certgen

package

v1.4.9 Latest Latest Go to latest Published: Dec 5, 2018 License: Apache-2.0 Imports: 15 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/sidgod/keymaster

Links

Open Source Insights

Documentation ¶

Overview ¶

Package certgen id set of utilities used to generate ssh certificates

Index ¶

func GenSSHCertFileString(username string, userPubKey string, signer ssh.Signer, host_identity string, ...) (string, []byte, error)
func GenSSHCertFileStringFromSSSDPublicKey(userName string, signer ssh.Signer, hostIdentity string, ...) (string, []byte, error)
func GenSelfSignedCACert(commonName string, organization string, caPriv crypto.Signer) ([]byte, error)
func GenUserX509Cert(userName string, userPub interface{}, caCert *x509.Certificate, ...) ([]byte, error)
func GetSignerFromPEMBytes(privateKey []byte) (crypto.Signer, error)
func GetUserPubKeyFromSSSD(username string) (string, error)
type KRB5PrincipalName
type KerberosPrincipal
type PKInitSANAnotherName

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func GenSSHCertFileString ¶

func GenSSHCertFileString(username string, userPubKey string, signer ssh.Signer, host_identity string, duration time.Duration) (string, []byte, error)

gen_user_cert a username and key, returns a short lived cert for that user

func GenSSHCertFileStringFromSSSDPublicKey ¶

func GenSSHCertFileStringFromSSSDPublicKey(userName string, signer ssh.Signer, hostIdentity string, duration time.Duration) (string, []byte, error)

func GenSelfSignedCACert ¶

func GenSelfSignedCACert(commonName string, organization string, caPriv crypto.Signer) ([]byte, error)

return both an internal representation an the pem representation of the string As long as the issuer value matches THEN the serial number can be different every time

func GenUserX509Cert ¶

func GenUserX509Cert(userName string, userPub interface{},
	caCert *x509.Certificate, caPriv crypto.Signer,
	kerberosRealm *string, duration time.Duration,
	groups []string, organizations []string) ([]byte, error)

returns an x509 cert that has the username in the common name, optionally if a kerberos Realm is present it will also add a kerberos SAN exention for pkinit

func GetSignerFromPEMBytes ¶

func GetSignerFromPEMBytes(privateKey []byte) (crypto.Signer, error)

func GetUserPubKeyFromSSSD ¶

func GetUserPubKeyFromSSSD(username string) (string, error)

GetUserPubKeyFromSSSD user authorized keys content based on the running sssd configuration

Types ¶

type KRB5PrincipalName ¶

type KRB5PrincipalName struct {
	Realm     string            `asn1:"explicit,tag:0"`
	Principal KerberosPrincipal `asn1:"explicit,tag:1"`
}

From RFC 4556 section 3.2.2 (https://tools.ietf.org/html/rfc4556.html)

type KerberosPrincipal ¶

type KerberosPrincipal struct {
	Len       int      `asn1:"explicit,tag:0"`
	Principal []string `asn1:"explicit,tag:1"`
}

From RFC 4120 section 5.2.2 (https://tools.ietf.org/html/rfc4120)

type PKInitSANAnotherName ¶

type PKInitSANAnotherName struct {
	Id    asn1.ObjectIdentifier
	Value KRB5PrincipalName `asn1:"explicit,tag:0"`
}

Source Files ¶

View all Source files

certgen.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL