Progress?

This commit is contained in:
Carl Tashian 2022-03-30 15:48:42 -07:00
parent ef9e31cd92
commit 055e75f394
2 changed files with 32 additions and 8 deletions

View file

@ -80,6 +80,14 @@ type Authority struct {
adminMutex sync.RWMutex adminMutex sync.RWMutex
} }
type AuthorityInfo struct {
StartTime time.Time
RootX509Certs []*x509.Certificate
SSHCAUserCerts []ssh.PublicKey
SSHCAHostCerts []ssh.PublicKey
}
// New creates and initiates a new Authority type. // New creates and initiates a new Authority type.
func New(cfg *config.Config, opts ...Option) (*Authority, error) { func New(cfg *config.Config, opts ...Option) (*Authority, error) {
err := cfg.Validate() err := cfg.Validate()
@ -311,7 +319,6 @@ func (a *Authority) init() error {
for _, crt := range a.rootX509Certs { for _, crt := range a.rootX509Certs {
sum := sha256.Sum256(crt.Raw) sum := sha256.Sum256(crt.Raw)
a.certificates.Store(hex.EncodeToString(sum[:]), crt) a.certificates.Store(hex.EncodeToString(sum[:]), crt)
log.Printf("X.509 Root Fingerprint: %s", hex.EncodeToString(sum[:]))
} }
a.rootX509CertPool = x509.NewCertPool() a.rootX509CertPool = x509.NewCertPool()
@ -540,13 +547,6 @@ func (a *Authority) init() error {
a.templates.Data["Step"] = tmplVars a.templates.Data["Step"] = tmplVars
} }
if tmplVars.SSH.HostKey != nil {
log.Printf("SSH Host CA Key: %s\n", ssh.MarshalAuthorizedKey(tmplVars.SSH.HostKey))
}
if tmplVars.SSH.UserKey != nil {
log.Printf("SSH User CA Key: %s\n", ssh.MarshalAuthorizedKey(tmplVars.SSH.UserKey))
}
// JWT numeric dates are seconds. // JWT numeric dates are seconds.
a.startTime = time.Now().Truncate(time.Second) a.startTime = time.Now().Truncate(time.Second)
// Set flag indicating that initialization has been completed, and should // Set flag indicating that initialization has been completed, and should
@ -567,6 +567,16 @@ func (a *Authority) GetAdminDatabase() admin.DB {
return a.adminDB return a.adminDB
} }
func (a *Authority) GetAuthorityInfo() *AuthorityInfo {
return &AuthorityInfo{
StartTime: a.startTime,
RootX509Certs: a.rootX509Certs,
SSHCAUserCerts: a.sshCAUserCerts,
SSHCAHostCerts: a.sshCAHostCerts,
}
}
// IsAdminAPIEnabled returns a boolean indicating whether the Admin API has // IsAdminAPIEnabled returns a boolean indicating whether the Admin API has
// been enabled. // been enabled.
func (a *Authority) IsAdminAPIEnabled() bool { func (a *Authority) IsAdminAPIEnabled() bool {

View file

@ -3,6 +3,8 @@ package ca
import ( import (
"crypto/tls" "crypto/tls"
"crypto/x509" "crypto/x509"
"crypto/sha256"
"encoding/hex"
"fmt" "fmt"
"log" "log"
"net/http" "net/http"
@ -297,6 +299,18 @@ func (ca *CA) Run() error {
errs := make(chan error, 1) errs := make(chan error, 1)
if !ca.opts.quiet { if !ca.opts.quiet {
authorityInfo := ca.auth.GetAuthorityInfo()
log.Printf("Address: %s", ca.config.Address)
for _, crt := range authorityInfo.RootX509Certs {
sum := sha256.Sum256(crt.Raw)
log.Printf("X.509 Root Fingerprint: %s", hex.EncodeToString(sum[:]))
}
if ca.config.SSH != nil {
log.Printf("SSH Host CA Key: %s\n", ca.config.SSH.HostKey)
}
if ca.config.SSH != nil {
log.Printf("SSH User CA Key: %s\n", ca.config.SSH.UserKey)
}
log.Printf("Documentation: https://u.step.sm/docs/ca") log.Printf("Documentation: https://u.step.sm/docs/ca")
log.Printf("Community Discord: https://u.step.sm/discord") log.Printf("Community Discord: https://u.step.sm/discord")
log.Printf("Config File: %s", ca.opts.configFile) log.Printf("Config File: %s", ca.opts.configFile)