Struct sshcerts::ssh::Certificate
source · pub struct Certificate {Show 16 fields
pub key_type: KeyType,
pub nonce: Vec<u8>,
pub key: PublicKey,
pub serial: u64,
pub cert_type: CertType,
pub key_id: String,
pub principals: Vec<String>,
pub valid_after: u64,
pub valid_before: u64,
pub critical_options: HashMap<String, String>,
pub extensions: HashMap<String, String>,
pub reserved: Vec<u8>,
pub signature_key: PublicKey,
pub signature: Vec<u8>,
pub comment: Option<String>,
pub serialized: Vec<u8>,
}
Expand description
A type which represents an OpenSSH certificate key. Please refer to [PROTOCOL.certkeys] for more details about OpenSSH certificates. [PROTOCOL.certkeys]: https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/PROTOCOL.certkeys?annotate=HEAD
Fields§
§key_type: KeyType
Type of key.
nonce: Vec<u8>
Cryptographic nonce.
key: PublicKey
Public key part of the certificate.
serial: u64
Serial number of certificate.
cert_type: CertType
Represents the type of the certificate.
key_id: String
Key identity.
principals: Vec<String>
The list of valid principals for the certificate.
valid_after: u64
Time after which certificate is considered as valid.
valid_before: u64
Time before which certificate is considered as valid.
critical_options: HashMap<String, String>
Critical options of the certificate. Generally used to control features which restrict access.
extensions: HashMap<String, String>
Certificate extensions. Extensions are usually used to enable features that grant access.
reserved: Vec<u8>
The reserved
field is currently unused and is ignored in this version of the protocol.
signature_key: PublicKey
Signature key contains the CA public key used to sign the certificate.
signature: Vec<u8>
Signature of the certificate.
comment: Option<String>
Associated comment, if any.
serialized: Vec<u8>
The entire serialized certificate, used for exporting
Implementations§
source§impl Certificate
impl Certificate
sourcepub fn from_path<P: AsRef<Path>>(path: P) -> Result<Certificate, Error>
pub fn from_path<P: AsRef<Path>>(path: P) -> Result<Certificate, Error>
Reads an OpenSSH certificate from a given path.
§Example
let cert = Certificate::from_path("/path/to/id_ed25519-cert.pub").unwrap();
println!("{}", cert);
sourcepub fn from_string(s: &str) -> Result<Certificate, Error>
pub fn from_string(s: &str) -> Result<Certificate, Error>
Reads an OpenSSH certificate from a given string.
§Example
use sshcerts::Certificate;
let cert = Certificate::from_string(concat!(
"ssh-ed25519-cert-v01@openssh.com AAAAIHNzaC1lZDI1NTE5LWNlcnQtdjAxQG9wZW5zc2guY29tAAAAIGZlEWgv+aRvfJZiREMOKR0PVSTEstkuSeOyRgx",
"wI1v2AAAAIAwPJZIwmYs+W7WHNPneMUIAkQnBVw1LP0yQdfh7lT/S/v7+/v7+/v4AAAABAAAADG9iZWxpc2tAdGVzdAAAAAsAAAAHb2JlbGlzawAAAAAAAAAA///",
"///////8AAAAiAAAADWZvcmNlLWNvbW1hbmQAAAANAAAACS9iaW4vdHJ1ZQAAAIIAAAAVcGVybWl0LVgxMS1mb3J3YXJkaW5nAAAAAAAAABdwZXJtaXQtYWdlbnQ",
"tZm9yd2FyZGluZwAAAAAAAAAWcGVybWl0LXBvcnQtZm9yd2FyZGluZwAAAAAAAAAKcGVybWl0LXB0eQAAAAAAAAAOcGVybWl0LXVzZXItcmMAAAAAAAAAAAAAADM",
"AAAALc3NoLWVkMjU1MTkAAAAgXRsP8RFzML3wJDAqm2ENwOrRAHez5QqtcEpyBvwvniYAAABTAAAAC3NzaC1lZDI1NTE5AAAAQMo0Akv0eyr269StM2zBd0Alzjx",
"XAC6krgBQex2O31at8r550oCIelfgj8YwZIaXG9DmleP525LcseJ16Z8e5Aw= obelisk@exclave.lan"
)).unwrap();
println!("{:?}", cert);
sourcepub fn from_bytes(data: &[u8]) -> Result<Certificate, Error>
pub fn from_bytes(data: &[u8]) -> Result<Certificate, Error>
Reads an SSH certificate from a given byte sequence.
The byte sequence is expected to be the base64 decoded body of the SSH certificate.
sourcepub fn standard_extensions() -> HashMap<String, String>
pub fn standard_extensions() -> HashMap<String, String>
Returns the set of standard extensions used for SSH certificates. If you’re unsure about what you need, using the standard extensions is probably what you want.
sourcepub fn builder(
pubkey: &PublicKey,
cert_type: CertType,
signing_key: &PublicKey
) -> Result<Certificate, Error>
pub fn builder( pubkey: &PublicKey, cert_type: CertType, signing_key: &PublicKey ) -> Result<Certificate, Error>
Create a new empty SSH certificate. Values must then be filled in using the mutator methods below.
§Example
let private_key = PrivateKey::from_string(concat!(
"-----BEGIN OPENSSH PRIVATE KEY-----",
"b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW",
"QyNTUxOQAAACBBvD18M5xE6toNtTkIwVwl7xkJb9DBUSgHfKaKbeTW3gAAAKj3njlq9545",
"agAAAAtzc2gtZWQyNTUxOQAAACBBvD18M5xE6toNtTkIwVwl7xkJb9DBUSgHfKaKbeTW3g",
"AAAEBLyc6RR+xrjQFV9hhmW9z5TYEA4IMVG7+xBq0WHjdnNkG8PXwznETq2g21OQjBXCXv",
"GQlv0MFRKAd8popt5NbeAAAAIW9iZWxpc2tATWl0Y2hlbGxzLU1CUC5sb2NhbGRvbWFpbg",
"ECAwQ=",
"-----END OPENSSH PRIVATE KEY-----",
)).unwrap();
let ssh_pubkey = PublicKey::from_string("ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHk1jR7i5Ao85pfz0X6xAWT3N+Wicm17v3UnYw3ZEGnH").unwrap();
let cert = Certificate::builder(&ssh_pubkey, CertType::User, &private_key.pubkey).unwrap()
.serial(0xFEFEFEFEFEFEFEFE)
.key_id("key_id")
.principal("obelisk")
.valid_after(0)
.valid_before(0xFFFFFFFFFFFFFFFF)
.set_extensions(Certificate::standard_extensions())
.sign(&private_key);
match cert {
Ok(cert) => println!("{}", cert),
Err(e) => println!("Encountered an error while creating certificate: {}", e),
}
sourcepub fn set_principals(self, principals: &[String]) -> Self
pub fn set_principals(self, principals: &[String]) -> Self
Set the principals of the certificate
sourcepub fn valid_after(self, valid_after: u64) -> Self
pub fn valid_after(self, valid_after: u64) -> Self
Set the initial validity time of the certificate
sourcepub fn valid_before(self, valid_before: u64) -> Self
pub fn valid_before(self, valid_before: u64) -> Self
Set the expiry of the certificate
sourcepub fn critical_option<S: AsRef<str>>(self, option: S, value: S) -> Self
pub fn critical_option<S: AsRef<str>>(self, option: S, value: S) -> Self
Add a critical option to the certificate
sourcepub fn set_critical_options(
self,
critical_options: HashMap<String, String>
) -> Self
pub fn set_critical_options( self, critical_options: HashMap<String, String> ) -> Self
Set the critical options of the certificate
sourcepub fn extension<S: AsRef<str>>(self, option: S, value: S) -> Self
pub fn extension<S: AsRef<str>>(self, option: S, value: S) -> Self
Add an extension to the certificate
sourcepub fn set_extensions(self, extensions: HashMap<String, String>) -> Self
pub fn set_extensions(self, extensions: HashMap<String, String>) -> Self
Set the extensions of the certificate
sourcepub fn tbs_certificate(&self) -> Vec<u8> ⓘ
pub fn tbs_certificate(&self) -> Vec<u8> ⓘ
Get the certificate data without the signature field at the end.
sourcepub fn add_signature(self, signature: &[u8]) -> Result<Self, Error>
pub fn add_signature(self, signature: &[u8]) -> Result<Self, Error>
Attempts to add the given signature to the certificate. This function returns an error if the signature provided is not valid for the certificate under the set CA key.
