From 2ba4e3753095147239348e9222fbf62725f6f636 Mon Sep 17 00:00:00 2001 From: Mariano Cano Date: Tue, 16 Feb 2021 15:02:20 -0800 Subject: [PATCH] Add URI support to configure yubikeys. --- kms/yubikey/yubikey.go | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/kms/yubikey/yubikey.go b/kms/yubikey/yubikey.go index 943cd534..19cef55e 100644 --- a/kms/yubikey/yubikey.go +++ b/kms/yubikey/yubikey.go @@ -13,8 +13,12 @@ import ( "github.com/go-piv/piv-go/piv" "github.com/pkg/errors" "github.com/smallstep/certificates/kms/apiv1" + "github.com/smallstep/certificates/kms/uri" ) +// Scheme is the scheme used in uris. +const Scheme = "yubikey" + // YubiKey implements the KMS interface on a YubiKey. type YubiKey struct { yk *piv.YubiKey @@ -26,6 +30,21 @@ type YubiKey struct { // TODO(mariano): only one card is currently supported. func New(ctx context.Context, opts apiv1.Options) (*YubiKey, error) { managementKey := piv.DefaultManagementKey + + if opts.URI != "" { + u, err := uri.ParseWithScheme(Scheme, opts.URI) + if err != nil { + return nil, err + } + if v := u.Pin(); v != "" { + opts.Pin = v + } + if v := u.Get("management-key"); v != "" { + opts.ManagementKey = v + } + } + + // Deprecated way to set configuration parameters. if opts.ManagementKey != "" { b, err := hex.DecodeString(opts.ManagementKey) if err != nil {