aboutsummaryrefslogtreecommitdiff
path: root/server/signer
diff options
context:
space:
mode:
Diffstat (limited to 'server/signer')
-rw-r--r--server/signer/signer.go17
1 files changed, 14 insertions, 3 deletions
diff --git a/server/signer/signer.go b/server/signer/signer.go
index 854d70e..566ca98 100644
--- a/server/signer/signer.go
+++ b/server/signer/signer.go
@@ -1,9 +1,12 @@
package signer
import (
+ "crypto/md5"
"crypto/rand"
"fmt"
"io/ioutil"
+ "log"
+ "strings"
"time"
"github.com/nsheridan/cashier/lib"
@@ -25,16 +28,16 @@ func (s *KeySigner) SignUserKey(req *lib.SignRequest) (string, error) {
if err != nil {
return "", err
}
- expires := time.Now().Add(s.validity)
+ expires := time.Now().UTC().Add(s.validity)
if req.ValidUntil.After(expires) {
req.ValidUntil = expires
}
cert := &ssh.Certificate{
CertType: ssh.UserCert,
Key: pubkey,
- KeyId: req.Principal,
+ KeyId: fmt.Sprintf("%s_%d", req.Principal, time.Now().UTC().Unix()),
ValidBefore: uint64(req.ValidUntil.Unix()),
- ValidAfter: uint64(time.Now().Add(-5 * time.Minute).Unix()),
+ ValidAfter: uint64(time.Now().UTC().Add(-5 * time.Minute).Unix()),
}
cert.ValidPrincipals = append(cert.ValidPrincipals, req.Principal)
cert.ValidPrincipals = append(cert.ValidPrincipals, s.principals...)
@@ -45,6 +48,7 @@ func (s *KeySigner) SignUserKey(req *lib.SignRequest) (string, error) {
marshaled := ssh.MarshalAuthorizedKey(cert)
// Remove the trailing newline.
marshaled = marshaled[:len(marshaled)-1]
+ log.Printf("Issued cert %s principals: %s fp: %s valid until: %s\n", cert.KeyId, cert.ValidPrincipals, fingerprint(pubkey), time.Unix(int64(cert.ValidBefore), 0).UTC())
return string(marshaled), nil
}
@@ -86,3 +90,10 @@ func New(conf config.SSH) (*KeySigner, error) {
permissions: makeperms(conf.Permissions),
}, nil
}
+
+func fingerprint(pubkey ssh.PublicKey) string {
+ md5String := md5.New()
+ md5String.Write(pubkey.Marshal())
+ fp := fmt.Sprintf("% x", md5String.Sum(nil))
+ return strings.Replace(fp, " ", ":", -1)
+}