From 055e75f3941f423acf87b95d60cb2a8252fade35 Mon Sep 17 00:00:00 2001
From: Carl Tashian <carl@smallstep.com>
Date: Wed, 30 Mar 2022 15:48:42 -0700
Subject: [PATCH] Progress?

---
 authority/authority.go | 26 ++++++++++++++++++--------
 ca/ca.go               | 14 ++++++++++++++
 2 files changed, 32 insertions(+), 8 deletions(-)

diff --git a/authority/authority.go b/authority/authority.go
index 50025cce..b6829861 100644
--- a/authority/authority.go
+++ b/authority/authority.go
@@ -80,6 +80,14 @@ type Authority struct {
 	adminMutex sync.RWMutex
 }
 
+type AuthorityInfo struct {
+	StartTime time.Time
+	RootX509Certs           []*x509.Certificate
+	SSHCAUserCerts          []ssh.PublicKey
+	SSHCAHostCerts          []ssh.PublicKey
+}
+
+
 // New creates and initiates a new Authority type.
 func New(cfg *config.Config, opts ...Option) (*Authority, error) {
 	err := cfg.Validate()
@@ -311,7 +319,6 @@ func (a *Authority) init() error {
 	for _, crt := range a.rootX509Certs {
 		sum := sha256.Sum256(crt.Raw)
 		a.certificates.Store(hex.EncodeToString(sum[:]), crt)
-		log.Printf("X.509 Root Fingerprint: %s", hex.EncodeToString(sum[:]))
 	}
 
 	a.rootX509CertPool = x509.NewCertPool()
@@ -540,13 +547,6 @@ func (a *Authority) init() error {
 		a.templates.Data["Step"] = tmplVars
 	}
 
-	if tmplVars.SSH.HostKey != nil {
-		log.Printf("SSH Host CA Key: %s\n", ssh.MarshalAuthorizedKey(tmplVars.SSH.HostKey))
-	}
-	if tmplVars.SSH.UserKey != nil {
-		log.Printf("SSH User CA Key: %s\n", ssh.MarshalAuthorizedKey(tmplVars.SSH.UserKey))
-	}
-
 	// JWT numeric dates are seconds.
 	a.startTime = time.Now().Truncate(time.Second)
 	// Set flag indicating that initialization has been completed, and should
@@ -567,6 +567,16 @@ func (a *Authority) GetAdminDatabase() admin.DB {
 	return a.adminDB
 }
 
+func (a *Authority) GetAuthorityInfo() *AuthorityInfo {
+	return &AuthorityInfo{
+		StartTime: a.startTime,
+		RootX509Certs: a.rootX509Certs,
+		SSHCAUserCerts: a.sshCAUserCerts,
+		SSHCAHostCerts: a.sshCAHostCerts,
+	}
+
+}
+
 // IsAdminAPIEnabled returns a boolean indicating whether the Admin API has
 // been enabled.
 func (a *Authority) IsAdminAPIEnabled() bool {
diff --git a/ca/ca.go b/ca/ca.go
index 41f48483..223d2470 100644
--- a/ca/ca.go
+++ b/ca/ca.go
@@ -3,6 +3,8 @@ package ca
 import (
 	"crypto/tls"
 	"crypto/x509"
+	"crypto/sha256"
+	"encoding/hex"
 	"fmt"
 	"log"
 	"net/http"
@@ -297,6 +299,18 @@ func (ca *CA) Run() error {
 	errs := make(chan error, 1)
 
 	if !ca.opts.quiet {
+		authorityInfo := ca.auth.GetAuthorityInfo()
+		log.Printf("Address: %s", ca.config.Address)
+		for _, crt := range authorityInfo.RootX509Certs {
+			 sum := sha256.Sum256(crt.Raw)
+			 log.Printf("X.509 Root Fingerprint: %s", hex.EncodeToString(sum[:]))
+		}
+		if ca.config.SSH != nil {
+			log.Printf("SSH Host CA Key: %s\n", ca.config.SSH.HostKey)
+		}
+		if ca.config.SSH != nil {
+			log.Printf("SSH User CA Key: %s\n", ca.config.SSH.UserKey)
+		}
 		log.Printf("Documentation: https://u.step.sm/docs/ca")
 		log.Printf("Community Discord: https://u.step.sm/discord")
 		log.Printf("Config File: %s", ca.opts.configFile)