diff options
Diffstat (limited to 'server/signer/signer.go')
-rw-r--r-- | server/signer/signer.go | 18 |
1 files changed, 18 insertions, 0 deletions
diff --git a/server/signer/signer.go b/server/signer/signer.go index 8169c11..0bff1c3 100644 --- a/server/signer/signer.go +++ b/server/signer/signer.go @@ -13,6 +13,8 @@ import ( "github.com/nsheridan/cashier/lib" "github.com/nsheridan/cashier/server/config" + "github.com/nsheridan/cashier/server/store" + "github.com/stripe/krl" "golang.org/x/crypto/ssh" ) @@ -51,6 +53,22 @@ func (s *KeySigner) SignUserKey(req *lib.SignRequest) (*ssh.Certificate, error) return cert, nil } +// GenerateRevocationList returns an SSH key revocation list (KRL). +func (s *KeySigner) GenerateRevocationList(certs []*store.CertRecord) ([]byte, error) { + revoked := &krl.KRLCertificateSection{ + CA: s.ca.PublicKey(), + } + ids := krl.KRLCertificateKeyID{} + for _, c := range certs { + ids = append(ids, c.KeyID) + } + revoked.Sections = append(revoked.Sections, &ids) + k := &krl.KRL{ + Sections: []krl.KRLSection{revoked}, + } + return k.Marshal(rand.Reader) +} + func makeperms(perms []string) map[string]string { if len(perms) > 0 { m := make(map[string]string) |