diff options
author | Niall Sheridan <nsheridan@gmail.com> | 2016-06-19 23:44:25 +0100 |
---|---|---|
committer | Niall Sheridan <nsheridan@gmail.com> | 2016-07-03 18:01:24 +0100 |
commit | dee5a19d36554a8f9a365efd65d13b134889bf63 (patch) | |
tree | 41103a2d3665d604fe22dcd16d110ed56c466f6d /server/store/store.go | |
parent | 6e7dfa0df6b102219817e26095f2ba636cd9288c (diff) |
first pass at a certificate store
Diffstat (limited to 'server/store/store.go')
-rw-r--r-- | server/store/store.go | 39 |
1 files changed, 39 insertions, 0 deletions
diff --git a/server/store/store.go b/server/store/store.go new file mode 100644 index 0000000..ad4922a --- /dev/null +++ b/server/store/store.go @@ -0,0 +1,39 @@ +package store + +import ( + "golang.org/x/crypto/ssh" + + "github.com/nsheridan/cashier/server/certutil" +) + +// CertStorer records issued certs in a persistent store for audit and +// revocation purposes. +type CertStorer interface { + Get(id string) (*CertRecord, error) + SetCert(cert *ssh.Certificate) error + SetRecord(record *CertRecord) error + List() ([]*CertRecord, error) + Revoke(id string) error + GetRevoked() ([]*CertRecord, error) + Close() error +} + +// A CertRecord is a representation of a ssh certificate used by a CertStorer. +type CertRecord struct { + KeyID string + Principals []string + CreatedAt uint64 + Expires uint64 + Revoked bool + Raw string +} + +func parseCertificate(cert *ssh.Certificate) *CertRecord { + return &CertRecord{ + KeyID: cert.KeyId, + Principals: cert.ValidPrincipals, + CreatedAt: cert.ValidAfter, + Expires: cert.ValidBefore, + Raw: certutil.GetPublicKey(cert), + } +} |