Trait Implementations§
source§impl Clone for Certificate
impl Clone for Certificate
source§fn clone(&self) -> Certificate
fn clone(&self) -> Certificate
1.0.0 · source§fn clone_from(&mut self, source: &Self)
fn clone_from(&mut self, source: &Self)
source
. Read moresource§impl Debug for Certificate
impl Debug for Certificate
source§impl Display for Certificate
impl Display for Certificate
source§impl PartialEq for Certificate
impl PartialEq for Certificate
source§fn eq(&self, other: &Certificate) -> bool
fn eq(&self, other: &Certificate) -> bool
self
and other
values to be equal, and is used
by ==
.impl Eq for Certificate
impl StructuralPartialEq for Certificate
Auto Trait Implementations§
impl Freeze for Certificate
impl RefUnwindSafe for Certificate
impl Send for Certificate
impl Sync for Certificate
impl Unpin for Certificate
impl UnwindSafe for Certificate
Blanket Implementations§
source§impl<'a, T, E> AsTaggedExplicit<'a, E> for Twhere
T: 'a,
impl<'a, T, E> AsTaggedExplicit<'a, E> for Twhere
T: 'a,
source§impl<'a, T, E> AsTaggedImplicit<'a, E> for Twhere
T: 'a,
impl<'a, T, E> AsTaggedImplicit<'a, E> for Twhere
T: 'a,
source§impl<T> BorrowMut<T> for Twhere
T: ?Sized,
impl<T> BorrowMut<T> for Twhere
T: ?Sized,
source§fn borrow_mut(&mut self) -> &mut T
fn borrow_mut(&mut self) -> &mut T
source§impl<T> FmtForward for T
impl<T> FmtForward for T
source§fn fmt_binary(self) -> FmtBinary<Self>where
Self: Binary,
fn fmt_binary(self) -> FmtBinary<Self>where
Self: Binary,
self
to use its Binary
implementation when Debug
-formatted.source§fn fmt_display(self) -> FmtDisplay<Self>where
Self: Display,
fn fmt_display(self) -> FmtDisplay<Self>where
Self: Display,
self
to use its Display
implementation when
Debug
-formatted.source§fn fmt_lower_exp(self) -> FmtLowerExp<Self>where
Self: LowerExp,
fn fmt_lower_exp(self) -> FmtLowerExp<Self>where
Self: LowerExp,
self
to use its LowerExp
implementation when
Debug
-formatted.source§fn fmt_lower_hex(self) -> FmtLowerHex<Self>where
Self: LowerHex,
fn fmt_lower_hex(self) -> FmtLowerHex<Self>where
Self: LowerHex,
self
to use its LowerHex
implementation when
Debug
-formatted.source§fn fmt_octal(self) -> FmtOctal<Self>where
Self: Octal,
fn fmt_octal(self) -> FmtOctal<Self>where
Self: Octal,
self
to use its Octal
implementation when Debug
-formatted.source§fn fmt_pointer(self) -> FmtPointer<Self>where
Self: Pointer,
fn fmt_pointer(self) -> FmtPointer<Self>where
Self: Pointer,
self
to use its Pointer
implementation when
Debug
-formatted.source§fn fmt_upper_exp(self) -> FmtUpperExp<Self>where
Self: UpperExp,
fn fmt_upper_exp(self) -> FmtUpperExp<Self>where
Self: UpperExp,
self
to use its UpperExp
implementation when
Debug
-formatted.source§fn fmt_upper_hex(self) -> FmtUpperHex<Self>where
Self: UpperHex,
fn fmt_upper_hex(self) -> FmtUpperHex<Self>where
Self: UpperHex,
self
to use its UpperHex
implementation when
Debug
-formatted.source§impl<T> Pipe for Twhere
T: ?Sized,
impl<T> Pipe for Twhere
T: ?Sized,
source§fn pipe<R>(self, func: impl FnOnce(Self) -> R) -> Rwhere
Self: Sized,
fn pipe<R>(self, func: impl FnOnce(Self) -> R) -> Rwhere
Self: Sized,
source§fn pipe_ref<'a, R>(&'a self, func: impl FnOnce(&'a Self) -> R) -> Rwhere
R: 'a,
fn pipe_ref<'a, R>(&'a self, func: impl FnOnce(&'a Self) -> R) -> Rwhere
R: 'a,
self
and passes that borrow into the pipe function. Read moresource§fn pipe_ref_mut<'a, R>(&'a mut self, func: impl FnOnce(&'a mut Self) -> R) -> Rwhere
R: 'a,
fn pipe_ref_mut<'a, R>(&'a mut self, func: impl FnOnce(&'a mut Self) -> R) -> Rwhere
R: 'a,
self
and passes that borrow into the pipe function. Read moresource§fn pipe_borrow<'a, B, R>(&'a self, func: impl FnOnce(&'a B) -> R) -> R
fn pipe_borrow<'a, B, R>(&'a self, func: impl FnOnce(&'a B) -> R) -> R
source§fn pipe_borrow_mut<'a, B, R>(
&'a mut self,
func: impl FnOnce(&'a mut B) -> R
) -> R
fn pipe_borrow_mut<'a, B, R>( &'a mut self, func: impl FnOnce(&'a mut B) -> R ) -> R
source§fn pipe_as_ref<'a, U, R>(&'a self, func: impl FnOnce(&'a U) -> R) -> R
fn pipe_as_ref<'a, U, R>(&'a self, func: impl FnOnce(&'a U) -> R) -> R
self
, then passes self.as_ref()
into the pipe function.source§fn pipe_as_mut<'a, U, R>(&'a mut self, func: impl FnOnce(&'a mut U) -> R) -> R
fn pipe_as_mut<'a, U, R>(&'a mut self, func: impl FnOnce(&'a mut U) -> R) -> R
self
, then passes self.as_mut()
into the pipe
function.source§fn pipe_deref<'a, T, R>(&'a self, func: impl FnOnce(&'a T) -> R) -> R
fn pipe_deref<'a, T, R>(&'a self, func: impl FnOnce(&'a T) -> R) -> R
self
, then passes self.deref()
into the pipe function.source§impl<T> PipeAsRef for T
impl<T> PipeAsRef for T
source§impl<T> PipeBorrow for T
impl<T> PipeBorrow for T
source§impl<T> PipeDeref for T
impl<T> PipeDeref for T
source§impl<T> PipeRef for T
impl<T> PipeRef for T
source§impl<T> Tap for T
impl<T> Tap for T
source§fn tap_borrow<B>(self, func: impl FnOnce(&B)) -> Self
fn tap_borrow<B>(self, func: impl FnOnce(&B)) -> Self
Borrow<B>
of a value. Read moresource§fn tap_borrow_mut<B>(self, func: impl FnOnce(&mut B)) -> Self
fn tap_borrow_mut<B>(self, func: impl FnOnce(&mut B)) -> Self
BorrowMut<B>
of a value. Read moresource§fn tap_ref<R>(self, func: impl FnOnce(&R)) -> Self
fn tap_ref<R>(self, func: impl FnOnce(&R)) -> Self
AsRef<R>
view of a value. Read moresource§fn tap_ref_mut<R>(self, func: impl FnOnce(&mut R)) -> Self
fn tap_ref_mut<R>(self, func: impl FnOnce(&mut R)) -> Self
AsMut<R>
view of a value. Read moresource§fn tap_deref<T>(self, func: impl FnOnce(&T)) -> Self
fn tap_deref<T>(self, func: impl FnOnce(&T)) -> Self
Deref::Target
of a value. Read moresource§fn tap_deref_mut<T>(self, func: impl FnOnce(&mut T)) -> Self
fn tap_deref_mut<T>(self, func: impl FnOnce(&mut T)) -> Self
Deref::Target
