forked from TrueCloudLab/certificates
Load default templates if no templates are configured.
This commit is contained in:
parent
b583d8d658
commit
6c844a0618
1 changed files with 14 additions and 15 deletions
|
@ -202,6 +202,7 @@ func (a *Authority) init() error {
|
|||
}
|
||||
|
||||
// Decrypt and load SSH keys
|
||||
var tmplVars templates.Step
|
||||
if a.config.SSH != nil {
|
||||
if a.config.SSH.HostKey != "" {
|
||||
signer, err := a.keyManager.CreateSigner(&kmsapi.CreateSignerRequest{
|
||||
|
@ -218,6 +219,9 @@ func (a *Authority) init() error {
|
|||
// Append public key to list of host certs
|
||||
a.sshCAHostCerts = append(a.sshCAHostCerts, a.sshCAHostCertSignKey.PublicKey())
|
||||
a.sshCAHostFederatedCerts = append(a.sshCAHostFederatedCerts, a.sshCAHostCertSignKey.PublicKey())
|
||||
// Configure template variables
|
||||
tmplVars.SSH.HostKey = a.sshCAHostCertSignKey.PublicKey()
|
||||
tmplVars.SSH.HostFederatedKeys = append(tmplVars.SSH.HostFederatedKeys, a.sshCAHostFederatedCerts[1:]...)
|
||||
}
|
||||
if a.config.SSH.UserKey != "" {
|
||||
signer, err := a.keyManager.CreateSigner(&kmsapi.CreateSignerRequest{
|
||||
|
@ -234,6 +238,9 @@ func (a *Authority) init() error {
|
|||
// Append public key to list of user certs
|
||||
a.sshCAUserCerts = append(a.sshCAUserCerts, a.sshCAUserCertSignKey.PublicKey())
|
||||
a.sshCAUserFederatedCerts = append(a.sshCAUserFederatedCerts, a.sshCAUserCertSignKey.PublicKey())
|
||||
// Configure template variables
|
||||
tmplVars.SSH.UserKey = a.sshCAUserCertSignKey.PublicKey()
|
||||
tmplVars.SSH.UserFederatedKeys = append(tmplVars.SSH.UserFederatedKeys, a.sshCAUserFederatedCerts[1:]...)
|
||||
}
|
||||
|
||||
// Append other public keys
|
||||
|
@ -292,23 +299,15 @@ func (a *Authority) init() error {
|
|||
}
|
||||
}
|
||||
|
||||
// Configure protected template variables:
|
||||
if t := a.config.Templates; t != nil {
|
||||
if t.Data == nil {
|
||||
t.Data = make(map[string]interface{})
|
||||
// Configure templates, currently only ssh templates are supported.
|
||||
if a.sshCAHostCertSignKey != nil || a.sshCAUserCertSignKey != nil {
|
||||
if a.config.Templates == nil {
|
||||
a.config.Templates = templates.DefaultTemplates()
|
||||
}
|
||||
var vars templates.Step
|
||||
if a.config.SSH != nil {
|
||||
if a.sshCAHostCertSignKey != nil {
|
||||
vars.SSH.HostKey = a.sshCAHostCertSignKey.PublicKey()
|
||||
vars.SSH.HostFederatedKeys = append(vars.SSH.HostFederatedKeys, a.sshCAHostFederatedCerts[1:]...)
|
||||
if a.config.Templates.Data == nil {
|
||||
a.config.Templates.Data = make(map[string]interface{})
|
||||
}
|
||||
if a.sshCAUserCertSignKey != nil {
|
||||
vars.SSH.UserKey = a.sshCAUserCertSignKey.PublicKey()
|
||||
vars.SSH.UserFederatedKeys = append(vars.SSH.UserFederatedKeys, a.sshCAUserFederatedCerts[1:]...)
|
||||
}
|
||||
}
|
||||
t.Data["Step"] = vars
|
||||
a.config.Templates.Data["Step"] = tmplVars
|
||||
}
|
||||
|
||||
// JWT numeric dates are seconds.
|
||||
|
|
Loading…
Reference in a new issue