Added TODOs and documentation

connectedcars · Jul 27, 2020 · 6c75a56 · 6c75a56
1 parent 3a3af23
commit 6c75a56
Show file tree

Hide file tree

Showing 3 changed files with 4 additions and 0 deletions.
diff --git a/cmd/authwrapper/setup.go b/cmd/authwrapper/setup.go
@@ -170,6 +170,7 @@ func setupKeyring(config *Config) (agent.ExtendedAgent, error) {
 
 	if config.SSHSigningServerURL != "" {
 		var errors []error
+		// TODO: support fetching new certs when they expire
 		for _, signer := range signers {
 			userCert, err := fetchUserCert(config.SSHSigningServerURL, signer.Signer, config.Command, config.Args, config.RequestedPrincipals)
 			if err != nil {

diff --git a/server/main.go b/server/main.go
@@ -59,6 +59,7 @@ type SigningServer struct {
 // NewSigningServer creates a new server
 func NewSigningServer(caKey ssh.Signer, allowedKeys []AllowedKey) *SigningServer {
 	var allowedKeysMap = map[string]*AllowedKey{}
+
 	for i, allowedKey := range allowedKeys {
 		pubkeyString := strings.TrimSuffix(string(ssh.MarshalAuthorizedKey(allowedKey.Key)), "\n")
 		allowedKeysMap[pubkeyString] = &allowedKeys[i]

diff --git a/sshagent/keyring.go b/sshagent/keyring.go
@@ -70,6 +70,8 @@ func (r *sshAlgorithmSignerKeyring) List() ([]*agent.Key, error) {
 	// TODO: the go lang ssh cert implementation does not support forcing [email protected] or [email protected]
 	// https://cvsweb.openbsd.org/src/usr.bin/ssh/PROTOCOL.certkeys?annotate=HEAD
 	// To fix this we would need to replace the keyname in the certBlob with one of the names listed.
+	// This seems to be fixed in a newer go version, when this is merged:
+	// https://github.com/golang/go/issues/37278
 	for _, certificate := range r.sshCertificates {
 		keys = append(keys, &agent.Key{
 			Format:  certificate.Certificate.Type(),