/
defaultca.go
103 lines (86 loc) · 3.56 KB
/
defaultca.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
package ca
import (
"crypto/rand"
"fmt"
"io"
"math/big"
"math/bits"
"golang.org/x/crypto/ssh"
)
// DefaultCA is a default model implementation of the CA interface.
type DefaultCA struct {
HostSigner ssh.Signer
UserSigner ssh.Signer
RefreshSigners func(*DefaultCA) error
HostCertsMaxValidity uint64
UserCertsMaxValidity uint64
}
// RandomProvider implementation of the CA interface for DefaultCA
func (c *DefaultCA) RandomProvider() (io.Reader, error) {
return DefaultCARandomProvider()
}
// RefreshKeys implementation of the CA interface for DefaultCA
func (c *DefaultCA) RefreshKeys() error {
return DefaultCARefreshKeys(c)
}
// SignCert implementation of the CA interface for DefaultCA
func (c *DefaultCA) SignCert(csr CSR) (*ssh.Certificate, error) {
return SignCert(c, csr)
}
// GetHostCertSigner implementation of the CA interface for DefaultCA
func (c *DefaultCA) GetHostCertSigner(CSR) (ssh.Signer, error) {
return DefaultCAGetHostCertSigner(c)
}
// GetUserCertSigner implementation of the CA interface for DefaultCA
func (c *DefaultCA) GetUserCertSigner(CSR) (ssh.Signer, error) {
return DefaultCAGetUserCertSigner(c)
}
// CertSerialGenerator implementation of the CA interface for DefaultCA
func (c *DefaultCA) CertSerialGenerator() func(CSR) (uint64, error) {
return DefaultCACertSerialGenerator()
}
// GetCAMaxValidityForHostCertificates implementation for DefaultCA
func (c *DefaultCA) GetCAMaxValidityForHostCertificates() uint64 {
return DefaultCAMaxValidityForCertificates(c.HostCertsMaxValidity)
}
// GetCAMaxValidityForUserCertificates implementation for DefaultCA
func (c *DefaultCA) GetCAMaxValidityForUserCertificates() uint64 {
return DefaultCAMaxValidityForCertificates(c.UserCertsMaxValidity)
}
// DefaultCARefreshKeys is a helper implementation of RefreshKeys provided
// for the benefit of CA implementations modeled after DefaultCA using an alias type definition
func DefaultCARefreshKeys(c *DefaultCA) error {
return c.RefreshSigners(c)
}
// DefaultCAGetHostCertSigner is a helper implementation of GetHostCertSigner provided
// for the benefit of CA implementations modeled after DefaultCA using an alias type definition
func DefaultCAGetHostCertSigner(c *DefaultCA) (ssh.Signer, error) {
return c.HostSigner, nil
}
// DefaultCAGetUserCertSigner is a helper implementation of GetUserCertSigner provided
// for the benefit of CA implementations modeled after DefaultCA using an alias type definition
func DefaultCAGetUserCertSigner(c *DefaultCA) (ssh.Signer, error) {
return c.UserSigner, nil
}
// DefaultCARandomProvider is a helper implementation of RandomProvider provided
// for the benefit of CA implementations modeled after DefaultCA using an alias type definition
func DefaultCARandomProvider() (io.Reader, error) {
return rand.Reader, nil
}
// DefaultCACertSerialGenerator is a helper implementation of CertSerialGenerator provided
// for the benefit of CA implementations modeled after DefaultCA using an alias type definition
func DefaultCACertSerialGenerator() func(CSR) (uint64, error) {
fn := func(csr CSR) (uint64, error) {
randomInt, err := rand.Int(rand.Reader, big.NewInt(bits.UintSize))
if err != nil {
return 0, fmt.Errorf("Failed to generate a Serial number for the certificate")
}
return randomInt.Uint64(), nil
}
return fn
}
// DefaultCAMaxValidityForCertificates is a helper implementation of CAMaxValidityForCertificates provided
// for the benefit of CA implementations modeled after DefaultCA using an alias type definition
func DefaultCAMaxValidityForCertificates(seconds uint64) uint64 {
return seconds
}