forked from TrueCloudLab/certificates
Fix comments, and return an error instead of fatal.
This commit is contained in:
Mariano Cano
parent
7d9997618f
commit
ccc403cf89
2 changed files with 11 additions and 5 deletions
1
go.sum
1
go.sum
|
|
@ -307,6 +307,7 @@ golang.org/x/crypto v0.0.0-20200728195943-123391ffb6de h1:ikNHVSjEfnvz6sxdSPCaPt
|
||||||
golang.org/x/crypto v0.0.0-20200728195943-123391ffb6de/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
|
golang.org/x/crypto v0.0.0-20200728195943-123391ffb6de/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
|
||||||
golang.org/x/crypto v0.0.0-20201016220609-9e8e0b390897 h1:pLI5jrR7OSLijeIDcmRxNmw2api+jEfxLoykJVice/E=
|
golang.org/x/crypto v0.0.0-20201016220609-9e8e0b390897 h1:pLI5jrR7OSLijeIDcmRxNmw2api+jEfxLoykJVice/E=
|
||||||
golang.org/x/crypto v0.0.0-20201016220609-9e8e0b390897/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
|
golang.org/x/crypto v0.0.0-20201016220609-9e8e0b390897/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
|
||||||
|
golang.org/x/crypto v0.0.0-20201117144127-c1f2f97bffc9 h1:phUcVbl53swtrUN8kQEXFhUxPlIlWyBfKmidCu7P95o=
|
||||||
golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
|
golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
|
||||||
golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
|
golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
|
||||||
golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8=
|
golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8=
|
||||||
|
|
|
||||||
|
|
@ -8,7 +8,6 @@ import (
|
||||||
"crypto/rsa"
|
"crypto/rsa"
|
||||||
"crypto/x509"
|
"crypto/x509"
|
||||||
"io"
|
"io"
|
||||||
"log"
|
|
||||||
"net"
|
"net"
|
||||||
"os"
|
"os"
|
||||||
"strings"
|
"strings"
|
||||||
|
|
@ -32,7 +31,7 @@ func New(ctx context.Context, opts apiv1.Options) (*SSHAgentKMS, error) {
|
||||||
socket := os.Getenv("SSH_AUTH_SOCK")
|
socket := os.Getenv("SSH_AUTH_SOCK")
|
||||||
conn, err := net.Dial("unix", socket)
|
conn, err := net.Dial("unix", socket)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Fatalf("Failed to open SSH_AUTH_SOCK: %v", err)
|
return nil, errors.Wrap(err, "failed to open SSH_AUTH_SOCK")
|
||||||
}
|
}
|
||||||
|
|
||||||
agentClient := agent.NewClient(conn)
|
agentClient := agent.NewClient(conn)
|
||||||
|
|
@ -42,7 +41,8 @@ func New(ctx context.Context, opts apiv1.Options) (*SSHAgentKMS, error) {
|
||||||
}, nil
|
}, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
// For testing
|
// NewFromAgent initializes an SSHAgentKMS from a given agent, this method is
|
||||||
|
// used for testing purposes.
|
||||||
func NewFromAgent(ctx context.Context, opts apiv1.Options, agentClient agent.Agent) (*SSHAgentKMS, error) {
|
func NewFromAgent(ctx context.Context, opts apiv1.Options, agentClient agent.Agent) (*SSHAgentKMS, error) {
|
||||||
return &SSHAgentKMS{
|
return &SSHAgentKMS{
|
||||||
agentClient: agentClient,
|
agentClient: agentClient,
|
||||||
|
|
@ -55,20 +55,23 @@ func init() {
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Close closes the agent. This is a noop for the SSHAgentKMS.
|
||||||
func (k *SSHAgentKMS) Close() error {
|
func (k *SSHAgentKMS) Close() error {
|
||||||
// TODO: Is there any cleanup in Agent we can do?
|
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
// Utility class to wrap a ssh.Signer as a crypto.Signer
|
// WrappedSSHSigner is a utility type to wrap a ssh.Signer as a crypto.Signer
|
||||||
type WrappedSSHSigner struct {
|
type WrappedSSHSigner struct {
|
||||||
Sshsigner ssh.Signer
|
Sshsigner ssh.Signer
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Public returns the agent public key. The type of this public key is
|
||||||
|
// *agent.Key.
|
||||||
func (s *WrappedSSHSigner) Public() crypto.PublicKey {
|
func (s *WrappedSSHSigner) Public() crypto.PublicKey {
|
||||||
return s.Sshsigner.PublicKey()
|
return s.Sshsigner.PublicKey()
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Sign signs the given digest using the ssh agent and returns the signature.
|
||||||
func (s *WrappedSSHSigner) Sign(rand io.Reader, digest []byte, opts crypto.SignerOpts) (signature []byte, err error) {
|
func (s *WrappedSSHSigner) Sign(rand io.Reader, digest []byte, opts crypto.SignerOpts) (signature []byte, err error) {
|
||||||
sig, err := s.Sshsigner.Sign(rand, digest)
|
sig, err := s.Sshsigner.Sign(rand, digest)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
|
@ -77,6 +80,8 @@ func (s *WrappedSSHSigner) Sign(rand io.Reader, digest []byte, opts crypto.Signe
|
||||||
return sig.Blob, nil
|
return sig.Blob, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// NewWrappedSignerFromSSHSigner returns a new crypto signer wrapping the given
|
||||||
|
// one.
|
||||||
func NewWrappedSignerFromSSHSigner(signer ssh.Signer) crypto.Signer {
|
func NewWrappedSignerFromSSHSigner(signer ssh.Signer) crypto.Signer {
|
||||||
return &WrappedSSHSigner{signer}
|
return &WrappedSSHSigner{signer}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue