Rietveld Code Review Tool
Help | Bug tracker | Discussion group | Source code | Sign in
(9)

Side by Side Diff: environs/config/authkeys.go

Issue 6850087: environs/config: make CA cert optional
Patch Set: environs/config: make CA cert optional Created 12 years, 4 months ago
Left:
Right:
Use n/p to move between diff chunks; N/P to move between comments. Please Sign in to add in-line comments.
Jump to:
View unified diff | Download patch
« no previous file with comments | « environs/config.go ('k') | environs/config/config.go » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 package config 1 package config
2 2
3 import ( 3 import (
4 "bytes" 4 "bytes"
5 "crypto/tls"
6 "crypto/x509"
7 "encoding/pem"
5 "fmt" 8 "fmt"
6 "io/ioutil" 9 "io/ioutil"
7 "os" 10 "os"
8 "path/filepath" 11 "path/filepath"
9 "strings" 12 "strings"
10 ) 13 )
11 14
12 func expandTilde(f string) string { 15 func expandTilde(f string) string {
13 // TODO expansion of other user's home directories. 16 // TODO expansion of other user's home directories.
14 // Q what characters are valid in a user name? 17 // Q what characters are valid in a user name?
15 if strings.HasPrefix(f, "~"+string(filepath.Separator)) { 18 if strings.HasPrefix(f, "~"+string(filepath.Separator)) {
16 return os.Getenv("HOME") + f[1:] 19 return os.Getenv("HOME") + f[1:]
17 } 20 }
18 return f 21 return f
19 } 22 }
20 23
21 // authorizedKeys implements the standard juju behaviour for finding 24 // authorizedKeys implements the standard juju behaviour for finding
22 // authorized_keys. It returns a set of keys in in authorized_keys format 25 // authorized_keys. It returns a set of keys in in authorized_keys format
23 // (see sshd(8) for a description). If path is non-empty, it names the 26 // (see sshd(8) for a description). If path is non-empty, it names the
24 // file to use; otherwise the user's .ssh directory will be searched. 27 // file to use; otherwise the user's .ssh directory will be searched.
25 // Home directory expansion will be performed on the path if it starts with 28 // Home directory expansion will be performed on the path if it starts with
26 // a ~; if the expanded path is relative, it will be interpreted relative 29 // a ~; if the expanded path is relative, it will be interpreted relative
27 // to $HOME/.ssh. 30 // to $HOME/.ssh.
28 func authorizedKeys(path string) (string, error) { 31 func readAuthorizedKeys(path string) (string, error) {
29 var files []string 32 var files []string
30 if path == "" { 33 if path == "" {
31 files = []string{"id_dsa.pub", "id_rsa.pub", "identity.pub"} 34 files = []string{"id_dsa.pub", "id_rsa.pub", "identity.pub"}
32 } else { 35 } else {
33 files = []string{path} 36 files = []string{path}
34 } 37 }
35 var firstError error 38 var firstError error
36 var keyData []byte 39 var keyData []byte
37 for _, f := range files { 40 for _, f := range files {
38 f = expandTilde(f) 41 f = expandTilde(f)
(...skipping 11 matching lines...) Expand all
50 keyData = append(keyData, '\n') 53 keyData = append(keyData, '\n')
51 } 54 }
52 if len(keyData) == 0 { 55 if len(keyData) == 0 {
53 if firstError == nil { 56 if firstError == nil {
54 firstError = fmt.Errorf("no public ssh keys found") 57 firstError = fmt.Errorf("no public ssh keys found")
55 } 58 }
56 return "", firstError 59 return "", firstError
57 } 60 }
58 return string(keyData), nil 61 return string(keyData), nil
59 } 62 }
63
64 // verifyKeyPair verifies that the certificate and key parse correctly.
65 // The key is optional - if it is provided, we also check that the key
66 // matches the certificate.
67 func verifyKeyPair(certPEM, keyPEM []byte) error {
68 if keyPEM != nil {
69 _, err := tls.X509KeyPair(certPEM, keyPEM)
70 return err
71 }
72 for len(certPEM) > 0 {
73 var certBlock *pem.Block
74 certBlock, certPEM = pem.Decode(certPEM)
75 if certBlock == nil {
76 break
77 }
78 if certBlock.Type == "CERTIFICATE" {
79 _, err := x509.ParseCertificate(certBlock.Bytes)
80 return err
81 }
82 }
83 return fmt.Errorf("no certificates found")
84 }
OLDNEW
« no previous file with comments | « environs/config.go ('k') | environs/config/config.go » ('j') | no next file with comments »

Powered by Google App Engine
RSS Feeds Recent Issues | This issue
This is Rietveld f62528b