of a value. Read moresource§fn tap_dbg(self, func: impl FnOnce(&Self)) -> Self
fn tap_dbg(self, func: impl FnOnce(&Self)) -> Self
.tap()
only in debug builds, and is erased in release builds.source§fn tap_mut_dbg(self, func: impl FnOnce(&mut Self)) -> Self
fn tap_mut_dbg(self, func: impl FnOnce(&mut Self)) -> Self
.tap_mut()
only in debug builds, and is erased in release
builds.source§fn tap_borrow_dbg<B>(self, func: impl FnOnce(&B)) -> Self
fn tap_borrow_dbg<B>(self, func: impl FnOnce(&B)) -> Self
.tap_borrow()
only in debug builds, and is erased in release
builds.source§fn tap_borrow_mut_dbg<B>(self, func: impl FnOnce(&mut B)) -> Self
fn tap_borrow_mut_dbg<B>(self, func: impl FnOnce(&mut B)) -> Self
.tap_borrow_mut()
only in debug builds, and is erased in release
builds.source§fn tap_ref_dbg<R>(self, func: impl FnOnce(&R)) -> Self
fn tap_ref_dbg<R>(self, func: impl FnOnce(&R)) -> Self
.tap_ref()
only in debug builds, and is erased in release
builds.source§fn tap_ref_mut_dbg<R>(self, func: impl FnOnce(&mut R)) -> Self
fn tap_ref_mut_dbg<R>(self, func: impl FnOnce(&mut R)) -> Self
.tap_ref_mut()
only in debug builds, and is erased in release
builds.source§fn tap_deref_dbg<T>(self, func: impl FnOnce(&T)) -> Self
fn tap_deref_dbg<T>(self, func: impl FnOnce(&T)) -> Self
.tap_deref()
only in debug builds, and is erased in release
builds.source§impl<T> Tap for T
impl<T> Tap for T
source§fn tap_dbg<F, R>(self, func: F) -> Self
fn tap_dbg<F, R>(self, func: F) -> Self
tap
in debug builds, and does nothing in release builds.source§fn tap_mut_dbg<F, R>(self, func: F) -> Self
fn tap_mut_dbg<F, R>(self, func: F) -> Self
tap_mut
in debug builds, and does nothing in release builds.source§impl<T, U> TapAsRef<U> for Twhere
U: ?Sized,
impl<T, U> TapAsRef<U> for Twhere
U: ?Sized,
source§fn tap_ref<F, R>(self, func: F) -> Self
fn tap_ref<F, R>(self, func: F) -> Self
source§fn tap_ref_dbg<F, R>(self, func: F) -> Self
fn tap_ref_dbg<F, R>(self, func: F) -> Self
tap_ref
in debug builds, and does nothing in release builds.source§fn tap_ref_mut<F, R>(self, func: F) -> Self
fn tap_ref_mut<F, R>(self, func: F) -> Self
source§impl<T, U> TapBorrow<U> for Twhere
U: ?Sized,
impl<T, U> TapBorrow<U> for Twhere
U: ?Sized,
source§fn tap_borrow<F, R>(self, func: F) -> Self
fn tap_borrow<F, R>(self, func: F) -> Self
source§fn tap_borrow_dbg<F, R>(self, func: F) -> Self
fn tap_borrow_dbg<F, R>(self, func: F) -> Self
tap_borrow
in debug builds, and does nothing in release builds.source§fn tap_borrow_mut<F, R>(self, func: F) -> Self
fn tap_borrow_mut<F, R>(self, func: F) -> Self
source§impl<T> TapDeref for T
impl<T> TapDeref for T
source§fn tap_deref_dbg<F, R>(self, func: F) -> Self
fn tap_deref_dbg<F, R>(self, func: F) -> Self
tap_deref
in debug builds, and does nothing in release builds.source§fn tap_deref_mut<F, R>(self, func: F) -> Self
fn tap_deref_mut<F, R>(self, func: F) -> Self
self
for modification.