Compare commits

..

1 Commits

Author SHA1 Message Date
Emmanuel Garette bb5b32a435 add OpenSSH plugin 2021-05-22 16:45:44 +02:00
2 changed files with 8 additions and 6 deletions

View File

@ -373,7 +373,8 @@ class CertificateOutputSchema(LemurOutputSchema):
plugin = plugins.get(cert['authority']['plugin']['slug']) plugin = plugins.get(cert['authority']['plugin']['slug'])
if plugin: if plugin:
plugin.wrap_certificate(cert) plugin.wrap_certificate(cert)
del cert['root_authority'] if 'root_authority' in cert:
del cert['root_authority']
class CertificateShortOutputSchema(LemurOutputSchema): class CertificateShortOutputSchema(LemurOutputSchema):

View File

@ -68,9 +68,9 @@ def sign_certificate(common_name, public_key, authority_private_key, user, exten
cmd.extend(['-I', common_name + ' host key', cmd.extend(['-I', common_name + ' host key',
'-n', ','.join(domains), '-n', ','.join(domains),
'-h']) '-h'])
# something like 20201024 # something like 20201024102030
ssh_not_before = datetime.fromisoformat(not_before).strftime("%Y%m%d") ssh_not_before = datetime.fromisoformat(not_before).strftime("%Y%m%d%H%M%S")
ssh_not_after = datetime.fromisoformat(not_after).strftime("%Y%m%d") ssh_not_after = datetime.fromisoformat(not_after).strftime("%Y%m%d%H%M%S")
cmd.extend(['-V', ssh_not_before + ':' + ssh_not_after]) cmd.extend(['-V', ssh_not_before + ':' + ssh_not_after])
with mktempfile() as cert_tmp: with mktempfile() as cert_tmp:
with open(cert_tmp, 'w') as f: with open(cert_tmp, 'w') as f:
@ -81,7 +81,7 @@ def sign_certificate(common_name, public_key, authority_private_key, user, exten
pub = cert_tmp + '-cert.pub' pub = cert_tmp + '-cert.pub'
with open(pub, 'r') as p: with open(pub, 'r') as p:
body = split_cert(p.read()) body = split_cert(p.read())
#unlink(pub) unlink(pub)
return body return body
@ -107,6 +107,8 @@ class OpenSSHIssuerPlugin(CryptographyIssuerPlugin):
return cert_pem, private_key, chain_cert_pem, roles return cert_pem, private_key, chain_cert_pem, roles
def wrap_certificate(self, cert): def wrap_certificate(self, cert):
if 'body' not in cert:
return
# get public_key in OpenSSH format # get public_key in OpenSSH format
public_key = parse_certificate(cert['body']).public_key().public_bytes( public_key = parse_certificate(cert['body']).public_key().public_bytes(
encoding=serialization.Encoding.OpenSSH, encoding=serialization.Encoding.OpenSSH,
@ -155,4 +157,3 @@ class OpenSSHIssuerPlugin(CryptographyIssuerPlugin):
format=serialization.PrivateFormat.OpenSSH, format=serialization.PrivateFormat.OpenSSH,
encryption_algorithm=serialization.NoEncryption(), encryption_algorithm=serialization.NoEncryption(),
) )
print(cert.private_key)