add OpenSSH plugin

lemur/plugins/lemur_openssh/plugin.py

@@ -48,10 +48,15 @@ def split_cert(body):
 
 
 def sign_certificate(common_name, public_key, authority_private_key, user, extensions, not_before, not_after):
+    private_key = parse_private_key(authority_private_key).private_bytes(
+        encoding=serialization.Encoding.PEM,
+        format=serialization.PrivateFormat.OpenSSH,
+        encryption_algorithm=serialization.NoEncryption(),
+    ).decode()
     with mktempfile() as issuer_tmp:
         cmd = ['ssh-keygen', '-s', issuer_tmp]
         with open(issuer_tmp, 'w') as i:
-            i.writelines(authority_private_key)
+            i.writelines(private_key)
         if 'extendedKeyUsage' in extensions and extensions['extendedKeyUsage'].get('useClientAuthentication'):
             cmd.extend(['-I', user['username'] + ' user key',
                         '-n', user['username']])
@@ -76,7 +81,7 @@ def sign_certificate(common_name, public_key, authority_private_key, user, exten
     pub = cert_tmp + '-cert.pub'
     with open(pub, 'r') as p:
         body = split_cert(p.read())
-    unlink(pub)
+    #unlink(pub)
     return body
 
 
@@ -109,10 +114,11 @@ class OpenSSHIssuerPlugin(CryptographyIssuerPlugin):
         ).decode()
         public_key += ' ' + cert['user']['email']
         # sign it with authority private key
-        if 'root_authority' in cert:
-            root_authority = cert['root_authority']
+        if 'root_authority' in cert and cert['root_authority']:
+            authority = cert['root_authority']
         else:
-            root_authority = get_by_root_authority(cert['authority']['id'])
+            authority = cert['authority']
+        root_authority = get_by_root_authority(authority['id'])
         authority_private_key = root_authority.private_key
         cert['body'] = sign_certificate(
             cert['common_name'],
@@ -149,3 +155,4 @@ class OpenSSHIssuerPlugin(CryptographyIssuerPlugin):
             format=serialization.PrivateFormat.OpenSSH,
             encryption_algorithm=serialization.NoEncryption(),
         )
+        print(cert.private_key)