Struct sshcerts::Certificate[][src]

pub struct Certificate {
    pub key_type: KeyType,
    pub nonce: Vec<u8>,
    pub key: PublicKey,
    pub serial: u64,
    pub cert_type: CertType,
    pub key_id: String,
    pub principals: Vec<String>,
    pub valid_after: u64,
    pub valid_before: u64,
    pub critical_options: HashMap<String, String>,
    pub extensions: HashMap<String, String>,
    pub reserved: Vec<u8>,
    pub signature_key: PublicKey,
    pub signature: Vec<u8>,
    pub comment: Option<String>,
    pub serialized: Vec<u8>,
}

A type which represents an OpenSSH certificate key. Please refer to [PROTOCOL.certkeys] for more details about OpenSSH certificates. [PROTOCOL.certkeys]: https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/PROTOCOL.certkeys?annotate=HEAD

Fields

key_type: KeyType

Type of key.

nonce: Vec<u8>

Cryptographic nonce.

key: PublicKey

Public key part of the certificate.

serial: u64

Serial number of certificate.

cert_type: CertType

Represents the type of the certificate.

key_id: String

Key identity.

principals: Vec<String>

The list of valid principals for the certificate.

valid_after: u64

Time after which certificate is considered as valid.

valid_before: u64

Time before which certificate is considered as valid.

critical_options: HashMap<String, String>

Critical options of the certificate. Generally used to control features which restrict access.

extensions: HashMap<String, String>

Certificate extensions. Extensions are usually used to enable features that grant access.

reserved: Vec<u8>

The reserved field is currently unused and is ignored in this version of the protocol.

signature_key: PublicKey

Signature key contains the CA public key used to sign the certificate.

signature: Vec<u8>

Signature of the certificate.

comment: Option<String>

Associated comment, if any.

serialized: Vec<u8>

The entire serialized certificate, used for exporting

Implementations

impl Certificate[src]

pub fn from_path<P: AsRef<Path>>(path: P) -> Result<Certificate>[src]

Reads an OpenSSH certificate from a given path.

Example

    let cert = Certificate::from_path("/path/to/id_ed25519-cert.pub").unwrap();
    println!("{}", cert);

pub fn from_string(s: &str) -> Result<Certificate>[src]

Reads an OpenSSH certificate from a given string.

Example

use sshcerts::Certificate;

let cert = Certificate::from_string(concat!(
    "ssh-ed25519-cert-v01@openssh.com AAAAIHNzaC1lZDI1NTE5LWNlcnQtdjAxQG9wZW5zc2guY29tAAAAIGZlEWgv+aRvfJZiREMOKR0PVSTEstkuSeOyRgx",
    "wI1v2AAAAIAwPJZIwmYs+W7WHNPneMUIAkQnBVw1LP0yQdfh7lT/S/v7+/v7+/v4AAAABAAAADG9iZWxpc2tAdGVzdAAAAAsAAAAHb2JlbGlzawAAAAAAAAAA///",
    "///////8AAAAiAAAADWZvcmNlLWNvbW1hbmQAAAANAAAACS9iaW4vdHJ1ZQAAAIIAAAAVcGVybWl0LVgxMS1mb3J3YXJkaW5nAAAAAAAAABdwZXJtaXQtYWdlbnQ",
    "tZm9yd2FyZGluZwAAAAAAAAAWcGVybWl0LXBvcnQtZm9yd2FyZGluZwAAAAAAAAAKcGVybWl0LXB0eQAAAAAAAAAOcGVybWl0LXVzZXItcmMAAAAAAAAAAAAAADM",
    "AAAALc3NoLWVkMjU1MTkAAAAgXRsP8RFzML3wJDAqm2ENwOrRAHez5QqtcEpyBvwvniYAAABTAAAAC3NzaC1lZDI1NTE5AAAAQMo0Akv0eyr269StM2zBd0Alzjx",
    "XAC6krgBQex2O31at8r550oCIelfgj8YwZIaXG9DmleP525LcseJ16Z8e5Aw= obelisk@exclave.lan"
)).unwrap();
println!("{:?}", cert);

pub fn new(
    pubkey: PublicKey,
    cert_type: CertType,
    serial: u64,
    key_id: String,
    principals: Vec<String>,
    valid_after: u64,
    valid_before: u64,
    critical_options: CriticalOptions,
    extensions: Extensions,
    ca_pubkey: PublicKey,
    signer: impl Fn(&[u8]) -> Option<Vec<u8>>
) -> Result<Certificate>[src]

Create a new SSH certificate from the provided values. It takes two function pointers to retrieve the signing public key as well as a function to do the actual signing. This function pointed to is responsible for hashing the data as no hashing is done Certificate::new

Example

fn test_signer(buf: &[u8]) -> Option<Vec<u8>> { None }
fn test_pubkey() -> Option<Vec<u8>> { None }
  let cert = Certificate::new(
     PublicKey::from_string("AAA...").unwrap(),
     CertType::User,
     0xFEFEFEFEFEFEFEFE,
     String::from("obelisk@exclave"),
     vec![String::from("obelisk2")],
     0,
     0xFFFFFFFFFFFFFFFF,
     CriticalOptions::None,
     Extensions::Standard,
     PublicKey::from_string("AAA...").unwrap(),
     test_signer,
  );
 
  match cert {
     Ok(cert) => println!("{}", cert),
     Err(e) => println!("Encountered an error while creating certificate: {}", e),
  }

Trait Implementations

impl Debug for Certificate[src]

impl Display for Certificate[src]

Auto Trait Implementations

Blanket Implementations

impl<T> Any for T where
    T: 'static + ?Sized[src]

impl<T> Borrow<T> for T where
    T: ?Sized[src]

impl<T> BorrowMut<T> for T where
    T: ?Sized[src]

impl<T> From<T> for T[src]

impl<T, U> Into<U> for T where
    U: From<T>, [src]

impl<T> ToString for T where
    T: Display + ?Sized[src]

impl<T, U> TryFrom<U> for T where
    U: Into<T>, [src]

type Error = Infallible

The type returned in the event of a conversion error.

impl<T, U> TryInto<U> for T where
    U: TryFrom<T>, [src]

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.