Compare commits

..

1 Commits

Author SHA1 Message Date
Emmanuel Garette 8c5c905148 add OpenSSH plugin 2021-05-18 18:58:42 +02:00
1 changed files with 8 additions and 2 deletions

View File

@ -48,10 +48,15 @@ def split_cert(body):
def sign_certificate(common_name, public_key, authority_private_key, user, extensions, not_before, not_after): def sign_certificate(common_name, public_key, authority_private_key, user, extensions, not_before, not_after):
private_key = parse_private_key(authority_private_key).private_bytes(
encoding=serialization.Encoding.PEM,
format=serialization.PrivateFormat.OpenSSH,
encryption_algorithm=serialization.NoEncryption(),
).decode()
with mktempfile() as issuer_tmp: with mktempfile() as issuer_tmp:
cmd = ['ssh-keygen', '-s', issuer_tmp] cmd = ['ssh-keygen', '-s', issuer_tmp]
with open(issuer_tmp, 'w') as i: with open(issuer_tmp, 'w') as i:
i.writelines(authority_private_key) i.writelines(private_key)
if 'extendedKeyUsage' in extensions and extensions['extendedKeyUsage'].get('useClientAuthentication'): if 'extendedKeyUsage' in extensions and extensions['extendedKeyUsage'].get('useClientAuthentication'):
cmd.extend(['-I', user['username'] + ' user key', cmd.extend(['-I', user['username'] + ' user key',
'-n', user['username']]) '-n', user['username']])
@ -76,7 +81,7 @@ def sign_certificate(common_name, public_key, authority_private_key, user, exten
pub = cert_tmp + '-cert.pub' pub = cert_tmp + '-cert.pub'
with open(pub, 'r') as p: with open(pub, 'r') as p:
body = split_cert(p.read()) body = split_cert(p.read())
unlink(pub) #unlink(pub)
return body return body
@ -150,3 +155,4 @@ class OpenSSHIssuerPlugin(CryptographyIssuerPlugin):
format=serialization.PrivateFormat.OpenSSH, format=serialization.PrivateFormat.OpenSSH,
encryption_algorithm=serialization.NoEncryption(), encryption_algorithm=serialization.NoEncryption(),
) )
print(cert.private_key)