Compare commits
1 Commits
pkg/dev/ri
...
35e96a0686
| Author | SHA1 | Date | |
|---|---|---|---|
| 35e96a0686 |
@ -48,15 +48,10 @@ def split_cert(body):
|
|||||||
|
|
||||||
|
|
||||||
def sign_certificate(common_name, public_key, authority_private_key, user, extensions, not_before, not_after):
|
def sign_certificate(common_name, public_key, authority_private_key, user, extensions, not_before, not_after):
|
||||||
private_key = parse_private_key(authority_private_key).private_bytes(
|
|
||||||
encoding=serialization.Encoding.PEM,
|
|
||||||
format=serialization.PrivateFormat.OpenSSH,
|
|
||||||
encryption_algorithm=serialization.NoEncryption(),
|
|
||||||
).decode()
|
|
||||||
with mktempfile() as issuer_tmp:
|
with mktempfile() as issuer_tmp:
|
||||||
cmd = ['ssh-keygen', '-s', issuer_tmp]
|
cmd = ['ssh-keygen', '-s', issuer_tmp]
|
||||||
with open(issuer_tmp, 'w') as i:
|
with open(issuer_tmp, 'w') as i:
|
||||||
i.writelines(private_key)
|
i.writelines(authority_private_key)
|
||||||
if 'extendedKeyUsage' in extensions and extensions['extendedKeyUsage'].get('useClientAuthentication'):
|
if 'extendedKeyUsage' in extensions and extensions['extendedKeyUsage'].get('useClientAuthentication'):
|
||||||
cmd.extend(['-I', user['username'] + ' user key',
|
cmd.extend(['-I', user['username'] + ' user key',
|
||||||
'-n', user['username']])
|
'-n', user['username']])
|
||||||
@ -81,7 +76,7 @@ def sign_certificate(common_name, public_key, authority_private_key, user, exten
|
|||||||
pub = cert_tmp + '-cert.pub'
|
pub = cert_tmp + '-cert.pub'
|
||||||
with open(pub, 'r') as p:
|
with open(pub, 'r') as p:
|
||||||
body = split_cert(p.read())
|
body = split_cert(p.read())
|
||||||
#unlink(pub)
|
unlink(pub)
|
||||||
return body
|
return body
|
||||||
|
|
||||||
|
|
||||||
@ -114,11 +109,10 @@ class OpenSSHIssuerPlugin(CryptographyIssuerPlugin):
|
|||||||
).decode()
|
).decode()
|
||||||
public_key += ' ' + cert['user']['email']
|
public_key += ' ' + cert['user']['email']
|
||||||
# sign it with authority private key
|
# sign it with authority private key
|
||||||
if 'root_authority' in cert and cert['root_authority']:
|
if 'root_authority' in cert:
|
||||||
authority = cert['root_authority']
|
root_authority = cert['root_authority']
|
||||||
else:
|
else:
|
||||||
authority = cert['authority']
|
root_authority = get_by_root_authority(cert['authority']['id'])
|
||||||
root_authority = get_by_root_authority(authority['id'])
|
|
||||||
authority_private_key = root_authority.private_key
|
authority_private_key = root_authority.private_key
|
||||||
cert['body'] = sign_certificate(
|
cert['body'] = sign_certificate(
|
||||||
cert['common_name'],
|
cert['common_name'],
|
||||||
@ -155,4 +149,3 @@ class OpenSSHIssuerPlugin(CryptographyIssuerPlugin):
|
|||||||
format=serialization.PrivateFormat.OpenSSH,
|
format=serialization.PrivateFormat.OpenSSH,
|
||||||
encryption_algorithm=serialization.NoEncryption(),
|
encryption_algorithm=serialization.NoEncryption(),
|
||||||
)
|
)
|
||||||
print(cert.private_key)
|
|
||||||
|
|||||||
Reference in New Issue
Block a user