signer

package

v0.0.0-...-e030cbd Latest Latest Go to latest Published: Jul 20, 2021 License: MIT Imports: 19 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/gazzenger/sshrimp

Links

Open Source Insights

Documentation ¶

Index ¶

func DecodeAndReturnUsernameClaim(jwt string, usernameClaim string) string
func NewAlgorithmSignerFromSigner(signer crypto.Signer, algorithm string) (ssh.Signer, error)
func SignCertificateAllRegions(publicKey ssh.PublicKey, token string, forceCommand string, c *config.SSHrimp) (*ssh.Certificate, error)
func SignCertificateOneRegion(publicKey ssh.PublicKey, token string, forceCommand string, region string, ...) (*ssh.Certificate, error)
type KMSSigner
- func NewKMSSigner(key string) *KMSSigner
- func (s *KMSSigner) Public() crypto.PublicKey
- func (s *KMSSigner) Sign(rand io.Reader, digest []byte, opts crypto.SignerOpts) ([]byte, error)
type SSHrimpEvent
type SSHrimpResult

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func DecodeAndReturnUsernameClaim ¶

func DecodeAndReturnUsernameClaim(jwt string, usernameClaim string) string

used to decode the JWT payload, and return the value from the usernameClaim

func NewAlgorithmSignerFromSigner ¶

func NewAlgorithmSignerFromSigner(signer crypto.Signer, algorithm string) (ssh.Signer, error)

NewAlgorithmSignerFromSigner returns a ssh.Signer with a different default algorithm. Waiting for upstream changes to x/crypto/ssh, see: https://github.com/golang/go/issues/36261

func SignCertificateAllRegions ¶

func SignCertificateAllRegions(publicKey ssh.PublicKey, token string, forceCommand string, c *config.SSHrimp) (*ssh.Certificate, error)

SignCertificateAllRegions iterate through each configured region if there is an error signing the certificate

func SignCertificateOneRegion ¶

func SignCertificateOneRegion(publicKey ssh.PublicKey, token string, forceCommand string, region string, c *config.SSHrimp) (*ssh.Certificate, error)

SignCertificateOneRegion given a public key, identity token and forceCommand, invoke the sshrimp-ca lambda function

Types ¶

type KMSSigner ¶

type KMSSigner struct {
	crypto.Signer
	// contains filtered or unexported fields
}

KMSSigner an AWS asymetric crypto signer

func NewKMSSigner ¶

func NewKMSSigner(key string) *KMSSigner

NewKMSSigner return a new instsance of KMSSigner

func (*KMSSigner) Public ¶

func (s *KMSSigner) Public() crypto.PublicKey

Public returns the public key from KMS

func (*KMSSigner) Sign ¶

func (s *KMSSigner) Sign(rand io.Reader, digest []byte, opts crypto.SignerOpts) ([]byte, error)

Sign a digest with the private key in KMS

type SSHrimpEvent ¶

type SSHrimpEvent struct {
	PublicKey     string `json:"publickey"`
	Token         string `json:"token"`
	SourceAddress string `json:"sourceaddress"`
	ForceCommand  string `json:"forcecommand"`
}

SSHrimpEvent encodes the user input for the sshrimp-ca lambda

type SSHrimpResult ¶

type SSHrimpResult struct {
	Certificate  string `json:"certificate"`
	ErrorMessage string `json:"errorMessage"`
	ErrorType    string `json:"errorType"`
}

SSHrimpResult encodes the payload format returned from the sshrimp-ca lambda

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL