Struct sshcerts::Certificate [−][src]
pub struct Certificate {}Show fields
pub key_type: KeyType, pub nonce: Vec<u8>, pub key: PublicKey, pub serial: u64, pub cert_type: CertType, pub key_id: String, pub principals: Vec<String>, pub valid_after: u64, pub valid_before: u64, pub critical_options: HashMap<String, String>, pub extensions: HashMap<String, String>, pub reserved: Vec<u8>, pub signature_key: PublicKey, pub signature: Vec<u8>, pub comment: Option<String>, pub serialized: Vec<u8>,
A type which represents an OpenSSH certificate key. Please refer to [PROTOCOL.certkeys] for more details about OpenSSH certificates. [PROTOCOL.certkeys]: https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/PROTOCOL.certkeys?annotate=HEAD
Fields
key_type: KeyType
Type of key.
nonce: Vec<u8>
Cryptographic nonce.
key: PublicKey
Public key part of the certificate.
serial: u64
Serial number of certificate.
cert_type: CertType
Represents the type of the certificate.
key_id: String
Key identity.
principals: Vec<String>
The list of valid principals for the certificate.
valid_after: u64
Time after which certificate is considered as valid.
valid_before: u64
Time before which certificate is considered as valid.
critical_options: HashMap<String, String>
Critical options of the certificate. Generally used to control features which restrict access.
extensions: HashMap<String, String>
Certificate extensions. Extensions are usually used to enable features that grant access.
reserved: Vec<u8>
The reserved
field is currently unused and is ignored in this version of the protocol.
signature_key: PublicKey
Signature key contains the CA public key used to sign the certificate.
signature: Vec<u8>
Signature of the certificate.
comment: Option<String>
Associated comment, if any.
serialized: Vec<u8>
The entire serialized certificate, used for exporting
Implementations
impl Certificate
[src]
pub fn from_path<P: AsRef<Path>>(path: P) -> Result<Certificate, Error>
[src]
Reads an OpenSSH certificate from a given path.
Example
let cert = Certificate::from_path("/path/to/id_ed25519-cert.pub").unwrap(); println!("{}", cert);
pub fn from_string(s: &str) -> Result<Certificate, Error>
[src]
Reads an OpenSSH certificate from a given string.
Example
use sshcerts::Certificate; let cert = Certificate::from_string(concat!( "ssh-ed25519-cert-v01@openssh.com AAAAIHNzaC1lZDI1NTE5LWNlcnQtdjAxQG9wZW5zc2guY29tAAAAIGZlEWgv+aRvfJZiREMOKR0PVSTEstkuSeOyRgx", "wI1v2AAAAIAwPJZIwmYs+W7WHNPneMUIAkQnBVw1LP0yQdfh7lT/S/v7+/v7+/v4AAAABAAAADG9iZWxpc2tAdGVzdAAAAAsAAAAHb2JlbGlzawAAAAAAAAAA///", "///////8AAAAiAAAADWZvcmNlLWNvbW1hbmQAAAANAAAACS9iaW4vdHJ1ZQAAAIIAAAAVcGVybWl0LVgxMS1mb3J3YXJkaW5nAAAAAAAAABdwZXJtaXQtYWdlbnQ", "tZm9yd2FyZGluZwAAAAAAAAAWcGVybWl0LXBvcnQtZm9yd2FyZGluZwAAAAAAAAAKcGVybWl0LXB0eQAAAAAAAAAOcGVybWl0LXVzZXItcmMAAAAAAAAAAAAAADM", "AAAALc3NoLWVkMjU1MTkAAAAgXRsP8RFzML3wJDAqm2ENwOrRAHez5QqtcEpyBvwvniYAAABTAAAAC3NzaC1lZDI1NTE5AAAAQMo0Akv0eyr269StM2zBd0Alzjx", "XAC6krgBQex2O31at8r550oCIelfgj8YwZIaXG9DmleP525LcseJ16Z8e5Aw= obelisk@exclave.lan" )).unwrap(); println!("{:?}", cert);
pub fn builder(
pubkey: &PublicKey,
cert_type: CertType,
signing_key: &PublicKey
) -> Result<Certificate, Error>
[src]
pubkey: &PublicKey,
cert_type: CertType,
signing_key: &PublicKey
) -> Result<Certificate, Error>
Create a new empty SSH certificate. Values must then be filled in using the mutator methods below.
