diff options
| author | Niall Sheridan <nsheridan@gmail.com> | 2016-06-19 23:44:25 +0100 |
|---|---|---|
| committer | Niall Sheridan <nsheridan@gmail.com> | 2016-07-03 18:01:24 +0100 |
| commit | dee5a19d36554a8f9a365efd65d13b134889bf63 (patch) | |
| tree | 41103a2d3665d604fe22dcd16d110ed56c466f6d /server/signer | |
| parent | 6e7dfa0df6b102219817e26095f2ba636cd9288c (diff) | |
first pass at a certificate store
Diffstat (limited to 'server/signer')
| -rw-r--r-- | server/signer/signer.go | 11 | ||||
| -rw-r--r-- | server/signer/signer_test.go | 7 |
2 files changed, 5 insertions, 13 deletions
diff --git a/server/signer/signer.go b/server/signer/signer.go index 1be6d75..a3f056a 100644 --- a/server/signer/signer.go +++ b/server/signer/signer.go @@ -25,10 +25,10 @@ type KeySigner struct { } // SignUserKey returns a signed ssh certificate. -func (s *KeySigner) SignUserKey(req *lib.SignRequest) (string, error) { +func (s *KeySigner) SignUserKey(req *lib.SignRequest) (*ssh.Certificate, error) { pubkey, _, _, _, err := ssh.ParseAuthorizedKey([]byte(req.Key)) if err != nil { - return "", err + return nil, err } expires := time.Now().UTC().Add(s.validity) if req.ValidUntil.After(expires) { @@ -45,13 +45,10 @@ func (s *KeySigner) SignUserKey(req *lib.SignRequest) (string, error) { cert.ValidPrincipals = append(cert.ValidPrincipals, s.principals...) cert.Extensions = s.permissions if err := cert.SignCert(rand.Reader, s.ca); err != nil { - return "", err + return nil, err } - marshaled := ssh.MarshalAuthorizedKey(cert) - // Remove the trailing newline. - marshaled = marshaled[:len(marshaled)-1] log.Printf("Issued cert id: %s principals: %s fp: %s valid until: %s\n", cert.KeyId, cert.ValidPrincipals, fingerprint(pubkey), time.Unix(int64(cert.ValidBefore), 0).UTC()) - return string(marshaled), nil + return cert, nil } func makeperms(perms []string) map[string]string { diff --git a/server/signer/signer_test.go b/server/signer/signer_test.go index 08f9025..a80e64a 100644 --- a/server/signer/signer_test.go +++ b/server/signer/signer_test.go @@ -27,15 +27,10 @@ func TestCert(t *testing.T) { Principal: "gopher1", ValidUntil: time.Now().Add(1 * time.Hour), } - ret, err := signer.SignUserKey(r) + cert, err := signer.SignUserKey(r) if err != nil { t.Fatal(err) } - c, _, _, _, err := ssh.ParseAuthorizedKey([]byte(ret)) - cert, ok := c.(*ssh.Certificate) - if !ok { - t.Fatalf("Expected type *ssh.Certificate, got %v (%T)", cert, cert) - } if !bytes.Equal(cert.SignatureKey.Marshal(), signer.ca.PublicKey().Marshal()) { t.Fatal("Cert signer and server signer don't match") } |