shimun/ssh-cert-dist
1
0
Fork 0
Code Issues 1 Pull Requests 1 Packages Projects Releases Wiki Activity

added: renew command

Browse Source
This commit is contained in:
shimun 2023-02-22 14:56:01 +01:00
parent 02fbc55d93
commit e3b920fcd5
Signed by: shimun
GPG Key ID: E0420647856EA39E
1 changed files with 35 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

36
server/src/api.rs
View File

@ -18,7 +18,7 @@ use jwt_compact::alg::{Hs256, Hs256Key};
use jwt_compact::{AlgorithmExt, Token, UntrustedToken}; use jwt_compact::{AlgorithmExt, Token, UntrustedToken};
use rand::{thread_rng, Rng}; use rand::{thread_rng, Rng};
use serde::{Deserialize, Serialize}; use serde::{Deserialize, Serialize};
use ssh_key::{Certificate, PublicKey}; use ssh_key::{Certificate, Fingerprint, PublicKey};
use tokio::sync::Mutex; use tokio::sync::Mutex;
use tower::ServiceBuilder; use tower::ServiceBuilder;
use tower_http::{trace::TraceLayer, ServiceBuilderExt}; use tower_http::{trace::TraceLayer, ServiceBuilderExt};
@ -255,19 +255,53 @@ async fn get_certs_identifier(
struct CertInfo { struct CertInfo {
principals: Vec<String>, principals: Vec<String>,
ca: PublicKey, ca: PublicKey,
ca_hash: Fingerprint,
identity: PublicKey, identity: PublicKey,
identity_hash: Fingerprint,
key_id: String, key_id: String,
expiry: SystemTime, expiry: SystemTime,
renew_command: String,
} }
impl From<&Certificate> for CertInfo { impl From<&Certificate> for CertInfo {
fn from(cert: &Certificate) -> Self { fn from(cert: &Certificate) -> Self {
let validity = cert
.valid_after_time()
.duration_since(cert.valid_before_time())
.unwrap();
let validity_days = validity.as_secs() / ((60 * 60) * 24);
let host_key = if cert.cert_type().is_host() {
" -h"
} else {
""
};
let opts = cert
.critical_options()
.iter()
.map(|(opt, val)| {
if val.is_empty() {
opt.clone()
} else {
format!("{opt}={val}")
}
})
.map(|arg| format!("-O {arg}"))
.collect::<Vec<_>>()
.join(" ");
let renew_command = format!(
"ssh-keygen -s ./ca_key {host_key} -I {} -n {} -V {validity_days}d {opts}",
cert.key_id(),
cert.valid_principals().join(",")
);
CertInfo { CertInfo {
principals: cert.valid_principals().to_vec(), principals: cert.valid_principals().to_vec(),
ca: cert.signature_key().clone().into(), ca: cert.signature_key().clone().into(),
ca_hash: cert.signature_key().fingerprint(ssh_key::HashAlg::Sha256),
identity: cert.public_key().clone().into(), identity: cert.public_key().clone().into(),
identity_hash: cert.public_key().fingerprint(ssh_key::HashAlg::Sha256),
key_id: cert.key_id().to_string(), key_id: cert.key_id().to_string(),
expiry: cert.valid_before_time(), expiry: cert.valid_before_time(),
renew_command,
} }
} }
} }