Skip to content

Commit 1479eb2

Browse files
author
Alex Wilson
committed
TritonDataCenter/node-sshpk-agent#9 want to sign certificates using agent keys
Reviewed by: Trent Mick <[email protected]>
1 parent 3bd4c38 commit 1479eb2

File tree

3 files changed

+59
-3
lines changed

3 files changed

+59
-3
lines changed

lib/formats/openssh-cert.js

Lines changed: 30 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,9 +1,10 @@
1-
// Copyright 2016 Joyent, Inc.
1+
// Copyright 2017 Joyent, Inc.
22

33
module.exports = {
44
read: read,
55
verify: verify,
66
sign: sign,
7+
signAsync: signAsync,
78
write: write,
89

910
/* Internal private API */
@@ -188,6 +189,34 @@ function sign(cert, key) {
188189
return (true);
189190
}
190191

192+
function signAsync(cert, signer, done) {
193+
if (cert.signatures.openssh === undefined)
194+
cert.signatures.openssh = {};
195+
try {
196+
var blob = toBuffer(cert, true);
197+
} catch (e) {
198+
delete (cert.signatures.openssh);
199+
done(e);
200+
return;
201+
}
202+
var sig = cert.signatures.openssh;
203+
204+
signer(blob, function (err, signature) {
205+
if (err) {
206+
done(err);
207+
return;
208+
}
209+
if ((signature.type === 'rsa' || signature.type === 'dsa') &&
210+
signature.hashAlgorithm !== 'sha1') {
211+
done(new Error('RSA/DSA keys can only sign with ' +
212+
'SHA-1 for OpenSSH certificates'));
213+
return;
214+
}
215+
sig.signature = signature;
216+
done();
217+
});
218+
}
219+
191220
function write(cert, options) {
192221
if (options === undefined)
193222
options = {};

lib/formats/x509.js

Lines changed: 28 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,9 +1,10 @@
1-
// Copyright 2016 Joyent, Inc.
1+
// Copyright 2017 Joyent, Inc.
22

33
module.exports = {
44
read: read,
55
verify: verify,
66
sign: sign,
7+
signAsync: signAsync,
78
write: write
89
};
910

@@ -451,6 +452,32 @@ function sign(cert, key) {
451452
return (true);
452453
}
453454

455+
function signAsync(cert, signer, done) {
456+
if (cert.signatures.x509 === undefined)
457+
cert.signatures.x509 = {};
458+
var sig = cert.signatures.x509;
459+
460+
var der = new asn1.BerWriter();
461+
writeTBSCert(cert, der);
462+
var blob = der.buffer;
463+
sig.cache = blob;
464+
465+
signer(blob, function (err, signature) {
466+
if (err) {
467+
done(err);
468+
return;
469+
}
470+
sig.algo = signature.type + '-' + signature.hashAlgorithm;
471+
if (SIGN_ALGS[sig.algo] === undefined) {
472+
done(new Error('Invalid signing algorithm "' +
473+
sig.algo + '"'));
474+
return;
475+
}
476+
sig.signature = signature;
477+
done();
478+
});
479+
}
480+
454481
function write(cert, options) {
455482
var sig = cert.signatures.x509;
456483
assert.object(sig, 'x509 signature');

package.json

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
{
22
"name": "sshpk",
3-
"version": "1.11.0",
3+
"version": "1.12.0",
44
"description": "A library for finding and using SSH public keys",
55
"main": "lib/index.js",
66
"scripts": {

0 commit comments

Comments
 (0)