diff options
author | Niall Sheridan <nsheridan@gmail.com> | 2016-06-19 23:44:25 +0100 |
---|---|---|
committer | Niall Sheridan <nsheridan@gmail.com> | 2016-07-03 18:01:24 +0100 |
commit | dee5a19d36554a8f9a365efd65d13b134889bf63 (patch) | |
tree | 41103a2d3665d604fe22dcd16d110ed56c466f6d /server/signer/signer.go | |
parent | 6e7dfa0df6b102219817e26095f2ba636cd9288c (diff) |
first pass at a certificate store
Diffstat (limited to 'server/signer/signer.go')
-rw-r--r-- | server/signer/signer.go | 11 |
1 files changed, 4 insertions, 7 deletions
diff --git a/server/signer/signer.go b/server/signer/signer.go index 1be6d75..a3f056a 100644 --- a/server/signer/signer.go +++ b/server/signer/signer.go @@ -25,10 +25,10 @@ type KeySigner struct { } // SignUserKey returns a signed ssh certificate. -func (s *KeySigner) SignUserKey(req *lib.SignRequest) (string, error) { +func (s *KeySigner) SignUserKey(req *lib.SignRequest) (*ssh.Certificate, error) { pubkey, _, _, _, err := ssh.ParseAuthorizedKey([]byte(req.Key)) if err != nil { - return "", err + return nil, err } expires := time.Now().UTC().Add(s.validity) if req.ValidUntil.After(expires) { @@ -45,13 +45,10 @@ func (s *KeySigner) SignUserKey(req *lib.SignRequest) (string, error) { cert.ValidPrincipals = append(cert.ValidPrincipals, s.principals...) cert.Extensions = s.permissions if err := cert.SignCert(rand.Reader, s.ca); err != nil { - return "", err + return nil, err } - marshaled := ssh.MarshalAuthorizedKey(cert) - // Remove the trailing newline. - marshaled = marshaled[:len(marshaled)-1] log.Printf("Issued cert id: %s principals: %s fp: %s valid until: %s\n", cert.KeyId, cert.ValidPrincipals, fingerprint(pubkey), time.Unix(int64(cert.ValidBefore), 0).UTC()) - return string(marshaled), nil + return cert, nil } func makeperms(perms []string) map[string]string { |