Skip to content

Commit

Permalink
Fix x5rt#S256 for SSH public keys and tests
Browse files Browse the repository at this point in the history
  • Loading branch information
@hslatman
hslatman committed Aug 6, 2024
1 parent 9fdeb5f commit 5d4c50e
Show file tree
Hide file tree
Showing 2 changed files with 9 additions and 5 deletions.
8 changes: 6 additions & 2 deletions token/options.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,8 @@ import (

"github.com/pkg/errors"
nebula "github.com/slackhq/nebula/cert"
"golang.org/x/crypto/ssh"

"go.step.sm/crypto/fingerprint"
"go.step.sm/crypto/jose"
"go.step.sm/crypto/pemutil"
Expand Down Expand Up @@ -105,16 +107,18 @@ func WithFingerprint(v any) Options {
switch vv := v.(type) {
case *x509.CertificateRequest:
data = vv.Raw
case ssh.PublicKey:
data = vv.Marshal()
default:
return fmt.Errorf("unsupported fingerprint for %T", v)
}

kid, err := fingerprint.New(data, crypto.SHA256, fingerprint.Base64RawURLFingerprint)
fp, err := fingerprint.New(data, crypto.SHA256, fingerprint.Base64RawURLFingerprint)
if err != nil {
return err
}
c.Set(ConfirmationClaim, map[string]string{
"x5rt#S256": kid,
"x5rt#S256": fp,
})
return nil
}
Expand Down
6 changes: 3 additions & 3 deletions token/options_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -86,9 +86,9 @@ func TestOptions(t *testing.T) {
{"WithNebulaCurve25519Cert empty file fail", WithNebulaCert(emptyFile.Name(), nil), empty, true},
{"WithNebulaCurve25519Cert invalid content fail", WithNebulaCert(c25519CertFilename, nil), empty, true},
{"WithNebulaCurve25519Cert mismatching key fail", WithNebulaCert(c25519CertFilename, p256Signer), empty, true},
{"WithConfirmationFingerprint ok", WithConfirmationFingerprint("my-kid"), &Claims{ExtraClaims: map[string]any{"cnf": map[string]string{"kid": "my-kid"}}}, false},
{"WithFingerprint csr ok", WithFingerprint(testCSR), &Claims{ExtraClaims: map[string]any{"cnf": map[string]string{"kid": "ak6j6CwuZbd_mOQ-pNOUwhpmtSN0mY0xrLvaQL4J5l8"}}}, false},
{"WithFingerprint ssh ok", WithFingerprint(testSSH), &Claims{ExtraClaims: map[string]any{"cnf": map[string]string{"kid": "hpTQOoB7fIRxTp-FhXCIm94mGBv7_dzr_5SxLn1Pnwk"}}}, false},
{"WithConfirmationFingerprint ok", WithConfirmationFingerprint("my-kid"), &Claims{ExtraClaims: map[string]any{"cnf": map[string]string{"x5rt#S256": "my-kid"}}}, false},
{"WithFingerprint csr ok", WithFingerprint(testCSR), &Claims{ExtraClaims: map[string]any{"cnf": map[string]string{"x5rt#S256": "ak6j6CwuZbd_mOQ-pNOUwhpmtSN0mY0xrLvaQL4J5l8"}}}, false},
{"WithFingerprint ssh ok", WithFingerprint(testSSH), &Claims{ExtraClaims: map[string]any{"cnf": map[string]string{"x5rt#S256": "hpTQOoB7fIRxTp-FhXCIm94mGBv7_dzr_5SxLn1Pnwk"}}}, false},
{"WithFingerprint fail", WithFingerprint("unexpected type"), empty, true},
}

Expand Down

0 comments on commit 5d4c50e

Please sign in to comment.