github-personal/certificates
1
0
Fork 0
mirror of https://github.com/outbackdingo/certificates.git synced 2026-01-27 10:18:34 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add URI support to configure yubikeys.

Browse Source
This commit is contained in:
Mariano Cano
2021-02-16 15:02:20 -08:00
parent 4c562160fc
commit 2ba4e37530
1 changed files with 19 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
kms/yubikey/yubikey.go
View File

@@ -13,8 +13,12 @@ import (
"github.com/go-piv/piv-go/piv"
"github.com/pkg/errors"
"github.com/smallstep/certificates/kms/apiv1"
"github.com/smallstep/certificates/kms/uri"
)
// Scheme is the scheme used in uris.
const Scheme = "yubikey"
// YubiKey implements the KMS interface on a YubiKey.
type YubiKey struct {
yk *piv.YubiKey
@@ -26,6 +30,21 @@ type YubiKey struct {
// TODO(mariano): only one card is currently supported.
func New(ctx context.Context, opts apiv1.Options) (*YubiKey, error) {
managementKey := piv.DefaultManagementKey
if opts.URI != "" {
u, err := uri.ParseWithScheme(Scheme, opts.URI)
if err != nil {
return nil, err
}
if v := u.Pin(); v != "" {
opts.Pin = v
}
if v := u.Get("management-key"); v != "" {
opts.ManagementKey = v
}
}
// Deprecated way to set configuration parameters.
if opts.ManagementKey != "" {
b, err := hex.DecodeString(opts.ManagementKey)
if err != nil {