Skip to content

Commit 5d4c50e

Browse files
hslatmanhslatman
committed
Fix x5rt#S256 for SSH public keys and tests
1 parent 9fdeb5f commit 5d4c50e

File tree

2 files changed

+9
-5
lines changed

2 files changed

+9
-5
lines changed

token/options.go

Lines changed: 6 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -16,6 +16,8 @@ import (
1616

1717
"github.com/pkg/errors"
1818
nebula "github.com/slackhq/nebula/cert"
19+
"golang.org/x/crypto/ssh"
20+
1921
"go.step.sm/crypto/fingerprint"
2022
"go.step.sm/crypto/jose"
2123
"go.step.sm/crypto/pemutil"
@@ -105,16 +107,18 @@ func WithFingerprint(v any) Options {
105107
switch vv := v.(type) {
106108
case *x509.CertificateRequest:
107109
data = vv.Raw
110+
case ssh.PublicKey:
111+
data = vv.Marshal()
108112
default:
109113
return fmt.Errorf("unsupported fingerprint for %T", v)
110114
}
111115

112-
kid, err := fingerprint.New(data, crypto.SHA256, fingerprint.Base64RawURLFingerprint)
116+
fp, err := fingerprint.New(data, crypto.SHA256, fingerprint.Base64RawURLFingerprint)
113117
if err != nil {
114118
return err
115119
}
116120
c.Set(ConfirmationClaim, map[string]string{
117-
"x5rt#S256": kid,
121+
"x5rt#S256": fp,
118122
})
119123
return nil
120124
}

token/options_test.go

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -86,9 +86,9 @@ func TestOptions(t *testing.T) {
8686
{"WithNebulaCurve25519Cert empty file fail", WithNebulaCert(emptyFile.Name(), nil), empty, true},
8787
{"WithNebulaCurve25519Cert invalid content fail", WithNebulaCert(c25519CertFilename, nil), empty, true},
8888
{"WithNebulaCurve25519Cert mismatching key fail", WithNebulaCert(c25519CertFilename, p256Signer), empty, true},
89-
{"WithConfirmationFingerprint ok", WithConfirmationFingerprint("my-kid"), &Claims{ExtraClaims: map[string]any{"cnf": map[string]string{"kid": "my-kid"}}}, false},
90-
{"WithFingerprint csr ok", WithFingerprint(testCSR), &Claims{ExtraClaims: map[string]any{"cnf": map[string]string{"kid": "ak6j6CwuZbd_mOQ-pNOUwhpmtSN0mY0xrLvaQL4J5l8"}}}, false},
91-
{"WithFingerprint ssh ok", WithFingerprint(testSSH), &Claims{ExtraClaims: map[string]any{"cnf": map[string]string{"kid": "hpTQOoB7fIRxTp-FhXCIm94mGBv7_dzr_5SxLn1Pnwk"}}}, false},
89+
{"WithConfirmationFingerprint ok", WithConfirmationFingerprint("my-kid"), &Claims{ExtraClaims: map[string]any{"cnf": map[string]string{"x5rt#S256": "my-kid"}}}, false},
90+
{"WithFingerprint csr ok", WithFingerprint(testCSR), &Claims{ExtraClaims: map[string]any{"cnf": map[string]string{"x5rt#S256": "ak6j6CwuZbd_mOQ-pNOUwhpmtSN0mY0xrLvaQL4J5l8"}}}, false},
91+
{"WithFingerprint ssh ok", WithFingerprint(testSSH), &Claims{ExtraClaims: map[string]any{"cnf": map[string]string{"x5rt#S256": "hpTQOoB7fIRxTp-FhXCIm94mGBv7_dzr_5SxLn1Pnwk"}}}, false},
9292
{"WithFingerprint fail", WithFingerprint("unexpected type"), empty, true},
9393
}
9494

0 commit comments

Comments
 (0)