Documentation
¶
Index ¶
- func GetSSHKeyPair() (ssh.PublicKey, ssh.Signer, error)
- func GetTemporaryRootKey(signingConf SigningConfig) (ssh.Signer, error)
- type Cert
- func (c *Cert) ApplyChanges(changes ChangeRequest) error
- func (c *Cert) ApplyTimePattern(pattern string) error
- func (c *Cert) AttachCertToSigner(signer ssh.Signer) (ssh.Signer, error)
- func (c *Cert) Marshal() []byte
- func (c *Cert) MarshalAuthorizedKey() []byte
- func (c *Cert) Renew(conf SigningConfig, changes ChangeRequest) error
- func (c *Cert) SetCriticalOption(key string, value string)
- func (c *Cert) SetExtension(key string, value string)
- func (c *Cert) SetIdentifier(identifier string)
- func (c *Cert) SetKey(key ssh.PublicKey)
- func (c *Cert) SetKeyFromBytes(keyBytes []byte) error
- func (c *Cert) SetPrincipals(principals []string)
- func (c *Cert) SetValidAfter(validAfter time.Time)
- func (c *Cert) SetValidBefore(validBefore time.Time)
- func (c *Cert) Sign(conf SigningConfig) error
- func (c *Cert) UnsetCriticalOption(key string)
- func (c *Cert) UnsetExtension(key string)
- func (c *Cert) Verify(validKeys []ssh.PublicKey) error
- type ChangeRequest
- type SigningConfig
- type TrustedCA
- type VerifyConfig
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func GetTemporaryRootKey ¶
func GetTemporaryRootKey(signingConf SigningConfig) (ssh.Signer, error)
Types ¶
type Cert ¶
type Cert struct {
Cert *ssh.Certificate
}
func DefaultUserCert ¶
func DefaultUserCert() *Cert
func (*Cert) ApplyChanges ¶
func (c *Cert) ApplyChanges(changes ChangeRequest) error
func (*Cert) ApplyTimePattern ¶
func (*Cert) AttachCertToSigner ¶
func (*Cert) MarshalAuthorizedKey ¶
func (*Cert) Renew ¶
func (c *Cert) Renew(conf SigningConfig, changes ChangeRequest) error
func (*Cert) SetCriticalOption ¶
func (*Cert) SetExtension ¶
func (*Cert) SetIdentifier ¶
func (*Cert) SetKeyFromBytes ¶
func (*Cert) SetPrincipals ¶
func (*Cert) SetValidAfter ¶
func (*Cert) SetValidBefore ¶
func (*Cert) Sign ¶
func (c *Cert) Sign(conf SigningConfig) error
Sign signs the cert with the given CA key. If ignoreExpiry is true, the cert will be signed even if it is already expired. If the cert is expired and ignoreExpiry is false, an error will be returned. This will change the cert's ValidAfter and ValidBefore fields to compensate for clock inaccuracy given in conf.
func (*Cert) UnsetCriticalOption ¶
func (*Cert) UnsetExtension ¶
type ChangeRequest ¶
type ChangeRequest struct {
IdentifierOverride sql.NullString
PrincipalsOverride []string
PrincipalsToAdd []string
PrincipalsToRemove []string
ExtensionsOverride map[string]string
ExtensionsToAdd map[string]string
ExtensionsToRemove []string
ValidBeforeOverride sql.NullTime
ValidAfterOverride sql.NullTime
TimePattern sql.NullString
}
type SigningConfig ¶
type SigningConfig struct {
CAKey ssh.Signer
ClockInaccuracyCompensation time.Duration
IgnoreExpiry bool
RevokedKeys map[ssh.PublicKey]bool
}
func CreateSigningConf ¶
func CreateSigningConf(clockCompensation time.Duration, IgnoreExpiry bool) (SigningConfig, error)
func (*SigningConfig) WasRevoked ¶
func (conf *SigningConfig) WasRevoked(cert *ssh.Certificate) bool
type VerifyConfig ¶
type VerifyConfig struct {
// contains filtered or unexported fields
}
func NewVerifyConfig ¶
func NewVerifyConfig() *VerifyConfig
Source Files
Click to show internal directories.
Click to hide internal directories.