Add URI support to configure yubikeys.

2021-02-16 15:02:20 -08:00 · 2021-02-16 15:02:20 -08:00 · 2ba4e37530
commit 2ba4e37530
parent 4c562160fc
1 changed files with 19 additions and 0 deletions
--- a/kms/yubikey/yubikey.go
+++ b/kms/yubikey/yubikey.go
@ -13,8 +13,12 @@ import (
 	"github.com/go-piv/piv-go/piv"
 	"github.com/pkg/errors"
 	"github.com/smallstep/certificates/kms/apiv1"
+	"github.com/smallstep/certificates/kms/uri"
 )

+// Scheme is the scheme used in uris.
+const Scheme = "yubikey"
+
 // YubiKey implements the KMS interface on a YubiKey.
 type YubiKey struct {
 	yk            *piv.YubiKey
@ -26,6 +30,21 @@ type YubiKey struct {
 // TODO(mariano): only one card is currently supported.
 func New(ctx context.Context, opts apiv1.Options) (*YubiKey, error) {
 	managementKey := piv.DefaultManagementKey
+
+	if opts.URI != "" {
+		u, err := uri.ParseWithScheme(Scheme, opts.URI)
+		if err != nil {
+			return nil, err
+		}
+		if v := u.Pin(); v != "" {
+			opts.Pin = v
+		}
+		if v := u.Get("management-key"); v != "" {
+			opts.ManagementKey = v
+		}
+	}
+
+	// Deprecated way to set configuration parameters.
 	if opts.ManagementKey != "" {
 		b, err := hex.DecodeString(opts.ManagementKey)
 		if err != nil {