Struct sshcerts::ssh::Certificate

source · []
pub struct Certificate {
Show 16 fields
    pub key_type: KeyType,
    pub nonce: Vec<u8>,
    pub key: PublicKey,
    pub serial: u64,
    pub cert_type: CertType,
    pub key_id: String,
    pub principals: Vec<String>,
    pub valid_after: u64,
    pub valid_before: u64,
    pub critical_options: HashMap<String, String>,
    pub extensions: HashMap<String, String>,
    pub reserved: Vec<u8>,
    pub signature_key: PublicKey,
    pub signature: Vec<u8>,
    pub comment: Option<String>,
    pub serialized: Vec<u8>,

}
Expand description

A type which represents an OpenSSH certificate key. Please refer to [PROTOCOL.certkeys] for more details about OpenSSH certificates. [PROTOCOL.certkeys]: https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/PROTOCOL.certkeys?annotate=HEAD

Fields

key_type: KeyType

Type of key.

nonce: Vec<u8>

Cryptographic nonce.

key: PublicKey

Public key part of the certificate.

serial: u64

Serial number of certificate.

cert_type: CertType

Represents the type of the certificate.

key_id: String

Key identity.

principals: Vec<String>

The list of valid principals for the certificate.

valid_after: u64

Time after which certificate is considered as valid.

valid_before: u64

Time before which certificate is considered as valid.

critical_options: HashMap<String, String>

Critical options of the certificate. Generally used to control features which restrict access.

extensions: HashMap<String, String>

Certificate extensions. Extensions are usually used to enable features that grant access.

reserved: Vec<u8>

The reserved field is currently unused and is ignored in this version of the protocol.

signature_key: PublicKey

Signature key contains the CA public key used to sign the certificate.

signature: Vec<u8>

Signature of the certificate.

comment: Option<String>

Associated comment, if any.

serialized: Vec<u8>

The entire serialized certificate, used for exporting

Implementations

Reads an OpenSSH certificate from a given path.

Example
    let cert = Certificate::from_path("/path/to/id_ed25519-cert.pub").unwrap();
    println!("{}", cert);

Reads an OpenSSH certificate from a given string.

Example
use sshcerts::Certificate;

let cert = Certificate::from_string(concat!(
    "ssh-ed25519-cert-v01@openssh.com AAAAIHNzaC1lZDI1NTE5LWNlcnQtdjAxQG9wZW5zc2guY29tAAAAIGZlEWgv+aRvfJZiREMOKR0PVSTEstkuSeOyRgx",
    "wI1v2AAAAIAwPJZIwmYs+W7WHNPneMUIAkQnBVw1LP0yQdfh7lT/S/v7+/v7+/v4AAAABAAAADG9iZWxpc2tAdGVzdAAAAAsAAAAHb2JlbGlzawAAAAAAAAAA///",
    "///////8AAAAiAAAADWZvcmNlLWNvbW1hbmQAAAANAAAACS9iaW4vdHJ1ZQAAAIIAAAAVcGVybWl0LVgxMS1mb3J3YXJkaW5nAAAAAAAAABdwZXJtaXQtYWdlbnQ",
    "tZm9yd2FyZGluZwAAAAAAAAAWcGVybWl0LXBvcnQtZm9yd2FyZGluZwAAAAAAAAAKcGVybWl0LXB0eQAAAAAAAAAOcGVybWl0LXVzZXItcmMAAAAAAAAAAAAAADM",
    "AAAALc3NoLWVkMjU1MTkAAAAgXRsP8RFzML3wJDAqm2ENwOrRAHez5QqtcEpyBvwvniYAAABTAAAAC3NzaC1lZDI1NTE5AAAAQMo0Akv0eyr269StM2zBd0Alzjx",
    "XAC6krgBQex2O31at8r550oCIelfgj8YwZIaXG9DmleP525LcseJ16Z8e5Aw= obelisk@exclave.lan"
)).unwrap();
println!("{:?}", cert);

Returns the set of standard extensions used for SSH certificates. If you’re unsure about what you need, using the standard extensions is probably what you want.

Create a new empty SSH certificate. Values must then be filled in using the mutator methods below.

Example
    let private_key = PrivateKey::from_string(concat!(
        "-----BEGIN OPENSSH PRIVATE KEY-----",
        "b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW",
        "QyNTUxOQAAACBBvD18M5xE6toNtTkIwVwl7xkJb9DBUSgHfKaKbeTW3gAAAKj3njlq9545",
        "agAAAAtzc2gtZWQyNTUxOQAAACBBvD18M5xE6toNtTkIwVwl7xkJb9DBUSgHfKaKbeTW3g",
        "AAAEBLyc6RR+xrjQFV9hhmW9z5TYEA4IMVG7+xBq0WHjdnNkG8PXwznETq2g21OQjBXCXv",
        "GQlv0MFRKAd8popt5NbeAAAAIW9iZWxpc2tATWl0Y2hlbGxzLU1CUC5sb2NhbGRvbWFpbg",
        "ECAwQ=",
        "-----END OPENSSH PRIVATE KEY-----",
    )).unwrap();
    let ssh_pubkey = PublicKey::from_string("ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHk1jR7i5Ao85pfz0X6xAWT3N+Wicm17v3UnYw3ZEGnH").unwrap();
    let cert = Certificate::builder(&ssh_pubkey, CertType::User, &private_key.pubkey).unwrap()
       .serial(0xFEFEFEFEFEFEFEFE)
       .key_id("key_id")
       .principal("obelisk")
       .valid_after(0)
       .valid_before(0xFFFFFFFFFFFFFFFF)
       .set_extensions(Certificate::standard_extensions())
       .sign(&private_key);
 
    match cert {
      Ok(cert) => println!("{}", cert),
      Err(e) => println!("Encountered an error while creating certificate: {}", e),
    }

Set the serial of a certificate builder

Set the Key ID of a certificate builder

Add a principal to the certificate

Set the principals of the certificate

Set the initial validity time of the certificate

Set the expiry of the certificate

Add a critical option to the certificate

Set the critical options of the certificate

Add an extension to the certificate

Set the extensions of the certificate

Set the comment of the certificate

Get the certificate data without the signature field at the end.

Attempts to add the given signature to the certificate. This function returns an error if the signature provided is not valid for the certificate under the set CA key.

Take the certificate settings and generate a valid signature using the provided signer function

Trait Implementations

Formats the value using the given formatter. Read more

Formats the value using the given formatter. Read more

Auto Trait Implementations

Blanket Implementations

Gets the TypeId of self. Read more

Immutably borrows from an owned value. Read more

Mutably borrows from an owned value. Read more

Performs the conversion.

Performs the conversion.

Converts the given value to a String. Read more

The type returned in the event of a conversion error.

Performs the conversion.

The type returned in the event of a conversion error.

Performs the conversion.