mirror of
https://github.com/edgelesssys/constellation.git
synced 2025-08-02 20:16:15 -04:00
feat: use SSH host certificates (#3786)
This commit is contained in:
parent
95f17a6d06
commit
7ea5c41f9b
34 changed files with 706 additions and 117 deletions
|
@ -17,6 +17,7 @@ import (
|
|||
"fmt"
|
||||
"io"
|
||||
"math/big"
|
||||
"time"
|
||||
|
||||
"golang.org/x/crypto/hkdf"
|
||||
"golang.org/x/crypto/ssh"
|
||||
|
@ -77,6 +78,28 @@ func GenerateEmergencySSHCAKey(seed []byte) (ssh.Signer, error) {
|
|||
return ca, nil
|
||||
}
|
||||
|
||||
// GenerateSSHHostCertificate takes a given public key and CA to generate a host certificate.
|
||||
func GenerateSSHHostCertificate(principals []string, publicKey ssh.PublicKey, ca ssh.Signer) (*ssh.Certificate, error) {
|
||||
certificate := ssh.Certificate{
|
||||
CertType: ssh.HostCert,
|
||||
ValidPrincipals: principals,
|
||||
ValidAfter: uint64(time.Now().Unix()),
|
||||
ValidBefore: ssh.CertTimeInfinity,
|
||||
Reserved: []byte{},
|
||||
Key: publicKey,
|
||||
KeyId: principals[0],
|
||||
Permissions: ssh.Permissions{
|
||||
CriticalOptions: map[string]string{},
|
||||
Extensions: map[string]string{},
|
||||
},
|
||||
}
|
||||
if err := certificate.SignCert(rand.Reader, ca); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
return &certificate, nil
|
||||
}
|
||||
|
||||
// PemToX509Cert takes a list of PEM-encoded certificates, parses the first one and returns it
|
||||
// as an x.509 certificate.
|
||||
func PemToX509Cert(raw []byte) (*x509.Certificate, error) {
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue