forked from TrueCloudLab/certificates
Fix lint errors.
This commit is contained in:
Mariano Cano
parent
ca74bb1de5
commit
34e1e3380a
4 changed files with 12 additions and 31 deletions
8
Gopkg.lock
generated
8
Gopkg.lock
generated
|
|
@ -344,15 +344,20 @@
|
||||||
|
|
||||||
[[projects]]
|
[[projects]]
|
||||||
branch = "master"
|
branch = "master"
|
||||||
digest = "1:5dd7da6df07f42194cb25d162b4b89664ed7b08d7d4334f6a288393d54b095ce"
|
digest = "1:afc49fe39c8c591fc2c8ddc73adc4c69e67125dde6c58e24c91b3b0cf78602be"
|
||||||
name = "golang.org/x/crypto"
|
name = "golang.org/x/crypto"
|
||||||
packages = [
|
packages = [
|
||||||
"cryptobyte",
|
"cryptobyte",
|
||||||
"cryptobyte/asn1",
|
"cryptobyte/asn1",
|
||||||
|
"curve25519",
|
||||||
"ed25519",
|
"ed25519",
|
||||||
"ed25519/internal/edwards25519",
|
"ed25519/internal/edwards25519",
|
||||||
|
"internal/chacha20",
|
||||||
|
"internal/subtle",
|
||||||
"ocsp",
|
"ocsp",
|
||||||
"pbkdf2",
|
"pbkdf2",
|
||||||
|
"poly1305",
|
||||||
|
"ssh",
|
||||||
"ssh/terminal",
|
"ssh/terminal",
|
||||||
]
|
]
|
||||||
pruneopts = "UT"
|
pruneopts = "UT"
|
||||||
|
|
@ -494,6 +499,7 @@
|
||||||
"github.com/tsenart/deadcode",
|
"github.com/tsenart/deadcode",
|
||||||
"github.com/urfave/cli",
|
"github.com/urfave/cli",
|
||||||
"golang.org/x/crypto/ocsp",
|
"golang.org/x/crypto/ocsp",
|
||||||
|
"golang.org/x/crypto/ssh",
|
||||||
"golang.org/x/net/http2",
|
"golang.org/x/net/http2",
|
||||||
"gopkg.in/square/go-jose.v2",
|
"gopkg.in/square/go-jose.v2",
|
||||||
"gopkg.in/square/go-jose.v2/jwt",
|
"gopkg.in/square/go-jose.v2/jwt",
|
||||||
|
|
|
||||||
|
|
@ -15,6 +15,7 @@ import (
|
||||||
|
|
||||||
var (
|
var (
|
||||||
defaultDisableRenewal = false
|
defaultDisableRenewal = false
|
||||||
|
defaultEnableSSHCA = true
|
||||||
globalProvisionerClaims = Claims{
|
globalProvisionerClaims = Claims{
|
||||||
MinTLSDur: &Duration{5 * time.Minute},
|
MinTLSDur: &Duration{5 * time.Minute},
|
||||||
MaxTLSDur: &Duration{24 * time.Hour},
|
MaxTLSDur: &Duration{24 * time.Hour},
|
||||||
|
|
@ -26,6 +27,7 @@ var (
|
||||||
MinHostSSHDur: &Duration{Duration: 5 * time.Minute}, // Host SSH certs
|
MinHostSSHDur: &Duration{Duration: 5 * time.Minute}, // Host SSH certs
|
||||||
MaxHostSSHDur: &Duration{Duration: 30 * 24 * time.Hour},
|
MaxHostSSHDur: &Duration{Duration: 30 * 24 * time.Hour},
|
||||||
DefaultHostSSHDur: &Duration{Duration: 30 * 24 * time.Hour},
|
DefaultHostSSHDur: &Duration{Duration: 30 * 24 * time.Hour},
|
||||||
|
EnableSSHCA: &defaultEnableSSHCA,
|
||||||
}
|
}
|
||||||
)
|
)
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -1,7 +1,6 @@
|
||||||
package provisioner
|
package provisioner
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"fmt"
|
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
"github.com/pkg/errors"
|
"github.com/pkg/errors"
|
||||||
|
|
@ -14,9 +13,6 @@ const (
|
||||||
|
|
||||||
// SSHHostCert is the string used to represent ssh.HostCert.
|
// SSHHostCert is the string used to represent ssh.HostCert.
|
||||||
SSHHostCert = "host"
|
SSHHostCert = "host"
|
||||||
|
|
||||||
// sshProvisionerCommand is the provisioner command
|
|
||||||
sshProvisionerCommand = "sudo adduser --quiet --disabled-password --gecos '' %s 2>/dev/null ; nc -q0 localhost 22"
|
|
||||||
)
|
)
|
||||||
|
|
||||||
// SSHCertificateModifier is the interface used to change properties in an SSH
|
// SSHCertificateModifier is the interface used to change properties in an SSH
|
||||||
|
|
@ -191,18 +187,6 @@ func (m *sshDefaultExtensionModifier) Modify(cert *ssh.Certificate) error {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
type sshProvisionerExtensionModifier string
|
|
||||||
|
|
||||||
func (m sshProvisionerExtensionModifier) Modify(cert *ssh.Certificate) error {
|
|
||||||
if cert.CertType == ssh.UserCert {
|
|
||||||
if cert.CriticalOptions == nil {
|
|
||||||
cert.CriticalOptions = make(map[string]string)
|
|
||||||
}
|
|
||||||
cert.CriticalOptions["force-command"] = fmt.Sprintf(sshProvisionerCommand, m)
|
|
||||||
}
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
|
|
||||||
// sshCertificateValidityModifier is a SSHCertificateModifier checks the
|
// sshCertificateValidityModifier is a SSHCertificateModifier checks the
|
||||||
// validity bounds, setting them if they are not provided. It will fail if a
|
// validity bounds, setting them if they are not provided. It will fail if a
|
||||||
// CertType has not been set or is not valid.
|
// CertType has not been set or is not valid.
|
||||||
|
|
@ -291,20 +275,6 @@ func (v *sshCertificateDefaultValidator) Valid(crt *ssh.Certificate) error {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// sshCertTypeName returns the string representation of the given ssh.CertType.
|
|
||||||
func sshCertTypeString(ct uint32) string {
|
|
||||||
switch ct {
|
|
||||||
case 0:
|
|
||||||
return ""
|
|
||||||
case ssh.UserCert:
|
|
||||||
return SSHUserCert
|
|
||||||
case ssh.HostCert:
|
|
||||||
return SSHHostCert
|
|
||||||
default:
|
|
||||||
return fmt.Sprintf("unknown (%d)", ct)
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
// sshCertTypeUInt32
|
// sshCertTypeUInt32
|
||||||
func sshCertTypeUInt32(ct string) uint32 {
|
func sshCertTypeUInt32(ct string) uint32 {
|
||||||
switch ct {
|
switch ct {
|
||||||
|
|
|
||||||
|
|
@ -98,6 +98,9 @@ func signSSHCertificate(key crypto.PublicKey, opts SSHOptions, signOpts []SignOp
|
||||||
default:
|
default:
|
||||||
return nil, fmt.Errorf("unexpected ssh certificate type: %d", cert.CertType)
|
return nil, fmt.Errorf("unexpected ssh certificate type: %d", cert.CertType)
|
||||||
}
|
}
|
||||||
|
if err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
cert.SignatureKey = signer.PublicKey()
|
cert.SignatureKey = signer.PublicKey()
|
||||||
|
|
||||||
// Get bytes for signing trailing the signature length.
|
// Get bytes for signing trailing the signature length.
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue