Skip to content
Snippets Groups Projects
Select Git revision
1 result Searching

client.go

Blame
    • Kevin Lyda's avatar
      c1e00511
      Add auto_token client option · c1e00511
      Kevin Lyda authored 
      Add an auto_token client option to change the flow such that the
token will be sent back to the client directly by the browser.
There are a number of "TODO" messages in this commit which will
hopefully be addressed in code review. I'm not sure if they're
needed.
      c1e00511
      History
      Add auto_token client option
      Kevin Lyda authored 
      Add an auto_token client option to change the flow such that the
token will be sent back to the client directly by the browser.
There are a number of "TODO" messages in this commit which will
hopefully be addressed in code review. I'm not sure if they're
needed.
    client.go 6.72 KiB 
    package client

import (
	"bufio"
	"bytes"
	"crypto/tls"
	"encoding/base64"
	"encoding/json"
	"encoding/pem"
	"fmt"
	"io/ioutil"
	"net/http"
	"net/url"
	"os"
	"path"
	"strings"
	"time"

	"github.com/nsheridan/cashier/lib"
	"github.com/pkg/errors"
	"golang.org/x/crypto/ssh"
	"golang.org/x/crypto/ssh/agent"
)

var (
	errNeedsReason = errors.New("reason required")
)

// SavePublicFiles installs the public part of the cert and key.
func SavePublicFiles(prefix string, cert *ssh.Certificate, pub ssh.PublicKey) error {
	if prefix == "" {
		return nil
	}
	pubTxt := ssh.MarshalAuthorizedKey(pub)
	certPubTxt := []byte(cert.Type() + " " + base64.StdEncoding.EncodeToString(cert.Marshal()))

	_prefix := prefix + "/id_" + cert.KeyId

	if err := ioutil.WriteFile(_prefix+".pub", pubTxt, 0644); err != nil {
		return err
	}
	err := ioutil.WriteFile(_prefix+"-cert.pub", certPubTxt, 0644)

	return err
}

// SavePrivateFiles installs the private part of the key.
func SavePrivateFiles(prefix string, cert *ssh.Certificate, key Key) error {
	if prefix == "" {
		return nil
	}
	_prefix := prefix + "/id_" + cert.KeyId
	pemBlock, err := pemBlockForKey(key)
	if err != nil {
		return err
	}
	err = ioutil.WriteFile(_prefix, pem.EncodeToMemory(pemBlock), 0600)
	return err
}

// InstallCert adds the private key and signed certificate to the ssh agent.
func InstallCert(a agent.Agent, cert *ssh.Certificate, key Key) error {
	t := time.Unix(int64(cert.ValidBefore), 0)
	lifetime := t.Sub(time.Now()).Seconds()
	comment := fmt.Sprintf("%s [Expires %s]", cert.KeyId, t)
	pubcert := agent.AddedKey{
		PrivateKey:   key,
		Certificate:  cert,
		Comment:      comment,
		LifetimeSecs: uint32(lifetime),