Struct sshcerts::Certificate [−][src]
pub struct Certificate {}Show fields
pub key_type: KeyType, pub nonce: Vec<u8>, pub key: PublicKey, pub serial: u64, pub cert_type: CertType, pub key_id: String, pub principals: Vec<String>, pub valid_after: u64, pub valid_before: u64, pub critical_options: HashMap<String, String>, pub extensions: HashMap<String, String>, pub reserved: Vec<u8>, pub signature_key: PublicKey, pub signature: Vec<u8>, pub comment: Option<String>, pub serialized: Vec<u8>,
A type which represents an OpenSSH certificate key. Please refer to [PROTOCOL.certkeys] for more details about OpenSSH certificates. [PROTOCOL.certkeys]: https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/PROTOCOL.certkeys?annotate=HEAD
Fields
key_type: KeyType
Type of key.
nonce: Vec<u8>
Cryptographic nonce.
key: PublicKey
Public key part of the certificate.
serial: u64
Serial number of certificate.
cert_type: CertType
Represents the type of the certificate.
key_id: String
Key identity.
principals: Vec<String>
The list of valid principals for the certificate.
valid_after: u64
Time after which certificate is considered as valid.
valid_before: u64
Time before which certificate is considered as valid.
critical_options: HashMap<String, String>
Critical options of the certificate. Generally used to control features which restrict access.
extensions: HashMap<String, String>
Certificate extensions. Extensions are usually used to enable features that grant access.
reserved: Vec<u8>
The reserved
field is currently unused and is ignored in this version of the protocol.
signature_key: PublicKey
Signature key contains the CA public key used to sign the certificate.
signature: Vec<u8>
Signature of the certificate.
comment: Option<String>
Associated comment, if any.
serialized: Vec<u8>
The entire serialized certificate, used for exporting
Implementations
impl Certificate
[src]
impl Certificate
[src]pub fn from_path<P: AsRef<Path>>(path: P) -> Result<Certificate, Error>
[src]
Reads an OpenSSH certificate from a given path.
Example
let cert = Certificate::from_path("/path/to/id_ed25519-cert.pub").unwrap(); println!("{}", cert);
pub fn from_string(s: &str) -> Result<Certificate, Error>
[src]
Reads an OpenSSH certificate from a given string.
Example
use sshcerts::Certificate; let cert = Certificate::from_string(concat!( "ssh-ed25519-cert-v01@openssh.com AAAAIHNzaC1lZDI1NTE5LWNlcnQtdjAxQG9wZW5zc2guY29tAAAAIGZlEWgv+aRvfJZiREMOKR0PVSTEstkuSeOyRgx", "wI1v2AAAAIAwPJZIwmYs+W7WHNPneMUIAkQnBVw1LP0yQdfh7lT/S/v7+/v7+/v4AAAABAAAADG9iZWxpc2tAdGVzdAAAAAsAAAAHb2JlbGlzawAAAAAAAAAA///", "///////8AAAAiAAAADWZvcmNlLWNvbW1hbmQAAAANAAAACS9iaW4vdHJ1ZQAAAIIAAAAVcGVybWl0LVgxMS1mb3J3YXJkaW5nAAAAAAAAABdwZXJtaXQtYWdlbnQ", "tZm9yd2FyZGluZwAAAAAAAAAWcGVybWl0LXBvcnQtZm9yd2FyZGluZwAAAAAAAAAKcGVybWl0LXB0eQAAAAAAAAAOcGVybWl0LXVzZXItcmMAAAAAAAAAAAAAADM", "AAAALc3NoLWVkMjU1MTkAAAAgXRsP8RFzML3wJDAqm2ENwOrRAHez5QqtcEpyBvwvniYAAABTAAAAC3NzaC1lZDI1NTE5AAAAQMo0Akv0eyr269StM2zBd0Alzjx", "XAC6krgBQex2O31at8r550oCIelfgj8YwZIaXG9DmleP525LcseJ16Z8e5Aw= obelisk@exclave.lan" )).unwrap(); println!("{:?}", cert);
pub fn builder(
pubkey: &PublicKey,
cert_type: CertType,
signing_key: &PublicKey
) -> Result<Certificate, Error>
[src]
pubkey: &PublicKey,
cert_type: CertType,
signing_key: &PublicKey
) -> Result<Certificate, Error>
Create a new empty SSH certificate. Values must then be filled in using the mutator methods below.
Example
let ssh_pubkey = PublicKey::from_string("ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBOhHAGJtT9s6zPW4OdQMzGbXEyj0ntkESrE1IZBgaCUSh9fWK1gRz+UJOcCB1JTC/kF2EPlwkX6XEpQToZl51oo= obelisk@exclave.lan").unwrap(); let cert = Certificate::builder(&ssh_pubkey, CertType::User, &ssh_pubkey).unwrap() .serial(0xFEFEFEFEFEFEFEFE) .key_id("key_id") .principal("obelisk") .valid_after(0) .valid_before(0xFFFFFFFFFFFFFFFF) .set_critical_options(CriticalOptions::None) .set_extensions(Extensions::Standard) .sign(test_signer); match cert { Ok(cert) => println!("{}", cert), Err(e) => println!("Encountered an error while creating certificate: {}", e), }
pub fn serial(self, serial: u64) -> Self
[src]
Set the serial of a certificate builder
pub fn key_id<S: AsRef<str>>(self, key_id: S) -> Self
[src]
Set the Key ID of a certificate builder
pub fn principal<S: AsRef<str>>(self, principal: S) -> Self
[src]
Add a principal to the certificate
pub fn set_principals(self, principals: &[String]) -> Self
[src]
Set the principals of the certificate
pub fn valid_after(self, valid_after: u64) -> Self
[src]
Set the initial validity time of the certificate
pub fn valid_before(self, valid_before: u64) -> Self
[src]
Set the expiry of the certificate
pub fn critical_option<S: AsRef<str>>(self, option: S, value: S) -> Self
[src]
Add a critical option to the certificate
pub fn set_critical_options(self, critical_options: CriticalOptions) -> Self
[src]
Set the critical options of the certificate
pub fn extension<S: AsRef<str>>(self, option: S, value: S) -> Self
[src]
Add a critical option to the certificate
pub fn set_extensions(self, extensions: Extensions) -> Self
[src]
Set the critical options of the certificate
pub fn comment<S: AsRef<str>>(self, comment: S) -> Self
[src]
Set the critical options of the certificate
pub fn sign(
self,
signer: impl FnOnce(&[u8]) -> Option<Vec<u8>>
) -> Result<Self, Error>
[src]
self,
signer: impl FnOnce(&[u8]) -> Option<Vec<u8>>
) -> Result<Self, Error>
Take the certificate settings and generate a valid signature using the provided signer function
Trait Implementations
Auto Trait Implementations
impl RefUnwindSafe for Certificate
impl RefUnwindSafe for Certificate
impl Send for Certificate
impl Send for Certificate
impl Sync for Certificate
impl Sync for Certificate
impl Unpin for Certificate
impl Unpin for Certificate
impl UnwindSafe for Certificate
impl UnwindSafe for Certificate