From dee5a19d36554a8f9a365efd65d13b134889bf63 Mon Sep 17 00:00:00 2001
From: Niall Sheridan <nsheridan@gmail.com>
Date: Sun, 19 Jun 2016 23:44:25 +0100
Subject: first pass at a certificate store

---
 server/signer/signer.go      | 11 ++++-------
 server/signer/signer_test.go |  7 +------
 2 files changed, 5 insertions(+), 13 deletions(-)

(limited to 'server/signer')

diff --git a/server/signer/signer.go b/server/signer/signer.go
index 1be6d75..a3f056a 100644
--- a/server/signer/signer.go
+++ b/server/signer/signer.go
@@ -25,10 +25,10 @@ type KeySigner struct {
 }
 
 // SignUserKey returns a signed ssh certificate.
-func (s *KeySigner) SignUserKey(req *lib.SignRequest) (string, error) {
+func (s *KeySigner) SignUserKey(req *lib.SignRequest) (*ssh.Certificate, error) {
 	pubkey, _, _, _, err := ssh.ParseAuthorizedKey([]byte(req.Key))
 	if err != nil {
-		return "", err
+		return nil, err
 	}
 	expires := time.Now().UTC().Add(s.validity)
 	if req.ValidUntil.After(expires) {
@@ -45,13 +45,10 @@ func (s *KeySigner) SignUserKey(req *lib.SignRequest) (string, error) {
 	cert.ValidPrincipals = append(cert.ValidPrincipals, s.principals...)
 	cert.Extensions = s.permissions
 	if err := cert.SignCert(rand.Reader, s.ca); err != nil {
-		return "", err
+		return nil, err
 	}
-	marshaled := ssh.MarshalAuthorizedKey(cert)
-	// Remove the trailing newline.
-	marshaled = marshaled[:len(marshaled)-1]
 	log.Printf("Issued cert id: %s principals: %s fp: %s valid until: %s\n", cert.KeyId, cert.ValidPrincipals, fingerprint(pubkey), time.Unix(int64(cert.ValidBefore), 0).UTC())
-	return string(marshaled), nil
+	return cert, nil
 }
 
 func makeperms(perms []string) map[string]string {
diff --git a/server/signer/signer_test.go b/server/signer/signer_test.go
index 08f9025..a80e64a 100644
--- a/server/signer/signer_test.go
+++ b/server/signer/signer_test.go
@@ -27,15 +27,10 @@ func TestCert(t *testing.T) {
 		Principal:  "gopher1",
 		ValidUntil: time.Now().Add(1 * time.Hour),
 	}
-	ret, err := signer.SignUserKey(r)
+	cert, err := signer.SignUserKey(r)
 	if err != nil {
 		t.Fatal(err)
 	}
-	c, _, _, _, err := ssh.ParseAuthorizedKey([]byte(ret))
-	cert, ok := c.(*ssh.Certificate)
-	if !ok {
-		t.Fatalf("Expected type *ssh.Certificate, got %v (%T)", cert, cert)
-	}
 	if !bytes.Equal(cert.SignatureKey.Marshal(), signer.ca.PublicKey().Marshal()) {
 		t.Fatal("Cert signer and server signer don't match")
 	}
-- 
cgit v1.2.3