signer

package
v0.0.8 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jan 17, 2023 License: MIT Imports: 31 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source
var Log *logrus.Entry

Functions

func NewAlgorithmSignerFromSigner

func NewAlgorithmSignerFromSigner(signer crypto.Signer, algorithm string) (ssh.Signer, error)

NewAlgorithmSignerFromSigner returns a ssh.Signer with a different default algorithm. Waiting for upstream changes to x/crypto/ssh, see: https://github.com/golang/go/issues/36261

func SignCertificateAWS

func SignCertificateAWS(publicKey ssh.PublicKey, token string, forceCommand string, region string, c *config.SSHrimp) (*ssh.Certificate, error)

SignCertificateAWS given a public key, identity token and forceCommand, invoke the sshrimp-ca lambda function

func SignCertificateAllRegions

func SignCertificateAllRegions(publicKey ssh.PublicKey, token string, forceCommand string, c *config.SSHrimp) (*ssh.Certificate, error)

SignCertificateAllRegions iterate through each configured region if there is an error signing the certificate

func SignCertificateGCP

func SignCertificateGCP(publicKey ssh.PublicKey, token string, forceCommand string, region string, c *config.SSHrimp) (*ssh.Certificate, error)

SignCertificateGCP given a public key, identity token and forceCommand, invoke the sshrimp-ca GCP function

func ValidateRequest

func ValidateRequest(event SSHrimpEvent, c *config.SSHrimp, requestID string, functionID string) (ssh.Certificate, error)

Types

type AWSSigner

type AWSSigner struct {
	crypto.Signer
	// contains filtered or unexported fields
}

KMSSigner an AWS asymetric crypto signer

func NewAWSSigner

func NewAWSSigner(key string) *AWSSigner

NewKMSSigner return a new instsance of AWSSigner

func (*AWSSigner) Public

func (s *AWSSigner) Public() crypto.PublicKey

Public returns the public key from KMS

func (*AWSSigner) Sign

func (s *AWSSigner) Sign(rand io.Reader, digest []byte, opts crypto.SignerOpts) ([]byte, error)

Sign a digest with the private key in KMS

type GCPSigner

type GCPSigner struct {
	crypto.Signer
	// contains filtered or unexported fields
}

GCPSigner a GCP asymetric crypto signer

func NewGCPSSigner

func NewGCPSSigner(key string) *GCPSigner

NewGCPSSigner return a new instsance of NewGCPSSigner

func (*GCPSigner) Public

func (s *GCPSigner) Public() crypto.PublicKey

Public returns the public key from KMS

func (*GCPSigner) Sign

func (s *GCPSigner) Sign(rand io.Reader, digest []byte, opts crypto.SignerOpts) ([]byte, error)

Sign a digest with the private key in KMS

type SSHrimpEvent

type SSHrimpEvent struct {
	PublicKey     string `json:"publickey"`
	Token         string `json:"token"`
	SourceAddress string `json:"sourceaddress"`
	ForceCommand  string `json:"forcecommand"`
}

SSHrimpEvent encodes the user input for the sshrimp-ca lambda

type SSHrimpResult

type SSHrimpResult struct {
	Certificate  string `json:"certificate"`
	ErrorMessage string `json:"errorMessage"`
	ErrorType    string `json:"errorType"`
}

SSHrimpResult encodes the payload format returned from the sshrimp-ca lambda

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL