signature

package

v1.7.1 Latest Latest Go to latest Published: Jun 2, 2024 License: GPL-3.0 Imports: 11 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/soerenschneider/vault-ssh-cli

Links

Open Source Insights

Documentation ¶

Index ¶

type AferoSink
- func NewAferoSink(filePath string) (*AferoSink, error)
type BufferSink
type CertType
type FileSink
type Issuer
- func NewIssuer(signer Signer, refresh ssh.RefreshSignatureStrategy) (*Issuer, error)
- func (i *Issuer) SignHostCert(conf *config.Config, pubKey, signedKey Sink) error
- func (i *Issuer) SignUserCert(conf *config.Config, pubKey, signedKey Sink) error
type SignHostKeyRequest
type SignUserKeyRequest
type Signer
type Sink

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type AferoSink ¶ added in v1.7.0

type AferoSink struct {
	// contains filtered or unexported fields
}

func NewAferoSink ¶ added in v1.7.0

func NewAferoSink(filePath string) (*AferoSink, error)

func (*AferoSink) CanRead ¶ added in v1.7.0

func (s *AferoSink) CanRead() error

func (*AferoSink) CanWrite ¶ added in v1.7.0

func (s *AferoSink) CanWrite() error

func (*AferoSink) Read ¶ added in v1.7.0

func (s *AferoSink) Read() ([]byte, error)

func (*AferoSink) Write ¶ added in v1.7.0

func (s *AferoSink) Write(signedData string) error

type BufferSink ¶

type BufferSink struct {
	Data  []byte
	Print bool
}

func (*BufferSink) CanRead ¶

func (b *BufferSink) CanRead() error

func (*BufferSink) CanWrite ¶

func (b *BufferSink) CanWrite() error

func (*BufferSink) Read ¶

func (b *BufferSink) Read() ([]byte, error)

func (*BufferSink) Write ¶

func (b *BufferSink) Write(signedData string) error

type CertType ¶

type CertType int

const (
	User CertType = 1 << iota
	Host CertType = 1 << iota
)

type FileSink ¶

type FileSink struct {
	FilePath string
}

func (*FileSink) CanRead ¶

func (fs *FileSink) CanRead() error

func (*FileSink) CanWrite ¶

func (fs *FileSink) CanWrite() error

func (*FileSink) Read ¶

func (fs *FileSink) Read() ([]byte, error)

func (*FileSink) Write ¶

func (fs *FileSink) Write(signedData string) error

type Issuer ¶

type Issuer struct {
	// contains filtered or unexported fields
}

func NewIssuer ¶

func NewIssuer(signer Signer, refresh ssh.RefreshSignatureStrategy) (*Issuer, error)

func (*Issuer) SignHostCert ¶

func (i *Issuer) SignHostCert(conf *config.Config, pubKey, signedKey Sink) error

func (*Issuer) SignUserCert ¶ added in v1.7.0

func (i *Issuer) SignUserCert(conf *config.Config, pubKey, signedKey Sink) error

type SignHostKeyRequest ¶ added in v1.7.0

type SignHostKeyRequest struct {
	PublicKey  string `validation:"required"`
	Ttl        int    `validation:"gte=86400"`
	Principals []string
	Extensions map[string]string
}

type SignUserKeyRequest ¶ added in v1.7.0

type SignUserKeyRequest struct {
	PublicKey  string `validation:"required"`
	Ttl        int    `validation:"gt=600"`
	Principals []string
	Extensions map[string]string
}

type Signer ¶

type Signer interface {
	SignUserKey(req SignUserKeyRequest) (string, error)
	SignHostKey(req SignHostKeyRequest) (string, error)
	ReadCaCert() (string, error)
}

type Sink ¶

type Sink interface {
	Read() ([]byte, error)
	CanRead() error
	Write(string) error
	CanWrite() error
}

Sink is a simple wrapper around a key (which is just a byte stream itself). This way, we decouple the implementation (file-based, memory, network, ..) and make it easily swap- and testable.

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
vault
auth

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL