diff options
| author | Kevin Lyda <kevin@ie.suberic.net> | 2017-01-27 08:42:30 +0000 |
|---|---|---|
| committer | Niall Sheridan <nsheridan@gmail.com> | 2017-01-27 08:42:30 +0000 |
| commit | fe53f90bf0c7fab6cbf5cb019a337e02c6b3ffbf (patch) | |
| tree | cd7671eca3dbe23133864be719bb48cc0d361615 /client | |
| parent | 450bee5d2e65d7a4e6de2e5d078f15163818c92b (diff) | |
Add a public_file_prefix option to cashier.conf
Allow the client to save the public key and public cert to files
that start with public_file_prefix and end with .pub and -cert.pub
respectively.
This is the naming scheme the ssh IdentityFile config option supported
for certs starting in version 5.4p1. Starting in version 7.2p1, an
additional option, CertificateFile, was added, but the IdentityFile-only
method with those names still works.
Used in conjunction with a user's ~/.ssh/config file setting
IdentitiesOnly and IdentityFile, this change will allow for multiple
ssh CAs for different services.
Note that this will resolve #49 .
Diffstat (limited to 'client')
| -rw-r--r-- | client/client.go | 18 | ||||
| -rw-r--r-- | client/config.go | 8 |
2 files changed, 26 insertions, 0 deletions
diff --git a/client/client.go b/client/client.go index 382c53d..e1fb98c 100644 --- a/client/client.go +++ b/client/client.go @@ -3,8 +3,10 @@ package client import ( "bytes" "crypto/tls" + "encoding/base64" "encoding/json" "fmt" + "io/ioutil" "net/http" "net/url" "path" @@ -16,6 +18,22 @@ import ( "golang.org/x/crypto/ssh/agent" ) +// SavePublicFiles installs the public part of the cert and key. +func SavePublicFiles(prefix string, cert *ssh.Certificate, pub ssh.PublicKey) error { + if prefix == "" { + return nil + } + pubTxt := ssh.MarshalAuthorizedKey(pub) + certPubTxt := []byte(cert.Type() + " " + base64.StdEncoding.EncodeToString(cert.Marshal())) + + if err := ioutil.WriteFile(prefix+".pub", pubTxt, 0644); err != nil { + return err + } + err := ioutil.WriteFile(prefix+"-cert.pub", certPubTxt, 0644) + + return err +} + // InstallCert adds the private key and signed certificate to the ssh agent. func InstallCert(a agent.Agent, cert *ssh.Certificate, key Key) error { t := time.Unix(int64(cert.ValidBefore), 0) diff --git a/client/config.go b/client/config.go index 1cc9401..07bbb8c 100644 --- a/client/config.go +++ b/client/config.go @@ -1,6 +1,7 @@ package client import ( + "github.com/mitchellh/go-homedir" "github.com/spf13/pflag" "github.com/spf13/viper" ) @@ -12,6 +13,7 @@ type Config struct { Keysize int `mapstructure:"key_size"` Validity string `mapstructure:"validity"` ValidateTLSCertificate bool `mapstructure:"validate_tls_certificate"` + PublicFilePrefix string `mapstructure:"public_file_prefix"` } func setDefaults() { @@ -19,6 +21,7 @@ func setDefaults() { viper.BindPFlag("key_type", pflag.Lookup("key_type")) viper.BindPFlag("key_size", pflag.Lookup("key_size")) viper.BindPFlag("validity", pflag.Lookup("validity")) + viper.BindPFlag("public_file_prefix", pflag.Lookup("public_file_prefix")) viper.SetDefault("validateTLSCertificate", true) } @@ -34,5 +37,10 @@ func ReadConfig(path string) (*Config, error) { if err := viper.Unmarshal(c); err != nil { return nil, err } + p, err := homedir.Expand(c.PublicFilePrefix) + if err != nil { + return nil, err + } + c.PublicFilePrefix = p return c, nil } |