add OpenSSH plugin

lemur/plugins/lemur_openssh/plugin.py

@@ -48,15 +48,10 @@ def split_cert(body):
 
 
 def sign_certificate(common_name, public_key, authority_private_key, user, extensions, not_before, not_after):
-    private_key = parse_private_key(authority_private_key).private_bytes(
-        encoding=serialization.Encoding.PEM,
-        format=serialization.PrivateFormat.OpenSSH,
-        encryption_algorithm=serialization.NoEncryption(),
-    ).decode()
     with mktempfile() as issuer_tmp:
         cmd = ['ssh-keygen', '-s', issuer_tmp]
         with open(issuer_tmp, 'w') as i:
-            i.writelines(private_key)
+            i.writelines(authority_private_key)
         if 'extendedKeyUsage' in extensions and extensions['extendedKeyUsage'].get('useClientAuthentication'):
             cmd.extend(['-I', user['username'] + ' user key',
                         '-n', user['username']])
@@ -81,7 +76,7 @@ def sign_certificate(common_name, public_key, authority_private_key, user, exten
     pub = cert_tmp + '-cert.pub'
     with open(pub, 'r') as p:
         body = split_cert(p.read())
-    #unlink(pub)
+    unlink(pub)
     return body
 
 
@@ -114,11 +109,10 @@ class OpenSSHIssuerPlugin(CryptographyIssuerPlugin):
         ).decode()
         public_key += ' ' + cert['user']['email']
         # sign it with authority private key
-        if 'root_authority' in cert and cert['root_authority']:
-            authority = cert['root_authority']
+        if 'root_authority' in cert:
+            root_authority = cert['root_authority']
         else:
-            authority = cert['authority']
-        root_authority = get_by_root_authority(authority['id'])
+            root_authority = get_by_root_authority(cert['authority']['id'])
         authority_private_key = root_authority.private_key
         cert['body'] = sign_certificate(
             cert['common_name'],
@@ -155,4 +149,3 @@ class OpenSSHIssuerPlugin(CryptographyIssuerPlugin):
             format=serialization.PrivateFormat.OpenSSH,
             encryption_algorithm=serialization.NoEncryption(),
         )
-        print(cert.private_key)