Example
let ssh_pubkey = PublicKey::from_string("ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBOhHAGJtT9s6zPW4OdQMzGbXEyj0ntkESrE1IZBgaCUSh9fWK1gRz+UJOcCB1JTC/kF2EPlwkX6XEpQToZl51oo= obelisk@exclave.lan").unwrap(); let cert = Certificate::builder(&ssh_pubkey, CertType::User, &ssh_pubkey).unwrap() .serial(0xFEFEFEFEFEFEFEFE) .key_id("key_id") .principal("obelisk") .valid_after(0) .valid_before(0xFFFFFFFFFFFFFFFF) .set_critical_options(CriticalOptions::None) .set_extensions(Extensions::Standard) .sign(test_signer); match cert { Ok(cert) => println!("{}", cert), Err(e) => println!("Encountered an error while creating certificate: {}", e), }
pub fn serial(self, serial: u64) -> Self
[src]
Set the serial of a certificate builder
pub fn key_id<S: AsRef<str>>(self, key_id: S) -> Self
[src]
Set the Key ID of a certificate builder
pub fn principal<S: AsRef<str>>(self, principal: S) -> Self
[src]
Add a principal to the certificate
pub fn set_principals(self, principals: &[String]) -> Self
[src]
Set the principals of the certificate
pub fn valid_after(self, valid_after: u64) -> Self
[src]
Set the initial validity time of the certificate
pub fn valid_before(self, valid_before: u64) -> Self
[src]
Set the expiry of the certificate
pub fn critical_option<S: AsRef<str>>(self, option: S, value: S) -> Self
[src]
Add a critical option to the certificate
pub fn set_critical_options(self, critical_options: CriticalOptions) -> Self
[src]
Set the critical options of the certificate
pub fn extension<S: AsRef<str>>(self, option: S, value: S) -> Self
[src]
Add a critical option to the certificate
pub fn set_extensions(self, extensions: Extensions) -> Self
[src]
Set the critical options of the certificate
pub fn comment<S: AsRef<str>>(self, comment: S) -> Self
[src]
Set the critical options of the certificate
pub fn sign(
self,
signer: impl FnOnce(&[u8]) -> Option<Vec<u8>>
) -> Result<Self, Error>
[src]
self,
signer: impl FnOnce(&[u8]) -> Option<Vec<u8>>
) -> Result<Self, Error>
Take the certificate settings and generate a valid signature using the provided signer function
Trait Implementations
impl Debug for Certificate
[src]
impl Display for Certificate
[src]
Auto Trait Implementations
impl RefUnwindSafe for Certificate
impl Send for Certificate
impl Sync for Certificate
impl Unpin for Certificate
impl UnwindSafe for Certificate
Blanket Implementations
impl<T> Any for T where
T: 'static + ?Sized,
[src]
T: 'static + ?Sized,
impl<T> Borrow<T> for T where
T: ?Sized,
[src]
T: ?Sized,
impl<T> BorrowMut<T> for T where
T: ?Sized,
[src]
T: ?Sized,
pub fn borrow_mut(&mut self) -> &mut T
[src]
impl<T> From<T> for T
[src]
impl<T, U> Into<U> for T where
U: From<T>,
[src]
U: From<T>,
impl<T> ToString for T where
T: Display + ?Sized,
[src]
T: Display + ?Sized,
impl<T, U> TryFrom<U> for T where
U: Into<T>,
[src]
U: Into<T>,
type Error = Infallible
The type returned in the event of a conversion error.
pub fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>
[src]
impl<T, U> TryInto<U> for T where
U: TryFrom<T>,
[src]
U: TryFrom<T>,