|
|
|
@ -341,7 +341,7 @@ func New(o apiv1.Options, opts ...Option) (*PKI, error) {
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
// Use default key manager
|
|
|
|
// Use default key manager
|
|
|
|
if p.keyManager != nil {
|
|
|
|
if p.keyManager == nil {
|
|
|
|
p.keyManager = kms.Default
|
|
|
|
p.keyManager = kms.Default
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
@ -634,7 +634,7 @@ func (p *PKI) GenerateSSHSigningKeys(password []byte) error {
|
|
|
|
|
|
|
|
|
|
|
|
// Create SSH key used to sign host certificates. Using
|
|
|
|
// Create SSH key used to sign host certificates. Using
|
|
|
|
// kmsapi.UnspecifiedSignAlgorithm will default to the default algorithm.
|
|
|
|
// kmsapi.UnspecifiedSignAlgorithm will default to the default algorithm.
|
|
|
|
name := p.Ssh.HostPublicKey
|
|
|
|
name := p.Ssh.HostKey
|
|
|
|
if uri := p.options.hostKeyURI; uri != "" {
|
|
|
|
if uri := p.options.hostKeyURI; uri != "" {
|
|
|
|
name = uri
|
|
|
|
name = uri
|
|
|
|
}
|
|
|
|
}
|
|
|
|
@ -649,7 +649,7 @@ func (p *PKI) GenerateSSHSigningKeys(password []byte) error {
|
|
|
|
if err != nil {
|
|
|
|
if err != nil {
|
|
|
|
return errors.Wrapf(err, "error converting public key")
|
|
|
|
return errors.Wrapf(err, "error converting public key")
|
|
|
|
}
|
|
|
|
}
|
|
|
|
p.Files[resp.Name] = ssh.MarshalAuthorizedKey(sshKey)
|
|
|
|
p.Files[p.Ssh.HostPublicKey] = ssh.MarshalAuthorizedKey(sshKey)
|
|
|
|
|
|
|
|
|
|
|
|
// On softkms we will have the private key
|
|
|
|
// On softkms we will have the private key
|
|
|
|
if resp.PrivateKey != nil {
|
|
|
|
if resp.PrivateKey != nil {
|
|
|
|
@ -657,11 +657,13 @@ func (p *PKI) GenerateSSHSigningKeys(password []byte) error {
|
|
|
|
if err != nil {
|
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
} else {
|
|
|
|
|
|
|
|
p.Ssh.HostKey = resp.Name
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
// Create SSH key used to sign user certificates. Using
|
|
|
|
// Create SSH key used to sign user certificates. Using
|
|
|
|
// kmsapi.UnspecifiedSignAlgorithm will default to the default algorithm.
|
|
|
|
// kmsapi.UnspecifiedSignAlgorithm will default to the default algorithm.
|
|
|
|
name = p.Ssh.UserPublicKey
|
|
|
|
name = p.Ssh.UserKey
|
|
|
|
if uri := p.options.userKeyURI; uri != "" {
|
|
|
|
if uri := p.options.userKeyURI; uri != "" {
|
|
|
|
name = uri
|
|
|
|
name = uri
|
|
|
|
}
|
|
|
|
}
|
|
|
|
@ -676,7 +678,7 @@ func (p *PKI) GenerateSSHSigningKeys(password []byte) error {
|
|
|
|
if err != nil {
|
|
|
|
if err != nil {
|
|
|
|
return errors.Wrapf(err, "error converting public key")
|
|
|
|
return errors.Wrapf(err, "error converting public key")
|
|
|
|
}
|
|
|
|
}
|
|
|
|
p.Files[resp.Name] = ssh.MarshalAuthorizedKey(sshKey)
|
|
|
|
p.Files[p.Ssh.UserPublicKey] = ssh.MarshalAuthorizedKey(sshKey)
|
|
|
|
|
|
|
|
|
|
|
|
// On softkms we will have the private key
|
|
|
|
// On softkms we will have the private key
|
|
|
|
if resp.PrivateKey != nil {
|
|
|
|
if resp.PrivateKey != nil {
|
|
|
|
@ -684,6 +686,8 @@ func (p *PKI) GenerateSSHSigningKeys(password []byte) error {
|
|
|
|
if err != nil {
|
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
} else {
|
|
|
|
|
|
|
|
p.Ssh.UserKey = resp.Name
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
return nil
|
|
|
|
return nil
|
|
|
|
|
Mariano Cano
3 years ago