Updated documentation to include newer additions

README.md

@@ -2,8 +2,6 @@
 
 Python package for managing OpenSSH keypairs and certificates ([protocol.CERTKEYS](https://github.com/openssh/openssh-portable/blob/master/PROTOCOL.certkeys)). Supported functionality includes:
 
-[TOC]
-
 # Features
 ### SSH Keys
 - Supports RSA, DSA, ECDSA and ED25519 keys
@@ -168,7 +166,7 @@ The original OpenSSH certificate format is a block of parameters, encoded and pa
 |Key ID|string(variable)|key_id|someuser@somehost|Free-form text field that is filled in by the CA at the time of signing; the intention is that the contents of this field are used to identify the identity principal in log messages.|
 |Valid Principals|List(string(variable))|principals|['some-user', 'some-group', production-webservers']|These principals list the names for which this certificate is valid hostnames for SSH_CERT_TYPE_HOST certificates and usernames for  SH_CERT_TYPE_USER certificates. As a special case, a zero-length "valid principals" field means the certificate is valid for any principal of the specified type.|
 |Valid After|Timestamp|valid_after|datetime.now()|Timestamp for the start of the validity period for the certificate|
-|Valid Before|Timestamp|valid_before|datetime.now()+timedelta(hours=8) or 1658322031|Timestamp for the end of the validity period for the certificate. Needs to be larger than valid_after|
+|Valid Before|Timestamp|valid_before|datetime.now()+timedelta(hours=8) or 1658322031|Timestamp for the end of the validity period for the certificate. Needs to be larger than valid_after, can be a string (ex. 2d, 2w, 1h4m, 99d) or forever (MAX_INT64)|
 |Critical Options|Dict(string, string)|critical_options|[]|Zero or more of the available critical options (see below)|
 |Extensions|Dict(string, string)/List/Tuple/Set|extensions|[]|Zero or more of the available extensions (see below)|
 

docs/cert.html

@@ -275,6 +275,7 @@ <h2 id="raises">Raises</h2>
     &#34;&#34;&#34;
 
     DEFAULT_KEY_TYPE = &#34;[email protected]&#34;
+
     # pylint: disable=too-many-arguments
     def __init__(
         self,
@@ -1898,6 +1899,7 @@ <h3>Inherited members</h3>
     &#34;&#34;&#34;
 
     DEFAULT_KEY_TYPE = &#34;[email protected]&#34;
+
     # pylint: disable=too-many-arguments
     def __init__(
         self,

docs/fields.html

@@ -66,6 +66,7 @@ <h1 class="title">Module <code>sshkey_tools.fields</code></h1>
     long_to_bytes,
     random_keyid,
     random_serial,
+    str_to_timedelta,
 )
 
 NoneType = type(None)
@@ -469,21 +470,38 @@ <h1 class="title">Module <code>sshkey_tools.fields</code></h1>
     The value is saved as a 64-bit integer (unix timestamp)
     &#34;&#34;&#34;
 
-    DATA_TYPE = (datetime, int)
+    DATA_TYPE = (datetime, int, str)
     DEFAULT = datetime.now
 
     @classmethod
-    def encode(cls, value: Union[datetime, int]) -&gt; bytes:
-        &#34;&#34;&#34;Encodes a datetime object to a byte string
+    def encode(cls, value: Union[datetime, int, str]) -&gt; bytes:
+        &#34;&#34;&#34;Encodes a datetime object, integer or time string to a byte string
+           Time strings are parsed with pytimeparse2, for example:
+            32m
+            2h32m
+            3d2h32m
+            1w3d2h32m
+            1w 3d 2h 32m
+            1 w 3 d 2 h 32 m
+            4:13
+            4:13:02
+            4:13:02.266
+            forever (Returns as MAX_INT64)
 
         Args:
-            value (datetime): Datetime object
+            value (datetime, int, str): Datetime object
 
         Returns:
             bytes: Packed byte string containing datetime timestamp
         &#34;&#34;&#34;
         cls.__validate_type__(value, True)
 
+        if isinstance(value, str):
+            if value == &#34;forever&#34;:
+                return Integer64Field.encode(MAX_INT64)
+
+            value = int(datetime.now() + str_to_timedelta(value))
+
         if isinstance(value, datetime):
             value = int(value.timestamp())
 
@@ -754,8 +772,8 @@ <h1 class="title">Module <code>sshkey_tools.fields</code></h1>
 
         if ensure_string(self.value) not in self.ALLOWED_VALUES:
             return _EX.InvalidFieldDataException(
-                &#34;Expected one of the following values: &#34; +
-                NEWLINE.join(self.ALLOWED_VALUES)
+                &#34;Expected one of the following values: &#34;
+                + NEWLINE.join(self.ALLOWED_VALUES)
             )
 
         return True
@@ -2847,21 +2865,38 @@ <h3>Inherited members</h3>
     The value is saved as a 64-bit integer (unix timestamp)
     &#34;&#34;&#34;
 
