added: ensure vailidy range stays same

2023-02-22 15:43:23 +01:00 · 2023-02-22 15:43:23 +01:00 · bccaa6935f
commit bccaa6935f
parent c299a4e132
1 changed files with 8 additions and 4 deletions
--- a/server/src/api.rs
+++ b/server/src/api.rs
@ -4,7 +4,7 @@ use std::collections::HashMap;
 use std::net::SocketAddr;
 use std::path::{self, PathBuf};
 use std::sync::Arc;
-use std::time::SystemTime;
+use std::time::{SystemTime, UNIX_EPOCH};

 use anyhow::Context;
 use axum::body;
@ -270,7 +270,8 @@ impl From<&Certificate> for CertInfo {
            .valid_before_time()
            .duration_since(cert.valid_after_time())
            .unwrap();
-        let validity_days = validity.as_secs() / ((60 * 60) * 24);
+        let expiry = cert.valid_before_time().checked_add(validity).unwrap();
+        let expiry_date = expiry.duration_since(UNIX_EPOCH).unwrap();
        let host_key = if cert.cert_type().is_host() {
            " -h"
        } else {
@ -291,9 +292,12 @@ impl From<&Certificate> for CertInfo {
            .join(" ");
        let opts = opts.trim();
        let renew_command = format!(
-            "ssh-keygen -s ./ca_key {host_key} -I {} -n {} -V {validity_days}d {opts} {}.pub",
+            "ssh-keygen -s ./ca_key {host_key} -I {} -n {} -V {:#x}:{:#x} {opts} {}.pub",
            escape(cert.key_id().into()),
-            escape(cert.valid_principals().join(",").into()), escape(cert.key_id().into())
+            escape(cert.valid_principals().join(",").into()),
+            cert.valid_after(),
+            expiry_date.as_secs(),
+            escape(cert.key_id().into())
        );
        CertInfo {
            principals: cert.valid_principals().to_vec(),