self-hosted/teleport
self-hosted/teleport
1
0
Fork 0
mirror of https://github.com/gravitational/teleport synced 2024-10-21 01:34:01 +00:00
Code Issues Packages Projects Releases Wiki Activity

Remove alg argument from CertAuthority.Signers

Browse source 
It's no longer needed, since CertAuthority contains the signing
algorithm internally.
This commit is contained in:
Andrew Lytvynov 2020-06-11 16:47:51 -07:00 committed by Andrew Lytvynov
parent 6b53312bed
commit 2172965057
2 changed files with 9 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
lib/auth/rotate.go
View file

@ -549,6 +549,11 @@ func startNewRotation(req rotationReq, ca services.CertAuthority) error {
}
ca.SetTLSKeyPairs(keyPairs)
ca.SetRotation(rotation)
// caSigningAlg is only set when (1) rotation is started manually and (2)
// signing algorithm was explicitly set in the config file.
//
// For automatic rotations or when config file doesn't set a value,
// preserve the signing algorithm of the existing CA.
if req.caSigningAlg != nil {
ca.SetSigningAlg(*req.caSigningAlg)
}

10
lib/services/authority.go
View file

@ -224,7 +224,7 @@ type CertAuthority interface {
// Checkers returns public keys that can be used to check cert authorities
Checkers() ([]ssh.PublicKey, error)
// Signers returns a list of signers that could be used to sign keys
Signers(alg string) ([]ssh.Signer, error)
Signers() ([]ssh.Signer, error)
// V1 returns V1 version of the resource
V1() *CertAuthorityV1
// V2 returns V2 version of the resource
@ -581,16 +581,14 @@ func (ca *CertAuthorityV2) Checkers() ([]ssh.PublicKey, error) {
}
// Signers returns a list of signers that could be used to sign keys.
//
// The optional alg flag can be used to override the signature algorithm.
func (ca *CertAuthorityV2) Signers(alg string) ([]ssh.Signer, error) {
func (ca *CertAuthorityV2) Signers() ([]ssh.Signer, error) {
out := make([]ssh.Signer, 0, len(ca.Spec.SigningKeys))
for _, keyBytes := range ca.Spec.SigningKeys {
signer, err := ssh.ParsePrivateKey(keyBytes)
if err != nil {
return nil, trace.Wrap(err)
}
signer = sshutils.AlgSigner(signer, alg)
signer = sshutils.AlgSigner(signer, ca.GetSigningAlg())
out = append(out, signer)
}
return out, nil
@ -626,7 +624,7 @@ func (ca *CertAuthorityV2) Check() error {
if err != nil {
return trace.Wrap(err)
}
_, err = ca.Signers("")
_, err = ca.Signers()
if err != nil {
return trace.Wrap(err)
}