-    DATA_TYPE = (datetime, int)
+    DATA_TYPE = (datetime, int, str)
     DEFAULT = datetime.now
 
     @classmethod
-    def encode(cls, value: Union[datetime, int]) -&gt; bytes:
-        &#34;&#34;&#34;Encodes a datetime object to a byte string
+    def encode(cls, value: Union[datetime, int, str]) -&gt; bytes:
+        &#34;&#34;&#34;Encodes a datetime object, integer or time string to a byte string
+           Time strings are parsed with pytimeparse2, for example:
+            32m
+            2h32m
+            3d2h32m
+            1w3d2h32m
+            1w 3d 2h 32m
+            1 w 3 d 2 h 32 m
+            4:13
+            4:13:02
+            4:13:02.266
+            forever (Returns as MAX_INT64)
 
         Args:
-            value (datetime): Datetime object
+            value (datetime, int, str): Datetime object
 
         Returns:
             bytes: Packed byte string containing datetime timestamp
         &#34;&#34;&#34;
         cls.__validate_type__(value, True)
 
+        if isinstance(value, str):
+            if value == &#34;forever&#34;:
+                return Integer64Field.encode(MAX_INT64)
+
+            value = int(datetime.now() + str_to_timedelta(value))
+
         if isinstance(value, datetime):
             value = int(value.timestamp())
 
@@ -2944,13 +2979,24 @@ <h2 id="returns">Returns</h2>
 </details>
 </dd>
 <dt id="sshkey_tools.fields.DateTimeField.encode"><code class="name flex">
-<span>def <span class="ident">encode</span></span>(<span>value: Union[datetime.datetime, int]) ‑> bytes</span>
+<span>def <span class="ident">encode</span></span>(<span>value: Union[datetime.datetime, int, str]) ‑> bytes</span>
 </code></dt>
 <dd>
-<div class="desc"><p>Encodes a datetime object to a byte string</p>
+<div class="desc"><p>Encodes a datetime object, integer or time string to a byte string
+Time strings are parsed with pytimeparse2, for example:
+32m
+2h32m
+3d2h32m
+1w3d2h32m
+1w 3d 2h 32m
+1 w 3 d 2 h 32 m
+4:13
+4:13:02
+4:13:02.266
+forever (Returns as MAX_INT64)</p>
 <h2 id="args">Args</h2>
 <dl>
-<dt><strong><code>value</code></strong> :&ensp;<code>datetime</code></dt>
+<dt><strong><code>value</code></strong> :&ensp;<code>datetime, int, str</code></dt>
 <dd>Datetime object</dd>
 </dl>
 <h2 id="returns">Returns</h2>
@@ -2963,17 +3009,34 @@ <h2 id="returns">Returns</h2>
 <span>Expand source code</span>
 </summary>
 <pre><code class="python">@classmethod
-def encode(cls, value: Union[datetime, int]) -&gt; bytes:
-    &#34;&#34;&#34;Encodes a datetime object to a byte string
+def encode(cls, value: Union[datetime, int, str]) -&gt; bytes:
+    &#34;&#34;&#34;Encodes a datetime object, integer or time string to a byte string
+       Time strings are parsed with pytimeparse2, for example:
+        32m
+        2h32m
+        3d2h32m
+        1w3d2h32m
+        1w 3d 2h 32m
+        1 w 3 d 2 h 32 m
+        4:13
+        4:13:02
+        4:13:02.266
+        forever (Returns as MAX_INT64)
 
     Args:
-        value (datetime): Datetime object
+        value (datetime, int, str): Datetime object
 
     Returns:
         bytes: Packed byte string containing datetime timestamp
     &#34;&#34;&#34;
     cls.__validate_type__(value, True)
 
+    if isinstance(value, str):
+        if value == &#34;forever&#34;:
+            return Integer64Field.encode(MAX_INT64)
+
+        value = int(datetime.now() + str_to_timedelta(value))
+
     if isinstance(value, datetime):
         value = int(value.timestamp())
 
@@ -5513,8 +5576,8 @@ <h3>Inherited members</h3>
 
         if ensure_string(self.value) not in self.ALLOWED_VALUES:
             return _EX.InvalidFieldDataException(
-                &#34;Expected one of the following values: &#34; +
-                NEWLINE.join(self.ALLOWED_VALUES)
+                &#34;Expected one of the following values: &#34;
+                + NEWLINE.join(self.ALLOWED_VALUES)
             )
 
         return True</code></pre>

docs/index.html

@@ -24,48 +24,6 @@ <h1 class="title">Package <code>sshkey_tools</code></h1>
 <section id="section-intro">
 <h1 id="sshkey-tools">sshkey-tools</h1>
 <p>Python package for managing OpenSSH keypairs and certificates (<a href="https://github.com/openssh/openssh-portable/blob/master/PROTOCOL.certkeys">protocol.CERTKEYS</a>). Supported functionality includes:</p>
-<div class="toc">
-<ul>
-<li><a href="#sshkey-tools">sshkey-tools</a></li>
-<li><a href="#features">Features</a><ul>
-<li><a href="#ssh-keys">SSH Keys</a></li>
-<li><a href="#openssh-certificates">OpenSSH Certificates</a></li>
-</ul>
-</li>
-<li><a href="#roadmap">Roadmap</a></li>
-<li><a href="#installation">Installation</a><ul>
-<li><a href="#with-pip">With pip</a></li>
-<li><a href="#from-source">From source</a></li>
-</ul>
-</li>
-<li><a href="#documentation">Documentation</a><ul>
-<li><a href="#ssh-keypairs-generating-loading-exporting">SSH Keypairs (generating, loading, exporting)</a></li>
-<li><a href="#ssh-key-signatures">SSH Key Signatures</a></li>
-<li><a href="#openssh-certificates_1">OpenSSH Certificates</a><ul>
-<li><a href="#introduction">Introduction</a></li>
-<li><a href="#structure">Structure</a></li>
-<li><a href="#certificate-header">Certificate Header</a></li>
-<li><a href="#certificate-fields">Certificate Fields</a><ul>
-<li><a href="#critical-options">Critical Options</a></li>
-<li><a href="#extensions">Extensions</a></li>
-</ul>
-</li>
-<li><a href="#certificate-body">Certificate Body</a></li>
-</ul>
-</li>
-<li><a href="#creating-signing-and-verifying-certificates">Creating, signing and verifying certificates</a></li>
-<li><a href="#loading-re-creating-and-verifying-existing-certificates">Loading, re-creating and verifying existing certificates</a></li>
-<li><a href="#changelog">Changelog</a><ul>
-<li><a href="#09">0.9</a></li>
-<li><a href="#082">0.8.2</a></li>
-<li><a href="#081">0.8.1</a></li>
-<li><a href="#08">0.8</a></li>
-</ul>
-</li>
-</ul>
-</li>
-</ul>
-</div>
 <h1 id="features">Features</h1>
 <h3 id="ssh-keys">SSH Keys</h3>
 <ul>
@@ -292,7 +250,7 @@ <h3 id="certificate-fields">Certificate Fields</h3>
 <td>Timestamp</td>
 <td>valid_before</td>
 <td>datetime.now()+timedelta(hours=8) or 1658322031</td>
-<td>Timestamp for the end of the validity period for the certificate. Needs to be larger than valid_after</td>
+<td>Timestamp for the end of the validity period for the certificate. Needs to be larger than valid_after, can be a string (ex. 2d, 2w, 1h4m, 99d) or forever (MAX_INT64)</td>
 </tr>
 <tr>
 <td>Critical Options</td>

docs/keys.html

@@ -146,7 +146,7 @@ <h1 class="title">Module <code>sshkey_tools.keys</code></h1>
     &#34;&#34;&#34;
 
     def __init__(
-        self, key: PrivkeyClasses = None, comment: Union[str, bytes] = None, **kwargs
+        self, key: PrivkeyClasses = None, comment: Union[str, bytes] = &#34;&#34;, **kwargs
     ) -&gt; None:
         self.key = key
         self.comment = comment
@@ -2867,7 +2867,7 @@ <h2 id="returns">Returns</h2>
 </dd>
 <dt id="sshkey_tools.keys.PublicKey"><code class="flex name class">
 <span>class <span class="ident">PublicKey</span></span>
-<span>(</span><span>key: Union[cryptography.hazmat.primitives.asymmetric.rsa.RSAPrivateKey, cryptography.hazmat.primitives.asymmetric.dsa.DSAPrivateKey, cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePrivateKey, cryptography.hazmat.primitives.asymmetric.ed25519.Ed25519PrivateKey] = None, comment: Union[str, bytes] = None, **kwargs)</span>
+<span>(</span><span>key: Union[cryptography.hazmat.primitives.asymmetric.rsa.RSAPrivateKey, cryptography.hazmat.primitives.asymmetric.dsa.DSAPrivateKey, cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePrivateKey, cryptography.hazmat.primitives.asymmetric.ed25519.Ed25519PrivateKey] = None, comment: Union[str, bytes] = '', **kwargs)</span>
 </code></dt>
 <dd>
 <div class="desc"><p>Class for handling SSH public keys</p></div>
@@ -2881,7 +2881,7 @@ <h2 id="returns">Returns</h2>
     &#34;&#34;&#34;
 
     def __init__(
-        self, key: PrivkeyClasses = None, comment: Union[str, bytes] = None, **kwargs
+        self, key: PrivkeyClasses = None, comment: Union[str, bytes] = &#34;&#34;, **kwargs
     ) -&gt; None:
         self.key = key
         self.comment = comment