Update pki with changes in smallstep/cli

This commit is contained in:
Mariano Cano 2019-09-26 15:23:32 -07:00
parent d0e5976c06
commit 8b8faf1b2d

View file

@ -403,6 +403,13 @@ func (p *PKI) GenerateConfig(opt ...Option) (*authority.Config, error) {
return nil, errors.Wrap(err, "error serializing private key") return nil, errors.Wrap(err, "error serializing private key")
} }
prov := &provisioner.JWK{
Name: p.provisioner,
Type: "JWK",
Key: p.ottPublicKey,
EncryptedKey: key,
}
config := &authority.Config{ config := &authority.Config{
Root: []string{p.root}, Root: []string{p.root},
FederatedRoots: []string{}, FederatedRoots: []string{},
@ -417,9 +424,7 @@ func (p *PKI) GenerateConfig(opt ...Option) (*authority.Config, error) {
}, },
AuthorityConfig: &authority.AuthConfig{ AuthorityConfig: &authority.AuthConfig{
DisableIssuedAtCheck: false, DisableIssuedAtCheck: false,
Provisioners: provisioner.List{ Provisioners: provisioner.List{prov},
&provisioner.JWK{Name: p.provisioner, Type: "jwk", Key: p.ottPublicKey, EncryptedKey: key},
},
}, },
TLS: &tlsutil.TLSOptions{ TLS: &tlsutil.TLSOptions{
MinVersion: x509util.DefaultTLSMinVersion, MinVersion: x509util.DefaultTLSMinVersion,
@ -429,10 +434,14 @@ func (p *PKI) GenerateConfig(opt ...Option) (*authority.Config, error) {
}, },
} }
if p.enableSSH { if p.enableSSH {
enableSSHCA := true
config.SSH = &authority.SSHConfig{ config.SSH = &authority.SSHConfig{
HostKey: p.sshHostKey, HostKey: p.sshHostKey,
UserKey: p.sshUserKey, UserKey: p.sshUserKey,
} }
prov.Claims = &provisioner.Claims{
EnableSSHCA: &enableSSHCA,
}
} }
// Apply configuration modifiers // Apply configuration modifiers