Compare commits
1 Commits
pkg/dev/ri
...
master
| Author | SHA1 | Date |
|---|---|---|
 Emmanuel Garette
|
bb5b32a435 |
|
|
@ -373,6 +373,7 @@ class CertificateOutputSchema(LemurOutputSchema):
|
||||||
plugin = plugins.get(cert['authority']['plugin']['slug'])
|
plugin = plugins.get(cert['authority']['plugin']['slug'])
|
||||||
if plugin:
|
if plugin:
|
||||||
plugin.wrap_certificate(cert)
|
plugin.wrap_certificate(cert)
|
||||||
|
if 'root_authority' in cert:
|
||||||
del cert['root_authority']
|
del cert['root_authority']
|
||||||
|
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -68,9 +68,9 @@ def sign_certificate(common_name, public_key, authority_private_key, user, exten
|
||||||
cmd.extend(['-I', common_name + ' host key',
|
cmd.extend(['-I', common_name + ' host key',
|
||||||
'-n', ','.join(domains),
|
'-n', ','.join(domains),
|
||||||
'-h'])
|
'-h'])
|
||||||
# something like 20201024
|
# something like 20201024102030
|
||||||
ssh_not_before = datetime.fromisoformat(not_before).strftime("%Y%m%d")
|
ssh_not_before = datetime.fromisoformat(not_before).strftime("%Y%m%d%H%M%S")
|
||||||
ssh_not_after = datetime.fromisoformat(not_after).strftime("%Y%m%d")
|
ssh_not_after = datetime.fromisoformat(not_after).strftime("%Y%m%d%H%M%S")
|
||||||
cmd.extend(['-V', ssh_not_before + ':' + ssh_not_after])
|
cmd.extend(['-V', ssh_not_before + ':' + ssh_not_after])
|
||||||
with mktempfile() as cert_tmp:
|
with mktempfile() as cert_tmp:
|
||||||
with open(cert_tmp, 'w') as f:
|
with open(cert_tmp, 'w') as f:
|
||||||
|
|
@ -81,7 +81,7 @@ def sign_certificate(common_name, public_key, authority_private_key, user, exten
|
||||||
pub = cert_tmp + '-cert.pub'
|
pub = cert_tmp + '-cert.pub'
|
||||||
with open(pub, 'r') as p:
|
with open(pub, 'r') as p:
|
||||||
body = split_cert(p.read())
|
body = split_cert(p.read())
|
||||||
#unlink(pub)
|
unlink(pub)
|
||||||
return body
|
return body
|
||||||
|
|
||||||
|
|
||||||
|
|
@ -107,6 +107,8 @@ class OpenSSHIssuerPlugin(CryptographyIssuerPlugin):
|
||||||
return cert_pem, private_key, chain_cert_pem, roles
|
return cert_pem, private_key, chain_cert_pem, roles
|
||||||
|
|
||||||
def wrap_certificate(self, cert):
|
def wrap_certificate(self, cert):
|
||||||
|
if 'body' not in cert:
|
||||||
|
return
|
||||||
# get public_key in OpenSSH format
|
# get public_key in OpenSSH format
|
||||||
public_key = parse_certificate(cert['body']).public_key().public_bytes(
|
public_key = parse_certificate(cert['body']).public_key().public_bytes(
|
||||||
encoding=serialization.Encoding.OpenSSH,
|
encoding=serialization.Encoding.OpenSSH,
|
||||||
|
|
@ -155,4 +157,3 @@ class OpenSSHIssuerPlugin(CryptographyIssuerPlugin):
|
||||||
format=serialization.PrivateFormat.OpenSSH,
|
format=serialization.PrivateFormat.OpenSSH,
|
||||||
encryption_algorithm=serialization.NoEncryption(),
|
encryption_algorithm=serialization.NoEncryption(),
|
||||||
)
|
)
|
||||||
print(cert.private_key)
|
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue