From 1fd3ac5d3ae341f194f87e57a50817c8b965b0d6 Mon Sep 17 00:00:00 2001
From: Niall Sheridan <nsheridan@gmail.com>
Date: Thu, 2 Jun 2016 21:55:35 +0100
Subject: Set an expiry on keys added to the agent

---
 cmd/cashier/main.go | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/cmd/cashier/main.go b/cmd/cashier/main.go
index 768ebcd..3a34108 100644
--- a/cmd/cashier/main.go
+++ b/cmd/cashier/main.go
@@ -31,10 +31,12 @@ var (
 )
 
 func installCert(a agent.Agent, cert *ssh.Certificate, key key) error {
+	lifetime := time.Unix(int64(cert.ValidBefore), 0).Sub(time.Now()).Seconds()
 	pubcert := agent.AddedKey{
-		PrivateKey:  key,
-		Certificate: cert,
-		Comment:     cert.KeyId,
+		PrivateKey:   key,
+		Certificate:  cert,
+		Comment:      cert.KeyId,
+		LifetimeSecs: uint32(lifetime),
 	}
 	if err := a.Add(pubcert); err != nil {
 		return fmt.Errorf("error importing certificate: %s", err)
-- 
cgit v1.2.3


From 5fcb82c2b1938f696372d11b31145ddb36e5ed94 Mon Sep 17 00:00:00 2001
From: Niall Sheridan <nsheridan@gmail.com>
Date: Mon, 6 Jun 2016 14:46:47 +0100
Subject: Update agent package

Added support for certificate lifetimes
---
 vendor/golang.org/x/crypto/ssh/agent/client.go | 29 ++++++++++++++------------
 vendor/vendor.json                             |  6 +++---
 2 files changed, 19 insertions(+), 16 deletions(-)

diff --git a/vendor/golang.org/x/crypto/ssh/agent/client.go b/vendor/golang.org/x/crypto/ssh/agent/client.go
index 11d3094..6d1dca5 100644
--- a/vendor/golang.org/x/crypto/ssh/agent/client.go
+++ b/vendor/golang.org/x/crypto/ssh/agent/client.go
@@ -580,25 +580,28 @@ func (c *client) insertCert(s interface{}, cert *ssh.Certificate, comment string
 		})
 	case *dsa.PrivateKey:
 		req = ssh.Marshal(dsaCertMsg{
-			Type:      cert.Type(),
-			CertBytes: cert.Marshal(),
-			X:         k.X,
-			Comments:  comment,
+			Type:        cert.Type(),
+			CertBytes:   cert.Marshal(),
+			X:           k.X,
+			Comments:    comment,
+			Constraints: constraints,
 		})
 	case *ecdsa.PrivateKey:
 		req = ssh.Marshal(ecdsaCertMsg{
-			Type:      cert.Type(),
-			CertBytes: cert.Marshal(),
-			D:         k.D,
-			Comments:  comment,
+			Type:        cert.Type(),
+			CertBytes:   cert.Marshal(),
+			D:           k.D,
+			Comments:    comment,
+			Constraints: constraints,
 		})
 	case ed25519.PrivateKey:
 		req = ssh.Marshal(ed25519CertMsg{
-			Type:      cert.Type(),
-			CertBytes: cert.Marshal(),
-			Pub:       []byte(k)[32:],
-			Priv:      []byte(k),
-			Comments:  comment,
+			Type:        cert.Type(),
+			CertBytes:   cert.Marshal(),
+			Pub:         []byte(k)[32:],
+			Priv:        []byte(k),
+			Comments:    comment,
+			Constraints: constraints,
 		})
 	default:
 		return fmt.Errorf("agent: unsupported key type %T", s)
diff --git a/vendor/vendor.json b/vendor/vendor.json
index 9e4593f..6752bc9 100644
--- a/vendor/vendor.json
+++ b/vendor/vendor.json
@@ -204,10 +204,10 @@
 			"revisionTime": "2016-05-16T23:05:56Z"
 		},
 		{
-			"checksumSHA1": "SEz1b89e679TV/nkIHlu49H5wTM=",
+			"checksumSHA1": "EcKMEjHXZnW85PGnmiVGLknf8HU=",
 			"path": "golang.org/x/crypto/ssh/agent",
-			"revision": "5bcd134fee4dd1475da17714aac19c0aa0142e2f",
-			"revisionTime": "2016-05-16T23:05:56Z"
+			"revision": "89d9e62992539701a49a19c52ebb33e84cbbe80f",
+			"revisionTime": "2016-06-03T20:06:38Z"
 		},
 		{
 			"checksumSHA1": "9jjO5GjLa0XF/nfWihF02RoH4qc=",
-- 
cgit v1.2.3