pki

package
v0.14.3-rc.1.badger2 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Apr 13, 2020 License: Apache-2.0 Imports: 28 Imported by: 4

Documentation

Index

Constants

This section is empty.

Variables

View Source
var SSHTemplateData = map[string]string{

	"include.tpl": `Host *
{{- if or .User.GOOS "none" | eq "windows" }}
	Include "{{ .User.StepPath | replace "\\" "/" | trimPrefix "C:" }}/ssh/config"
{{- else }}
	Include "{{.User.StepPath}}/ssh/config"
{{- end }}`,

	"config.tpl": `Match exec "step ssh check-host %h"
	ForwardAgent yes
{{- if .User.User }}
	User {{.User.User}}
{{- end }}
{{- if or .User.GOOS "none" | eq "windows" }}
	UserKnownHostsFile "{{.User.StepPath}}\ssh\known_hosts"
	ProxyCommand C:\Windows\System32\cmd.exe /c step ssh proxycommand %r %h %p
{{- else }}
	UserKnownHostsFile "{{.User.StepPath}}/ssh/known_hosts"
	ProxyCommand step ssh proxycommand %r %h %p
{{- end }}
`,

	"known_hosts.tpl": `@cert-authority * {{.Step.SSH.HostKey.Type}} {{.Step.SSH.HostKey.Marshal | toString | b64enc}}
{{- range .Step.SSH.HostFederatedKeys}}
@cert-authority * {{.Type}} {{.Marshal | toString | b64enc}}
{{- end }}
`,

	"sshd_config.tpl": `TrustedUserCAKeys /etc/ssh/ca.pub
HostCertificate /etc/ssh/{{.User.Certificate}}
HostKey /etc/ssh/{{.User.Key}}`,

	"ca.tpl": `{{.Step.SSH.UserKey.Type}} {{.Step.SSH.UserKey.Marshal | toString | b64enc}}
{{- range .Step.SSH.UserFederatedKeys}}
{{.Type}} {{.Marshal | toString | b64enc}}
{{- end }}
`,
}

SSHTemplateData contains the data of the default templates used on ssh.

View Source
var SSHTemplates = &templates.SSHTemplates{
	User: []templates.Template{
		{Name: "include.tpl", Type: templates.Snippet, TemplatePath: "templates/ssh/include.tpl", Path: "~/.ssh/config", Comment: "#"},
		{Name: "config.tpl", Type: templates.File, TemplatePath: "templates/ssh/config.tpl", Path: "ssh/config", Comment: "#"},
		{Name: "known_hosts.tpl", Type: templates.File, TemplatePath: "templates/ssh/known_hosts.tpl", Path: "ssh/known_hosts", Comment: "#"},
	},
	Host: []templates.Template{
		{Name: "sshd_config.tpl", Type: templates.Snippet, TemplatePath: "templates/ssh/sshd_config.tpl", Path: "/etc/ssh/sshd_config", Comment: "#"},
		{Name: "ca.tpl", Type: templates.Snippet, TemplatePath: "templates/ssh/ca.tpl", Path: "/etc/ssh/ca.pub", Comment: "#"},
	},
}

SSHTemplates contains the configuration of default templates used on ssh. Relative paths are relative to the StepPath.

Functions

func GetConfigPath

func GetConfigPath() string

GetConfigPath returns the directory where the configuration files are stored based on the STEPPATH environment variable.

func GetDBPath

func GetDBPath() string

GetDBPath returns the path where the file-system persistence is stored based on the STEPPATH environment variable.

func GetOTTKeyPath

func GetOTTKeyPath() string

GetOTTKeyPath returns the path where the one-time token key is stored based on the STEPPATH environment variable.

func GetProvisionerKey

func GetProvisionerKey(caURL, rootFile, kid string) (string, error)

GetProvisionerKey returns the encrypted provisioner key with the for the given kid.

func GetProvisioners

func GetProvisioners(caURL, rootFile string) (provisioner.List, error)

GetProvisioners returns the map of provisioners on the given CA.

func GetPublicPath

func GetPublicPath() string

GetPublicPath returns the directory where the public keys are stored based on the STEPPATH environment variable.

func GetRootCAPath

func GetRootCAPath() string

GetRootCAPath returns the path where the root CA is stored based on the STEPPATH environment variable.

func GetSecretsPath

func GetSecretsPath() string

GetSecretsPath returns the directory where the private keys are stored based on the STEPPATH environment variable.

func GetTemplatesPath added in v0.14.0

func GetTemplatesPath() string

GetTemplatesPath returns the path where the templates are stored.

Types

type Option

type Option func(c *authority.Config) error

Option is the type for modifiers over the auth config object.

func WithDefaultDB

func WithDefaultDB() Option

WithDefaultDB is a configuration modifier that adds a default DB stanza to the authority config.

func WithoutDB

func WithoutDB() Option

WithoutDB is a configuration modifier that adds a default DB stanza to the authority config.

type PKI

type PKI struct {
	// contains filtered or unexported fields
}

PKI represents the Public Key Infrastructure used by a certificate authority.

func New

func New() (*PKI, error)

New creates a new PKI configuration.

func (*PKI) GenerateConfig

func (p *PKI) GenerateConfig(opt ...Option) (*authority.Config, error)

GenerateConfig returns the step certificates configuration.

func (*PKI) GenerateIntermediateCertificate

func (p *PKI) GenerateIntermediateCertificate(name string, rootCrt *x509.Certificate, rootKey interface{}, pass []byte) error

GenerateIntermediateCertificate generates an intermediate certificate with the given name.

func (*PKI) GenerateKeyPairs

func (p *PKI) GenerateKeyPairs(pass []byte) error

GenerateKeyPairs generates the key pairs used by the certificate authority.

func (*PKI) GenerateRootCertificate

func (p *PKI) GenerateRootCertificate(name string, pass []byte) (*x509.Certificate, interface{}, error)

GenerateRootCertificate generates a root certificate with the given name.

func (*PKI) GenerateSSHSigningKeys

func (p *PKI) GenerateSSHSigningKeys(password []byte) error

GenerateSSHSigningKeys generates and encrypts a private key used for signing SSH user certificates and a private key used for signing host certificates.

func (*PKI) GetCAConfigPath

func (p *PKI) GetCAConfigPath() string

GetCAConfigPath returns the path of the CA configuration file.

func (*PKI) GetRootFingerprint

func (p *PKI) GetRootFingerprint() string

GetRootFingerprint returns the root fingerprint.

func (*PKI) Save

func (p *PKI) Save(opt ...Option) error

Save stores the pki on a json file that will be used as the certificate authority configuration.

func (*PKI) SetAddress

func (p *PKI) SetAddress(s string)

SetAddress sets the listening address of the CA.

func (*PKI) SetCAURL

func (p *PKI) SetCAURL(s string)

SetCAURL sets the ca-url to use in the defaults.json.

func (*PKI) SetDNSNames

func (p *PKI) SetDNSNames(s []string)

SetDNSNames sets the dns names of the CA.

func (*PKI) SetProvisioner

func (p *PKI) SetProvisioner(s string)

SetProvisioner sets the provisioner name of the OTT keys.

func (*PKI) TellPKI

func (p *PKI) TellPKI()

TellPKI outputs the locations of public and private keys generated generated for a new PKI. Generally this will consist of a root certificate and key and an intermediate certificate and key.

func (*PKI) WriteRootCertificate

func (p *PKI) WriteRootCertificate(rootCrt *x509.Certificate, rootKey interface{}, pass []byte) error

WriteRootCertificate writes to disk the given certificate and key.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL