Documentation ¶
Index ¶
- Variables
- func GetConfigPath() string
- func GetDBPath() string
- func GetOTTKeyPath() string
- func GetProvisionerKey(caURL, rootFile, kid string) (string, error)
- func GetProvisioners(caURL, rootFile string) (provisioner.List, error)
- func GetPublicPath() string
- func GetRootCAPath() string
- func GetSecretsPath() string
- func GetTemplatesPath() string
- type Option
- type PKI
- func (p *PKI) GenerateConfig(opt ...Option) (*authority.Config, error)
- func (p *PKI) GenerateIntermediateCertificate(name string, rootCrt *x509.Certificate, rootKey interface{}, pass []byte) error
- func (p *PKI) GenerateKeyPairs(pass []byte) error
- func (p *PKI) GenerateRootCertificate(name string, pass []byte) (*x509.Certificate, interface{}, error)
- func (p *PKI) GenerateSSHSigningKeys(password []byte) error
- func (p *PKI) GetCAConfigPath() string
- func (p *PKI) GetRootFingerprint() string
- func (p *PKI) Save(opt ...Option) error
- func (p *PKI) SetAddress(s string)
- func (p *PKI) SetCAURL(s string)
- func (p *PKI) SetDNSNames(s []string)
- func (p *PKI) SetProvisioner(s string)
- func (p *PKI) TellPKI()
- func (p *PKI) WriteRootCertificate(rootCrt *x509.Certificate, rootKey interface{}, pass []byte) error
Constants ¶
This section is empty.
Variables ¶
var SSHTemplateData = map[string]string{
"include.tpl": `Host *
{{- if or .User.GOOS "none" | eq "windows" }}
Include "{{ .User.StepPath | replace "\\" "/" | trimPrefix "C:" }}/ssh/config"
{{- else }}
Include "{{.User.StepPath}}/ssh/config"
{{- end }}`,
"config.tpl": `Match exec "step ssh check-host %h"
{{- if .User.User }}
User {{.User.User}}
{{- end }}
{{- if or .User.GOOS "none" | eq "windows" }}
UserKnownHostsFile "{{.User.StepPath}}\ssh\known_hosts"
ProxyCommand C:\Windows\System32\cmd.exe /c step ssh proxycommand %r %h %p
{{- else }}
UserKnownHostsFile "{{.User.StepPath}}/ssh/known_hosts"
ProxyCommand step ssh proxycommand %r %h %p
{{- end }}
`,
"known_hosts.tpl": `@cert-authority * {{.Step.SSH.HostKey.Type}} {{.Step.SSH.HostKey.Marshal | toString | b64enc}}
{{- range .Step.SSH.HostFederatedKeys}}
@cert-authority * {{.Type}} {{.Marshal | toString | b64enc}}
{{- end }}
`,
"sshd_config.tpl": `TrustedUserCAKeys /etc/ssh/ca.pub
HostCertificate /etc/ssh/{{.User.Certificate}}
HostKey /etc/ssh/{{.User.Key}}`,
"ca.tpl": `{{.Step.SSH.UserKey.Type}} {{.Step.SSH.UserKey.Marshal | toString | b64enc}}
{{- range .Step.SSH.UserFederatedKeys}}
{{.Type}} {{.Marshal | toString | b64enc}}
{{- end }}
`,
}
SSHTemplateData contains the data of the default templates used on ssh.
var SSHTemplates = &templates.SSHTemplates{ User: []templates.Template{ {Name: "include.tpl", Type: templates.Snippet, TemplatePath: "templates/ssh/include.tpl", Path: "~/.ssh/config", Comment: "#"}, {Name: "config.tpl", Type: templates.File, TemplatePath: "templates/ssh/config.tpl", Path: "ssh/config", Comment: "#"}, {Name: "known_hosts.tpl", Type: templates.File, TemplatePath: "templates/ssh/known_hosts.tpl", Path: "ssh/known_hosts", Comment: "#"}, }, Host: []templates.Template{ {Name: "sshd_config.tpl", Type: templates.Snippet, TemplatePath: "templates/ssh/sshd_config.tpl", Path: "/etc/ssh/sshd_config", Comment: "#"}, {Name: "ca.tpl", Type: templates.Snippet, TemplatePath: "templates/ssh/ca.tpl", Path: "/etc/ssh/ca.pub", Comment: "#"}, }, }
SSHTemplates contains the configuration of default templates used on ssh. Relative paths are relative to the StepPath.
Functions ¶
func GetConfigPath ¶
func GetConfigPath() string
GetConfigPath returns the directory where the configuration files are stored based on the STEPPATH environment variable.
func GetDBPath ¶
func GetDBPath() string
GetDBPath returns the path where the file-system persistence is stored based on the STEPPATH environment variable.
func GetOTTKeyPath ¶
func GetOTTKeyPath() string
GetOTTKeyPath returns the path where the one-time token key is stored based on the STEPPATH environment variable.
func GetProvisionerKey ¶
GetProvisionerKey returns the encrypted provisioner key with the for the given kid.
func GetProvisioners ¶
func GetProvisioners(caURL, rootFile string) (provisioner.List, error)
GetProvisioners returns the map of provisioners on the given CA.
func GetPublicPath ¶
func GetPublicPath() string
GetPublicPath returns the directory where the public keys are stored based on the STEPPATH environment variable.
func GetRootCAPath ¶
func GetRootCAPath() string
GetRootCAPath returns the path where the root CA is stored based on the STEPPATH environment variable.
func GetSecretsPath ¶
func GetSecretsPath() string
GetSecretsPath returns the directory where the private keys are stored based on the STEPPATH environment variable.
func GetTemplatesPath ¶ added in v0.14.0
func GetTemplatesPath() string
GetTemplatesPath returns the path where the templates are stored.
Types ¶
type Option ¶
Option is the type for modifiers over the auth config object.
func WithDefaultDB ¶
func WithDefaultDB() Option
WithDefaultDB is a configuration modifier that adds a default DB stanza to the authority config.
type PKI ¶
type PKI struct {
// contains filtered or unexported fields
}
PKI represents the Public Key Infrastructure used by a certificate authority.
func (*PKI) GenerateConfig ¶
GenerateConfig returns the step certificates configuration.
func (*PKI) GenerateIntermediateCertificate ¶
func (p *PKI) GenerateIntermediateCertificate(name string, rootCrt *x509.Certificate, rootKey interface{}, pass []byte) error
GenerateIntermediateCertificate generates an intermediate certificate with the given name.
func (*PKI) GenerateKeyPairs ¶
GenerateKeyPairs generates the key pairs used by the certificate authority.
func (*PKI) GenerateRootCertificate ¶
func (p *PKI) GenerateRootCertificate(name string, pass []byte) (*x509.Certificate, interface{}, error)
GenerateRootCertificate generates a root certificate with the given name.
func (*PKI) GenerateSSHSigningKeys ¶
GenerateSSHSigningKeys generates and encrypts a private key used for signing SSH user certificates and a private key used for signing host certificates.
func (*PKI) GetCAConfigPath ¶
GetCAConfigPath returns the path of the CA configuration file.
func (*PKI) GetRootFingerprint ¶
GetRootFingerprint returns the root fingerprint.
func (*PKI) Save ¶
Save stores the pki on a json file that will be used as the certificate authority configuration.
func (*PKI) SetAddress ¶
SetAddress sets the listening address of the CA.
func (*PKI) SetDNSNames ¶
SetDNSNames sets the dns names of the CA.
func (*PKI) SetProvisioner ¶
SetProvisioner sets the provisioner name of the OTT keys.
func (*PKI) TellPKI ¶
func (p *PKI) TellPKI()
TellPKI outputs the locations of public and private keys generated generated for a new PKI. Generally this will consist of a root certificate and key and an intermediate certificate and key.
func (*PKI) WriteRootCertificate ¶
func (p *PKI) WriteRootCertificate(rootCrt *x509.Certificate, rootKey interface{}, pass []byte) error
WriteRootCertificate writes to disk the given certificate and key.