forked from TrueCloudLab/certificates
Ask for the first provisioner password if none is provided.
This commit is contained in:
Mariano Cano
parent
28e882c9b3
commit
492ff4b632
2 changed files with 13 additions and 5 deletions
|
|
@ -11,24 +11,23 @@ import (
|
||||||
"sync"
|
"sync"
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
"github.com/smallstep/certificates/cas"
|
|
||||||
"github.com/smallstep/certificates/scep"
|
|
||||||
"go.step.sm/linkedca"
|
|
||||||
|
|
||||||
"github.com/pkg/errors"
|
"github.com/pkg/errors"
|
||||||
"github.com/smallstep/certificates/authority/admin"
|
"github.com/smallstep/certificates/authority/admin"
|
||||||
adminDBNosql "github.com/smallstep/certificates/authority/admin/db/nosql"
|
adminDBNosql "github.com/smallstep/certificates/authority/admin/db/nosql"
|
||||||
"github.com/smallstep/certificates/authority/administrator"
|
"github.com/smallstep/certificates/authority/administrator"
|
||||||
"github.com/smallstep/certificates/authority/config"
|
"github.com/smallstep/certificates/authority/config"
|
||||||
"github.com/smallstep/certificates/authority/provisioner"
|
"github.com/smallstep/certificates/authority/provisioner"
|
||||||
|
"github.com/smallstep/certificates/cas"
|
||||||
casapi "github.com/smallstep/certificates/cas/apiv1"
|
casapi "github.com/smallstep/certificates/cas/apiv1"
|
||||||
"github.com/smallstep/certificates/db"
|
"github.com/smallstep/certificates/db"
|
||||||
"github.com/smallstep/certificates/kms"
|
"github.com/smallstep/certificates/kms"
|
||||||
kmsapi "github.com/smallstep/certificates/kms/apiv1"
|
kmsapi "github.com/smallstep/certificates/kms/apiv1"
|
||||||
"github.com/smallstep/certificates/kms/sshagentkms"
|
"github.com/smallstep/certificates/kms/sshagentkms"
|
||||||
|
"github.com/smallstep/certificates/scep"
|
||||||
"github.com/smallstep/certificates/templates"
|
"github.com/smallstep/certificates/templates"
|
||||||
"github.com/smallstep/nosql"
|
"github.com/smallstep/nosql"
|
||||||
"go.step.sm/crypto/pemutil"
|
"go.step.sm/crypto/pemutil"
|
||||||
|
"go.step.sm/linkedca"
|
||||||
"golang.org/x/crypto/ssh"
|
"golang.org/x/crypto/ssh"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
|
@ -474,7 +473,7 @@ func (a *Authority) init() error {
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return admin.WrapErrorISE(err, "error loading provisioners to initialize authority")
|
return admin.WrapErrorISE(err, "error loading provisioners to initialize authority")
|
||||||
}
|
}
|
||||||
if len(provs) == 0 {
|
if len(provs) == 0 && !strings.EqualFold(a.config.AuthorityConfig.DeploymentType, "linked") {
|
||||||
// Create First Provisioner
|
// Create First Provisioner
|
||||||
prov, err := CreateFirstProvisioner(context.Background(), a.adminDB, a.config.Password)
|
prov, err := CreateFirstProvisioner(context.Background(), a.adminDB, a.config.Password)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
|
|
||||||
|
|
@ -14,6 +14,7 @@ import (
|
||||||
"github.com/smallstep/certificates/authority/provisioner"
|
"github.com/smallstep/certificates/authority/provisioner"
|
||||||
"github.com/smallstep/certificates/errs"
|
"github.com/smallstep/certificates/errs"
|
||||||
step "go.step.sm/cli-utils/config"
|
step "go.step.sm/cli-utils/config"
|
||||||
|
"go.step.sm/cli-utils/ui"
|
||||||
"go.step.sm/crypto/jose"
|
"go.step.sm/crypto/jose"
|
||||||
"go.step.sm/linkedca"
|
"go.step.sm/linkedca"
|
||||||
"gopkg.in/square/go-jose.v2/jwt"
|
"gopkg.in/square/go-jose.v2/jwt"
|
||||||
|
|
@ -238,6 +239,14 @@ func (a *Authority) RemoveProvisioner(ctx context.Context, id string) error {
|
||||||
}
|
}
|
||||||
|
|
||||||
func CreateFirstProvisioner(ctx context.Context, db admin.DB, password string) (*linkedca.Provisioner, error) {
|
func CreateFirstProvisioner(ctx context.Context, db admin.DB, password string) (*linkedca.Provisioner, error) {
|
||||||
|
if password == "" {
|
||||||
|
pass, err := ui.PromptPasswordGenerate("Please enter the password to encrypt your first provisioner, leave empty and we'll generate one")
|
||||||
|
if err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
password = string(pass)
|
||||||
|
}
|
||||||
|
|
||||||
jwk, jwe, err := jose.GenerateDefaultKeyPair([]byte(password))
|
jwk, jwe, err := jose.GenerateDefaultKeyPair([]byte(password))
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, admin.WrapErrorISE(err, "error generating JWK key pair")
|
return nil, admin.WrapErrorISE(err, "error generating JWK key pair")
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue