, options ...Option) (*CA, error)

New creates a new CA

func (*CA) PolicyURL ¶ added in v0.1.0

func (c *CA) PolicyURL() string

get the URL of the Policy Server

func (*CA) PublicKey ¶

func (c *CA) PublicKey() sshcert.RawPublicKey

PublicKey returns the ssh on-disk format public key for the CA

func (*CA) RequestPolicy ¶

func (c *CA) RequestPolicy(ctx context.Context, token string) (*CertParams, error)

RequestPolicy requests policy from the policy url

func (*CA) Sign ¶ added in v0.1.0

func (c *CA) Sign(value string) (signature string, err error)

func (*CA) SignPublicKey ¶

func (c *CA) SignPublicKey(rawPubKey sshcert.RawPublicKey, params *CertParams) (sshcert.RawCertificate, error)

SignPublicKey signs a key to generate a certificate

type CertParams ¶

type CertParams struct {
	Identity   string            `json:"identity"`
	Names      []string          `json:"principals"`
	Expiration time.Duration     `json:"expiration"`
	Extensions map[string]string `json:"extensions"`
}

CertParams are options which can be set on a certificate

type Option ¶

type Option interface {
	// contains filtered or unexported methods
}

Option configures the agent

func WithHTTPClient ¶

func WithHTTPClient(httpClient *http.Client) Option

WithHTTPClient configures the CA to use the specified HTTP Client

Source Files ¶

View all Source files

ca.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL