aboutsummaryrefslogtreecommitdiff
path: root/client
diff options
context:
space:
mode:
authorKevin Lyda <kevin@ie.suberic.net>2017-01-27 08:42:30 +0000
committerNiall Sheridan <nsheridan@gmail.com>2017-01-27 08:42:30 +0000
commitfe53f90bf0c7fab6cbf5cb019a337e02c6b3ffbf (patch)
treecd7671eca3dbe23133864be719bb48cc0d361615 /client
parent450bee5d2e65d7a4e6de2e5d078f15163818c92b (diff)
Add a public_file_prefix option to cashier.conf
Allow the client to save the public key and public cert to files that start with public_file_prefix and end with .pub and -cert.pub respectively. This is the naming scheme the ssh IdentityFile config option supported for certs starting in version 5.4p1. Starting in version 7.2p1, an additional option, CertificateFile, was added, but the IdentityFile-only method with those names still works. Used in conjunction with a user's ~/.ssh/config file setting IdentitiesOnly and IdentityFile, this change will allow for multiple ssh CAs for different services. Note that this will resolve #49 .
Diffstat (limited to 'client')
-rw-r--r--client/client.go18
-rw-r--r--client/config.go8
2 files changed, 26 insertions, 0 deletions
diff --git a/client/client.go b/client/client.go
index 382c53d..e1fb98c 100644
--- a/client/client.go
+++ b/client/client.go
@@ -3,8 +3,10 @@ package client
import (
"bytes"
"crypto/tls"
+ "encoding/base64"
"encoding/json"
"fmt"
+ "io/ioutil"
"net/http"
"net/url"
"path"
@@ -16,6 +18,22 @@ import (
"golang.org/x/crypto/ssh/agent"
)
+// SavePublicFiles installs the public part of the cert and key.
+func SavePublicFiles(prefix string, cert *ssh.Certificate, pub ssh.PublicKey) error {
+ if prefix == "" {
+ return nil
+ }
+ pubTxt := ssh.MarshalAuthorizedKey(pub)
+ certPubTxt := []byte(cert.Type() + " " + base64.StdEncoding.EncodeToString(cert.Marshal()))
+
+ if err := ioutil.WriteFile(prefix+".pub", pubTxt, 0644); err != nil {
+ return err
+ }
+ err := ioutil.WriteFile(prefix+"-cert.pub", certPubTxt, 0644)
+
+ return err
+}
+
// InstallCert adds the private key and signed certificate to the ssh agent.
func InstallCert(a agent.Agent, cert *ssh.Certificate, key Key) error {
t := time.Unix(int64(cert.ValidBefore), 0)
diff --git a/client/config.go b/client/config.go
index 1cc9401..07bbb8c 100644
--- a/client/config.go
+++ b/client/config.go
@@ -1,6 +1,7 @@
package client
import (
+ "github.com/mitchellh/go-homedir"
"github.com/spf13/pflag"
"github.com/spf13/viper"
)
@@ -12,6 +13,7 @@ type Config struct {
Keysize int `mapstructure:"key_size"`
Validity string `mapstructure:"validity"`
ValidateTLSCertificate bool `mapstructure:"validate_tls_certificate"`
+ PublicFilePrefix string `mapstructure:"public_file_prefix"`
}
func setDefaults() {
@@ -19,6 +21,7 @@ func setDefaults() {
viper.BindPFlag("key_type", pflag.Lookup("key_type"))
viper.BindPFlag("key_size", pflag.Lookup("key_size"))
viper.BindPFlag("validity", pflag.Lookup("validity"))
+ viper.BindPFlag("public_file_prefix", pflag.Lookup("public_file_prefix"))
viper.SetDefault("validateTLSCertificate", true)
}
@@ -34,5 +37,10 @@ func ReadConfig(path string) (*Config, error) {
if err := viper.Unmarshal(c); err != nil {
return nil, err
}
+ p, err := homedir.Expand(c.PublicFilePrefix)
+ if err != nil {
+ return nil, err
+ }
+ c.PublicFilePrefix = p
return c, nil
}