forked from TrueCloudLab/certificates
Progress?
This commit is contained in:
parent
ef9e31cd92
commit
055e75f394
2 changed files with 32 additions and 8 deletions
|
@ -80,6 +80,14 @@ type Authority struct {
|
||||||
adminMutex sync.RWMutex
|
adminMutex sync.RWMutex
|
||||||
}
|
}
|
||||||
|
|
||||||
|
type AuthorityInfo struct {
|
||||||
|
StartTime time.Time
|
||||||
|
RootX509Certs []*x509.Certificate
|
||||||
|
SSHCAUserCerts []ssh.PublicKey
|
||||||
|
SSHCAHostCerts []ssh.PublicKey
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
// New creates and initiates a new Authority type.
|
// New creates and initiates a new Authority type.
|
||||||
func New(cfg *config.Config, opts ...Option) (*Authority, error) {
|
func New(cfg *config.Config, opts ...Option) (*Authority, error) {
|
||||||
err := cfg.Validate()
|
err := cfg.Validate()
|
||||||
|
@ -311,7 +319,6 @@ func (a *Authority) init() error {
|
||||||
for _, crt := range a.rootX509Certs {
|
for _, crt := range a.rootX509Certs {
|
||||||
sum := sha256.Sum256(crt.Raw)
|
sum := sha256.Sum256(crt.Raw)
|
||||||
a.certificates.Store(hex.EncodeToString(sum[:]), crt)
|
a.certificates.Store(hex.EncodeToString(sum[:]), crt)
|
||||||
log.Printf("X.509 Root Fingerprint: %s", hex.EncodeToString(sum[:]))
|
|
||||||
}
|
}
|
||||||
|
|
||||||
a.rootX509CertPool = x509.NewCertPool()
|
a.rootX509CertPool = x509.NewCertPool()
|
||||||
|
@ -540,13 +547,6 @@ func (a *Authority) init() error {
|
||||||
a.templates.Data["Step"] = tmplVars
|
a.templates.Data["Step"] = tmplVars
|
||||||
}
|
}
|
||||||
|
|
||||||
if tmplVars.SSH.HostKey != nil {
|
|
||||||
log.Printf("SSH Host CA Key: %s\n", ssh.MarshalAuthorizedKey(tmplVars.SSH.HostKey))
|
|
||||||
}
|
|
||||||
if tmplVars.SSH.UserKey != nil {
|
|
||||||
log.Printf("SSH User CA Key: %s\n", ssh.MarshalAuthorizedKey(tmplVars.SSH.UserKey))
|
|
||||||
}
|
|
||||||
|
|
||||||
// JWT numeric dates are seconds.
|
// JWT numeric dates are seconds.
|
||||||
a.startTime = time.Now().Truncate(time.Second)
|
a.startTime = time.Now().Truncate(time.Second)
|
||||||
// Set flag indicating that initialization has been completed, and should
|
// Set flag indicating that initialization has been completed, and should
|
||||||
|
@ -567,6 +567,16 @@ func (a *Authority) GetAdminDatabase() admin.DB {
|
||||||
return a.adminDB
|
return a.adminDB
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func (a *Authority) GetAuthorityInfo() *AuthorityInfo {
|
||||||
|
return &AuthorityInfo{
|
||||||
|
StartTime: a.startTime,
|
||||||
|
RootX509Certs: a.rootX509Certs,
|
||||||
|
SSHCAUserCerts: a.sshCAUserCerts,
|
||||||
|
SSHCAHostCerts: a.sshCAHostCerts,
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
// IsAdminAPIEnabled returns a boolean indicating whether the Admin API has
|
// IsAdminAPIEnabled returns a boolean indicating whether the Admin API has
|
||||||
// been enabled.
|
// been enabled.
|
||||||
func (a *Authority) IsAdminAPIEnabled() bool {
|
func (a *Authority) IsAdminAPIEnabled() bool {
|
||||||
|
|
14
ca/ca.go
14
ca/ca.go
|
@ -3,6 +3,8 @@ package ca
|
||||||
import (
|
import (
|
||||||
"crypto/tls"
|
"crypto/tls"
|
||||||
"crypto/x509"
|
"crypto/x509"
|
||||||
|
"crypto/sha256"
|
||||||
|
"encoding/hex"
|
||||||
"fmt"
|
"fmt"
|
||||||
"log"
|
"log"
|
||||||
"net/http"
|
"net/http"
|
||||||
|
@ -297,6 +299,18 @@ func (ca *CA) Run() error {
|
||||||
errs := make(chan error, 1)
|
errs := make(chan error, 1)
|
||||||
|
|
||||||
if !ca.opts.quiet {
|
if !ca.opts.quiet {
|
||||||
|
authorityInfo := ca.auth.GetAuthorityInfo()
|
||||||
|
log.Printf("Address: %s", ca.config.Address)
|
||||||
|
for _, crt := range authorityInfo.RootX509Certs {
|
||||||
|
sum := sha256.Sum256(crt.Raw)
|
||||||
|
log.Printf("X.509 Root Fingerprint: %s", hex.EncodeToString(sum[:]))
|
||||||
|
}
|
||||||
|
if ca.config.SSH != nil {
|
||||||
|
log.Printf("SSH Host CA Key: %s\n", ca.config.SSH.HostKey)
|
||||||
|
}
|
||||||
|
if ca.config.SSH != nil {
|
||||||
|
log.Printf("SSH User CA Key: %s\n", ca.config.SSH.UserKey)
|
||||||
|
}
|
||||||
log.Printf("Documentation: https://u.step.sm/docs/ca")
|
log.Printf("Documentation: https://u.step.sm/docs/ca")
|
||||||
log.Printf("Community Discord: https://u.step.sm/discord")
|
log.Printf("Community Discord: https://u.step.sm/discord")
|
||||||
log.Printf("Config File: %s", ca.opts.configFile)
|
log.Printf("Config File: %s", ca.opts.configFile)
|
||||||
|
|
Loading…
Reference in a new issue