add OpenSSH plugin

2021-05-18 18:58:42 +02:00
2 changed files with 6 additions and 8 deletions
--- a/lemur/certificates/schemas.py
+++ b/lemur/certificates/schemas.py
@ -373,7 +373,6 @@ class CertificateOutputSchema(LemurOutputSchema):
            plugin = plugins.get(cert['authority']['plugin']['slug'])
        if plugin:
            plugin.wrap_certificate(cert)
-        if 'root_authority' in cert:
        del cert['root_authority']


--- a/lemur/plugins/lemur_openssh/plugin.py
+++ b/lemur/plugins/lemur_openssh/plugin.py
@ -68,9 +68,9 @@ def sign_certificate(common_name, public_key, authority_private_key, user, exten
            cmd.extend(['-I', common_name + ' host key',
                        '-n', ','.join(domains),
                        '-h'])
-        # something like 20201024102030
-        ssh_not_before = datetime.fromisoformat(not_before).strftime("%Y%m%d%H%M%S")
-        ssh_not_after = datetime.fromisoformat(not_after).strftime("%Y%m%d%H%M%S")
+        # something like 20201024
+        ssh_not_before = datetime.fromisoformat(not_before).strftime("%Y%m%d")
+        ssh_not_after = datetime.fromisoformat(not_after).strftime("%Y%m%d")
        cmd.extend(['-V', ssh_not_before + ':' + ssh_not_after])
        with mktempfile() as cert_tmp:
            with open(cert_tmp, 'w') as f:
@ -81,7 +81,7 @@ def sign_certificate(common_name, public_key, authority_private_key, user, exten
    pub = cert_tmp + '-cert.pub'
    with open(pub, 'r') as p:
        body = split_cert(p.read())
-    unlink(pub)
+    #unlink(pub)
    return body


@ -107,8 +107,6 @@ class OpenSSHIssuerPlugin(CryptographyIssuerPlugin):
        return cert_pem, private_key, chain_cert_pem, roles

    def wrap_certificate(self, cert):
-        if 'body' not in cert:
-            return
        # get public_key in OpenSSH format
        public_key = parse_certificate(cert['body']).public_key().public_bytes(
            encoding=serialization.Encoding.OpenSSH,
@ -157,3 +155,4 @@ class OpenSSHIssuerPlugin(CryptographyIssuerPlugin):
            format=serialization.PrivateFormat.OpenSSH,
            encryption_algorithm=serialization.NoEncryption(),
        )
+        print(cert.private_key)