add ssh user CA support

2025-06-28 11:04:44 +02:00
parent 4b05458cec
commit af41df6ab4
7 changed files with 172 additions and 77 deletions
--- a/cmd/dkl-local-server/ws-clusters.go
+++ b/cmd/dkl-local-server/ws-clusters.go
@ -121,3 +121,41 @@ func wsClusterSignedCert(req *restful.Request, resp *restful.Response) {
 	resp.AddHeader("Content-Disposition", "attachment; filename="+strconv.Quote(clusterName+"_"+caName+"_"+url.PathEscape(name)+".crt"))
 	resp.Write(kc.Cert)
 }
+
+type SSHSignReq struct {
+	PubKey    string
+	Principal string
+	Validity  string
+	Options   []string
+}
+
+func wsClusterSSHUserCAPubKey(req *restful.Request, resp *restful.Response) {
+	clusterName := req.PathParameter("cluster-name")
+
+	pubkey, err := sshCAPubKey(clusterName)
+	if err != nil {
+		wsError(resp, err)
+		return
+	}
+
+	resp.Write(pubkey)
+}
+
+func wsClusterSSHUserCASign(req *restful.Request, resp *restful.Response) {
+	clusterName := req.PathParameter("cluster-name")
+
+	signReq := SSHSignReq{}
+	err := req.ReadEntity(&signReq)
+	if err != nil {
+		wsError(resp, err)
+		return
+	}
+
+	cert, err := sshCASign(clusterName, []byte(signReq.PubKey), signReq.Principal, signReq.Validity, signReq.Options...)
+	if err != nil {
+		wsError(resp, err)
+		return
+	}
+
+	resp.Write(cert)
+}